Device\NamedPipe\lsass
parent application:C:\WINDOWS\system32\lsass.exe
registry:HKEY_LOCAL_MACHINE\SECURITY\RXACT\Log
testing program:
(:KWL)
at each operation it asks whether to grant it access or not… as shown in the screen shot
[attachment deleted by admin]