Malware Analysis Report

2024-11-13 14:48

Sample ID 240402-mlafmsfe53
Target 8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118
SHA256 0305e8d7c8cdb67c1d10da43ab90c85b5fbe664054b94c964d33f7115a08e42f
Tags
fakeav spyware fakeav persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0305e8d7c8cdb67c1d10da43ab90c85b5fbe664054b94c964d33f7115a08e42f

Threat Level: Known bad

The file 8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

fakeav spyware fakeav persistence

FakeAV, RogueAntivirus

Fakeav family

FakeAV payload

FakeAV payload

Sets file execution options in registry

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-02 10:32

Signatures

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A

Fakeav family

fakeav

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-02 10:32

Reported

2024-04-02 10:35

Platform

win7-20240221-en

Max time kernel

126s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Windows\SysWOW64\lssmon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\lssmon.exe C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\lssmon.exe C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\lssmon.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3020 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3020 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3020 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3020 wrote to memory of 1984 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1984 wrote to memory of 2156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1984 wrote to memory of 2156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1984 wrote to memory of 2156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1984 wrote to memory of 2156 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2156 wrote to memory of 1284 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2156 wrote to memory of 1284 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2156 wrote to memory of 1284 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2156 wrote to memory of 1284 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3020 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 3020 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 3020 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 3020 wrote to memory of 2088 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1284 wrote to memory of 2596 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1284 wrote to memory of 2596 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1284 wrote to memory of 2596 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1284 wrote to memory of 2596 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2596 wrote to memory of 2536 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2596 wrote to memory of 2536 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2596 wrote to memory of 2536 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2596 wrote to memory of 2536 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2584 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2584 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2584 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2584 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2740 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2740 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2740 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2740 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2744 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2744 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2744 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2744 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2536 wrote to memory of 2800 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2536 wrote to memory of 2800 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2536 wrote to memory of 2800 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2536 wrote to memory of 2800 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2088 wrote to memory of 2788 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2088 wrote to memory of 2788 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2088 wrote to memory of 2788 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2088 wrote to memory of 2788 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2740 wrote to memory of 1188 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2740 wrote to memory of 1188 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2740 wrote to memory of 1188 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2740 wrote to memory of 1188 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2584 wrote to memory of 1120 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2584 wrote to memory of 1120 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2584 wrote to memory of 1120 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2584 wrote to memory of 1120 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2744 wrote to memory of 1608 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2744 wrote to memory of 1608 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2744 wrote to memory of 1608 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2744 wrote to memory of 1608 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1188 wrote to memory of 784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1188 wrote to memory of 784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1188 wrote to memory of 784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1188 wrote to memory of 784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2800 wrote to memory of 268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2800 wrote to memory of 268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2800 wrote to memory of 268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2800 wrote to memory of 268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 336

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

N/A

Files

memory/3020-0-0x0000000000100000-0x0000000000101000-memory.dmp

\Windows\SysWOW64\srtsrv32.exe

MD5 3e9cf2fa9956ca4f7aef10bf676c7efb
SHA1 c985d2e9449d9444c427c112c77d301000effacd
SHA256 140dbe07cbdc4eb9edfe14867eba67d2314fa8dc194824637c4637bf961b2a7e
SHA512 c60bc4fcfd45ca5109e33bb0d238eb8b309c13ec4b55dc8ab9a549606859df14183cab4caf9ddda6acdd180058a048be61d06ee43f410470e63a20cc85654020

\Windows\SysWOW64\lssmon.exe

MD5 f14ff687163dae82b0a0062bfbe81226
SHA1 3d23db88511f3afaef87811e2c090300fb304066
SHA256 2ab026c72e22fba9c3f9474364cfabe8f9064b1260eac48c7cf004c2fed292ff
SHA512 05d3b5c3294a93667ca82f9b9aa6ac8d9252b8b7bcbe7410e08588f9941e732ce078d23ff47f5e60b7515cc588924b238ce5c72034bf6253c181b376037663e4

memory/3020-41-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/2088-50-0x0000000000190000-0x0000000000191000-memory.dmp

memory/2088-864-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/1308-2491-0x0000000002050000-0x0000000002058000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-02 10:32

Reported

2024-04-02 10:35

Platform

win10v2004-20240226-en

Max time kernel

128s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1508 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1508 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 1508 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2820 wrote to memory of 3504 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2820 wrote to memory of 3504 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2820 wrote to memory of 3504 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1508 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1508 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 1508 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe C:\Windows\SysWOW64\lssmon.exe
PID 3504 wrote to memory of 1868 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3504 wrote to memory of 1868 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3504 wrote to memory of 1868 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1868 wrote to memory of 3656 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1868 wrote to memory of 3656 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1868 wrote to memory of 3656 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3656 wrote to memory of 1688 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3656 wrote to memory of 1688 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3656 wrote to memory of 1688 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1688 wrote to memory of 4760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1688 wrote to memory of 4760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1688 wrote to memory of 4760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4760 wrote to memory of 4704 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4760 wrote to memory of 4704 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4760 wrote to memory of 4704 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4704 wrote to memory of 1588 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4704 wrote to memory of 1588 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4704 wrote to memory of 1588 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1588 wrote to memory of 1660 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1588 wrote to memory of 1660 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1588 wrote to memory of 1660 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1660 wrote to memory of 3332 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1660 wrote to memory of 3332 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1660 wrote to memory of 3332 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3332 wrote to memory of 1716 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3332 wrote to memory of 1716 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3332 wrote to memory of 1716 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1716 wrote to memory of 4104 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1716 wrote to memory of 4104 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1716 wrote to memory of 4104 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4104 wrote to memory of 756 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4104 wrote to memory of 756 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4104 wrote to memory of 756 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 756 wrote to memory of 3492 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 756 wrote to memory of 3492 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 756 wrote to memory of 3492 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3492 wrote to memory of 220 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3492 wrote to memory of 220 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3492 wrote to memory of 220 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 220 wrote to memory of 3224 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 220 wrote to memory of 3224 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 220 wrote to memory of 3224 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3224 wrote to memory of 1784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3224 wrote to memory of 1784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3224 wrote to memory of 1784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1784 wrote to memory of 5076 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1784 wrote to memory of 5076 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1784 wrote to memory of 5076 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5076 wrote to memory of 2728 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5076 wrote to memory of 2728 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5076 wrote to memory of 2728 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2728 wrote to memory of 2268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2728 wrote to memory of 2268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2728 wrote to memory of 2268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2268 wrote to memory of 4376 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8a279ea8a4ac33c8c0a5bc21e21aa415_JaffaCakes118.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 218.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 161.111.86.104.in-addr.arpa udp
US 8.8.8.8:53 49.192.11.51.in-addr.arpa udp

Files

memory/1508-0-0x0000000002130000-0x0000000002131000-memory.dmp

C:\Windows\SysWOW64\srtsrv32.exe

MD5 125cc853bba09b8ac21febfccc459b39
SHA1 156d676c25f15210f9355c030430f554c60d5611
SHA256 af2a8d45050d6742eb55a7bfd2c26dc171412a2fe5ce33d43ccc2d2aaceb5e15
SHA512 3bb1377cf125d40f53e0e50136dfc599ca931586e43876b2f5cfb7d9584d818b4c17f900226eae7786f27402d689459876f0612f7775ea30a2a364d672f974e1

C:\Windows\SysWOW64\lssmon.exe

MD5 cf75edbeacbdbe094a0f59830e6d6e53
SHA1 9831aa8b3c13a9140ea155860efa6c6e57ca9f5a
SHA256 5d55c4c7f845bf151fe561dd86fa46fdc8b18b6b845aa72336b3d58172957abd
SHA512 66c5bafdf7cf08980672404aceb92417f6398e6d37938a9d0a12451797374cc5a43c0874a7b4acd729c1b551b4e9775ce72cdb366de93087e7f1be1c117ec75b

memory/1788-34-0x0000000000630000-0x0000000000631000-memory.dmp

memory/1508-33-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/1788-35-0x0000000000400000-0x00000000004C1000-memory.dmp

C:\Windows\SysWOW64\spool.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e