Malware Analysis Report

2024-11-13 14:49

Sample ID 240330-lp6gtadc98
Target 3966c8f0839745379898f04dc8194049_JaffaCakes118
SHA256 e8e30a0e99e787799037d8719400f60f236b90f2b3e418db9997ba8571071563
Tags
fakeav spyware fakeav persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e8e30a0e99e787799037d8719400f60f236b90f2b3e418db9997ba8571071563

Threat Level: Known bad

The file 3966c8f0839745379898f04dc8194049_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

fakeav spyware fakeav persistence

FakeAV payload

Fakeav family

FakeAV, RogueAntivirus

FakeAV payload

Sets file execution options in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-30 09:43

Signatures

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A

Fakeav family

fakeav

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-30 09:43

Reported

2024-03-30 09:46

Platform

win7-20240221-en

Max time kernel

6s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Windows\SysWOW64\lssmon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\lssmon.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1724 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1724 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1724 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1724 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1724 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1724 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1724 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1724 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2872 wrote to memory of 2556 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2872 wrote to memory of 2556 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2872 wrote to memory of 2556 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2872 wrote to memory of 2556 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2556 wrote to memory of 2476 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2556 wrote to memory of 2476 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2556 wrote to memory of 2476 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2556 wrote to memory of 2476 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2732 wrote to memory of 2496 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2496 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2496 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2496 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2468 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2732 wrote to memory of 2468 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2732 wrote to memory of 2468 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2732 wrote to memory of 2468 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2732 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2524 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2732 wrote to memory of 2360 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2732 wrote to memory of 2360 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2732 wrote to memory of 2360 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2732 wrote to memory of 2360 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2476 wrote to memory of 2436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2476 wrote to memory of 2436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2476 wrote to memory of 2436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2476 wrote to memory of 2436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2496 wrote to memory of 2968 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2496 wrote to memory of 2968 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2496 wrote to memory of 2968 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2496 wrote to memory of 2968 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2796 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2796 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2796 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2524 wrote to memory of 2796 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2468 wrote to memory of 2812 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2468 wrote to memory of 2812 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2468 wrote to memory of 2812 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2468 wrote to memory of 2812 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2436 wrote to memory of 400 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2436 wrote to memory of 400 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2436 wrote to memory of 400 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2436 wrote to memory of 400 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2968 wrote to memory of 1904 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2968 wrote to memory of 1904 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2968 wrote to memory of 1904 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2968 wrote to memory of 1904 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2796 wrote to memory of 1572 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2812 wrote to memory of 2424 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2812 wrote to memory of 2424 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2812 wrote to memory of 2424 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2812 wrote to memory of 2424 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 524

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

N/A

Files

memory/1724-0-0x0000000000170000-0x0000000000171000-memory.dmp

\Windows\SysWOW64\srtsrv32.exe

MD5 c465c9ddcd9703156181631548a8c782
SHA1 389cc81bc6e3ebfadbd8f5722f1b376504757e03
SHA256 01c7f6d23893ddbcbf48d7ee37235c3c2843b00cadeda0bbcc669573d18bc30c
SHA512 caa1b57fb1df1cbe1444ff491a69c80b6ba817b7e82620bb4bfd0673dd5bb3a3b7766435d670e9093e6eaf0ff1e4596a0fc66bb98dba78ab8623716ad917c46a

\Windows\SysWOW64\lssmon.exe

MD5 2f173e83e23fefaf4efe38a0c88d748b
SHA1 1b6d0f32321dc8ce3c82ce496d3fd6486aa17592
SHA256 d32c22afce60b66dc562bccc707fd33c727ceea5bc88cbd1956d226956709a2c
SHA512 e35eab85b3b4db6be9bd5e3887a43a9b9cc25a188864199125ad23657d42bb03c4166afd30f8867324d1c5c5bb77d0870664e322b692058813a46f344ee5bec9

memory/2732-23-0x00000000002F0000-0x00000000002F1000-memory.dmp

memory/1724-22-0x0000000000400000-0x00000000004C1000-memory.dmp

C:\Program Files (x86)\Internet Explorer\iexplor.exe

MD5 adc7b1becdd2018221d87b7cf738d89d
SHA1 5bbd8784574e8ac60e6fec0413b02408bf55fb04
SHA256 7cbfbbb179dc77b97d6442ad947cd93a23a723900a5d15c0d905b2cd16faa243
SHA512 0e2e93afef64f35def8f72ef7df2e9c8ecba338928ddf02e0f8b2e8ee94c689679c8be86d0ee8ec9cb7faf592889a127c22eacd14dd21cf3b487ddd32f9b5495

C:\Windows\SysWOW64\spool.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1696-760-0x0000000002050000-0x0000000002145000-memory.dmp

memory/2732-1694-0x0000000000400000-0x00000000004C1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-30 09:43

Reported

2024-03-30 09:46

Platform

win10v2004-20240226-en

Max time kernel

138s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2028 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2028 wrote to memory of 1956 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2028 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2028 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 2028 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1956 wrote to memory of 336 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1956 wrote to memory of 336 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1956 wrote to memory of 336 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 336 wrote to memory of 3140 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 336 wrote to memory of 3140 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 336 wrote to memory of 3140 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3140 wrote to memory of 3004 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3140 wrote to memory of 3004 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3140 wrote to memory of 3004 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3004 wrote to memory of 1564 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3004 wrote to memory of 1564 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3004 wrote to memory of 1564 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1564 wrote to memory of 4020 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1564 wrote to memory of 4020 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1564 wrote to memory of 4020 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4020 wrote to memory of 1336 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4020 wrote to memory of 1336 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4020 wrote to memory of 1336 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1336 wrote to memory of 1004 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1336 wrote to memory of 1004 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1336 wrote to memory of 1004 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1004 wrote to memory of 3056 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1004 wrote to memory of 3056 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1004 wrote to memory of 3056 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3056 wrote to memory of 3248 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3056 wrote to memory of 3248 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3056 wrote to memory of 3248 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3248 wrote to memory of 1172 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3248 wrote to memory of 1172 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3248 wrote to memory of 1172 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1172 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1172 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1172 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2916 wrote to memory of 812 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2916 wrote to memory of 812 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2916 wrote to memory of 812 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 812 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 812 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 812 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 3968 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\System32\Conhost.exe
PID 1928 wrote to memory of 3968 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\System32\Conhost.exe
PID 1928 wrote to memory of 3968 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\System32\Conhost.exe
PID 3968 wrote to memory of 4152 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3968 wrote to memory of 4152 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3968 wrote to memory of 4152 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4152 wrote to memory of 3680 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4152 wrote to memory of 3680 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4152 wrote to memory of 3680 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3680 wrote to memory of 4044 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3680 wrote to memory of 4044 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3680 wrote to memory of 4044 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4044 wrote to memory of 5008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4044 wrote to memory of 5008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4044 wrote to memory of 5008 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5008 wrote to memory of 3156 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5008 wrote to memory of 3156 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5008 wrote to memory of 3156 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3156 wrote to memory of 1528 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\3966c8f0839745379898f04dc8194049_JaffaCakes118.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 41.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 219.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

memory/2028-0-0x0000000002030000-0x0000000002031000-memory.dmp

C:\Windows\SysWOW64\srtsrv32.exe

MD5 fac7e80459c0a504a203037c74f9d27d
SHA1 a8a898ecdc5281f1769818bd596ddd9d2dd0c67e
SHA256 cba5c4b66171209a965ec2845b5cc081e000083071469a7995be07e23834e9ca
SHA512 23a9af71d0da3c858828a3aa620214315eb6d5b94ea08a4b6280e39e4749c192169a25f1df546e6fa50478976cd0b2916ef5fc1c3e84e68a9a090b1d9f361b70

C:\Windows\SysWOW64\lssmon.exe

MD5 d0bcca4563c105b774c719028405f347
SHA1 a833bc59157bc244ddaa00bfaeb3800e754acc9b
SHA256 3045cebe7d58d14ca0a663098b33789170183bc1581ac833cbe435d5797fe724
SHA512 61e5b8b667eb3ecf25ed0bacc13c43e483c34c983edb43746e58223ad1c9466c4757ca4557be03f03faeb7079c502b26c77e2ead64268f5218c165e6662b78ec

memory/5000-22-0x0000000002020000-0x0000000002021000-memory.dmp

memory/2028-23-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/5000-35-0x0000000000400000-0x00000000004C1000-memory.dmp