Malware Analysis Report

2024-11-13 14:49

Sample ID 240330-dfzznsgd26
Target 31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118
SHA256 ca85703c7be548920c84f7672b7dc669be5733351b878d594df0c8af343bb5ea
Tags
fakeav spyware fakeav persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ca85703c7be548920c84f7672b7dc669be5733351b878d594df0c8af343bb5ea

Threat Level: Known bad

The file 31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

fakeav spyware fakeav persistence

FakeAV, RogueAntivirus

FakeAV payload

Fakeav family

FakeAV payload

Sets file execution options in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-30 02:57

Signatures

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A

Fakeav family

fakeav

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-30 02:57

Reported

2024-03-30 03:00

Platform

win7-20240221-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Windows\SysWOW64\lssmon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\lssmon.exe C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\srtsrv32.exe C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\lssmon.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2744 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2744 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2744 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2744 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2744 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2744 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2744 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2744 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2700 wrote to memory of 2560 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2700 wrote to memory of 2560 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2700 wrote to memory of 2560 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2700 wrote to memory of 2560 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2624 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2624 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2624 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2624 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2560 wrote to memory of 2672 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2560 wrote to memory of 2672 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2560 wrote to memory of 2672 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2560 wrote to memory of 2672 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2624 wrote to memory of 2432 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2432 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2432 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2432 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2460 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2460 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2460 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 2460 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2624 wrote to memory of 1988 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2624 wrote to memory of 1988 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2624 wrote to memory of 1988 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2624 wrote to memory of 1988 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2524 wrote to memory of 2620 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2620 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2620 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2620 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2672 wrote to memory of 340 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2672 wrote to memory of 340 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2672 wrote to memory of 340 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2672 wrote to memory of 340 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2432 wrote to memory of 1156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2432 wrote to memory of 1156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2432 wrote to memory of 1156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2432 wrote to memory of 1156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2460 wrote to memory of 580 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2460 wrote to memory of 580 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2460 wrote to memory of 580 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2460 wrote to memory of 580 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1156 wrote to memory of 2008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1156 wrote to memory of 2008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1156 wrote to memory of 2008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1156 wrote to memory of 2008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 340 wrote to memory of 1940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 340 wrote to memory of 1940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 340 wrote to memory of 1940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 340 wrote to memory of 1940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 580 wrote to memory of 1796 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 580 wrote to memory of 1796 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 580 wrote to memory of 1796 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 580 wrote to memory of 1796 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2620 wrote to memory of 2000 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2620 wrote to memory of 2000 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2620 wrote to memory of 2000 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2620 wrote to memory of 2000 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 516

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

N/A

Files

memory/2744-0-0x00000000002F0000-0x00000000002F1000-memory.dmp

\Windows\SysWOW64\srtsrv32.exe

MD5 2c5b9c67dd609cf92ad2df96466b9bba
SHA1 863b319fc5794c1d603ea318345cbb0445179393
SHA256 4a278870d90edc846bbaefb81f1f70583c33a64115761aac6b4a8bd5d15f1f43
SHA512 07b39d0b7350e2d5806a881c9bbf5980941d0152e712f6111888eb1cb797e9f0d3046b97097135cc755c9a556f397abbcc7d5abfaaa69d113600bc9a74913769

C:\Windows\SysWOW64\lssmon.exe

MD5 bfc9ef11be9445b2bbd0246cb3f067b5
SHA1 8062170dddc8b4be5f52e251f070033edf54a4ea
SHA256 af079a449a9b9626a5c094af1a9bd7a3085b12290c0df5dc41e81bd754efa7c1
SHA512 8d5db848b4a731fc7b18cee7473d03487fe7bd00dfa0e0b461a1a9b3dac9e97528fe22c6f776c8a56b51cdf587ae88a8b7f7d2d8582e41205424087b4da09294

memory/2744-22-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/2624-26-0x0000000000100000-0x0000000000101000-memory.dmp

memory/2624-688-0x0000000000400000-0x00000000004C1000-memory.dmp

C:\Windows\SysWOW64\spool.exe

MD5 adc7b1becdd2018221d87b7cf738d89d
SHA1 5bbd8784574e8ac60e6fec0413b02408bf55fb04
SHA256 7cbfbbb179dc77b97d6442ad947cd93a23a723900a5d15c0d905b2cd16faa243
SHA512 0e2e93afef64f35def8f72ef7df2e9c8ecba338928ddf02e0f8b2e8ee94c689679c8be86d0ee8ec9cb7faf592889a127c22eacd14dd21cf3b487ddd32f9b5495

memory/1976-3169-0x0000000000300000-0x0000000000308000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-30 02:57

Reported

2024-03-30 03:00

Platform

win10v2004-20240226-en

Max time kernel

32s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\srtsrv32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\srtsrv32.exe C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3128 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3128 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3128 wrote to memory of 1128 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3128 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 3128 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 3128 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1128 wrote to memory of 4952 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1128 wrote to memory of 4952 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1128 wrote to memory of 4952 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4952 wrote to memory of 4360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4952 wrote to memory of 4360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4952 wrote to memory of 4360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4360 wrote to memory of 4448 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4360 wrote to memory of 4448 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4360 wrote to memory of 4448 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4448 wrote to memory of 3516 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4448 wrote to memory of 3516 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4448 wrote to memory of 3516 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3516 wrote to memory of 2344 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3516 wrote to memory of 2344 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3516 wrote to memory of 2344 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2344 wrote to memory of 4692 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2344 wrote to memory of 4692 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2344 wrote to memory of 4692 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4692 wrote to memory of 2300 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4692 wrote to memory of 2300 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4692 wrote to memory of 2300 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2300 wrote to memory of 3872 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2300 wrote to memory of 3872 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2300 wrote to memory of 3872 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3872 wrote to memory of 2252 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3872 wrote to memory of 2252 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3872 wrote to memory of 2252 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2252 wrote to memory of 3176 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2252 wrote to memory of 3176 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2252 wrote to memory of 3176 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3176 wrote to memory of 4984 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3176 wrote to memory of 4984 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3176 wrote to memory of 4984 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4984 wrote to memory of 3184 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4984 wrote to memory of 3184 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4984 wrote to memory of 3184 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3184 wrote to memory of 4524 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3184 wrote to memory of 4524 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3184 wrote to memory of 4524 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4524 wrote to memory of 5104 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4524 wrote to memory of 5104 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4524 wrote to memory of 5104 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5104 wrote to memory of 2384 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5104 wrote to memory of 2384 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5104 wrote to memory of 2384 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2384 wrote to memory of 4864 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2384 wrote to memory of 4864 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2384 wrote to memory of 4864 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4864 wrote to memory of 5016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4864 wrote to memory of 5016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4864 wrote to memory of 5016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5016 wrote to memory of 1944 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5016 wrote to memory of 1944 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5016 wrote to memory of 1944 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1944 wrote to memory of 3016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1944 wrote to memory of 3016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1944 wrote to memory of 3016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3016 wrote to memory of 4744 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\31d7c4311faf8266e8cfc6b53d212adb_JaffaCakes118.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4748 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

memory/3128-0-0x0000000002140000-0x0000000002141000-memory.dmp

C:\Windows\SysWOW64\srtsrv32.exe

MD5 c0877a95e351bfc8189e5544982d314d
SHA1 464e8e34ad62bd667d0b953d8703c900246e426e
SHA256 b7c766f59f8bd162a3b2dc6fb74c24f77e247f0c3f4cbb718c25894e20c0643e
SHA512 d16c58e4a896bbb2b100e3e77614b701ccd4e452da7ee9fc238cc6d38eeaa0fecdf40163de505c56b64491bb74af17dce58e70a35a47ad97181ae1f8cf0cb779

C:\Windows\SysWOW64\lssmon.exe

MD5 42ca2fa69061327291422458fc0b3b4c
SHA1 7c6722605a9fe521ba79c08cd85ff4d5e33ea7b0
SHA256 ee253d0554cc4a2f4bd1515245828c7add7e093a68ea0a929882a6f95a37aae3
SHA512 31623b4da6d5df6d0e6a390fa068583c3f8fb795060963a6382436e4fb8bf48ea4daa82ea632aacfacfa3b4b65d21b53aa78ab08eff735f74d9e9e80d73a7546

memory/3500-22-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

memory/3500-24-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/3128-26-0x0000000000400000-0x00000000004C1000-memory.dmp

C:\Windows\SysWOW64\spool.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e