88e2ce9606dee00f972a705a939bf3b1fdd5e6870757cd27f820efa00798432c

Analysis

max time kernel
116s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe
Size

6.1MB
MD5

b6996f1307bf63655e005fbd11665cab
SHA1

de837b07acd5f03db04ffe9b95cb2293dfa5c529
SHA256

88e2ce9606dee00f972a705a939bf3b1fdd5e6870757cd27f820efa00798432c
SHA512

83308f72939312279fec986609ff508a2936847a7339fdfa40a45a7d4494cda8503fb16428d550bef220839d2f4e788e3fe54b755ebb28968de74111ba5db8ab
SSDEEP

98304:8zsVLT0V6JYlrI4REFGsRNxqsMzC+IyK+zxYvM1djrUab1MZpr8hD8PF3admsR2l:8i9JQDENY9V+M3Ug0MNxo00AfW96m

Score

10^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	6000	2388	Process not Found	129

Modifies Windows Firewall 2 TTPs 64 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5328	Process not Found
2464	Process not Found
880	netsh.exe
5284	netsh.exe
4848	netsh.exe
5360	Process not Found
5232	Process not Found
5132	Process not Found
3320	Process not Found
1884	netsh.exe
2528	netsh.exe
5148	Process not Found
6816	Process not Found
7084	Process not Found
6024	Process not Found
5200	Process not Found
1660	Process not Found
5156	Process not Found
6208	Process not Found
2876	netsh.exe
2120	netsh.exe
5612	Process not Found
5288	Process not Found
5232	Process not Found
4112	netsh.exe
4656	netsh.exe
3364	netsh.exe
5088	netsh.exe
2864	netsh.exe
6016	netsh.exe
5540	netsh.exe
4772	Process not Found
6716	Process not Found
6280	Process not Found
3312	Process not Found
5492	Process not Found
2296	Process not Found
2456	netsh.exe
1432	netsh.exe
5652	netsh.exe
4472	Process not Found
4732	Process not Found
5684	Process not Found
5776	Process not Found
5776	Process not Found
3192	netsh.exe
4112	netsh.exe
5196	netsh.exe
5708	netsh.exe
5616	Process not Found
4480	netsh.exe
2248	netsh.exe
2748	Process not Found
5804	Process not Found
6900	Process not Found
4640	netsh.exe
2528	netsh.exe
2036	netsh.exe
5828	netsh.exe
4524	netsh.exe
4684	netsh.exe
1564	netsh.exe
5696	netsh.exe
5492	Process not Found

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	Install.exe
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe

Executes dropped EXE 64 IoCs

pid	Process
2868	Fbot.exe
2192	Fbot.exe
2008	Install.exe
408	ri0t.exe
1588	ri0t.exe
3604	svchosts.exe
4508	ri0t.exe
4936	svchosts.exe
3708	ri0t.exe
4412	ri0t.exe
2752	ri0t.exe
2100	ri0t.exe
2868	ri0t.exe
3612	ri0t.exe
960	ri0t.exe
3568	ri0t.exe
1752	ri0t.exe
4528	ri0t.exe
4612	ri0t.exe
4784	ri0t.exe
5104	ri0t.exe
568	ri0t.exe
4368	ri0t.exe
1784	ri0t.exe
2472	ri0t.exe
2712	ri0t.exe
4608	ri0t.exe
3036	ri0t.exe
2380	ri0t.exe
1596	ri0t.exe
1236	ri0t.exe
4536	ri0t.exe
1800	ri0t.exe
2968	ri0t.exe
2552	ri0t.exe
3968	ri0t.exe
4552	ri0t.exe
1884	ri0t.exe
4308	ri0t.exe
864	ri0t.exe
4460	ri0t.exe
2700	ri0t.exe
888	ri0t.exe
2044	ri0t.exe
3752	ri0t.exe
4516	ri0t.exe
3568	ri0t.exe
2196	ri0t.exe
4428	ri0t.exe
5084	ri0t.exe
2520	ri0t.exe
2032	ri0t.exe
2704	ri0t.exe
4384	ri0t.exe
1992	ri0t.exe
1908	ri0t.exe
2456	ri0t.exe
2952	ri0t.exe
2152	ri0t.exe
1808	ri0t.exe
4400	ri0t.exe
3660	ri0t.exe
3552	ri0t.exe
1864	ri0t.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File created	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	Process not Found
File created	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File created	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File created	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File created	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	svchosts.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	Process not Found
File created	C:\Windows\SysWOW64\svchosts.exe	Fbot.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	Fbot.exe
File opened for modification	C:\Windows\SysWOW64\svchosts.exe	Process not Found
File created	C:\Windows\SysWOW64\svchosts.exe	Process not Found
File created	C:\Windows\SysWOW64\svchosts.exe	Process not Found
File created	C:\Windows\SysWOW64\svchosts.exe	Process not Found

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2868 set thread context of 2192	2868	Fbot.exe	90
PID 408 set thread context of 1588	408	ri0t.exe	92
PID 3604 set thread context of 4936	3604	svchosts.exe	96
PID 4508 set thread context of 3708	4508	ri0t.exe	97
PID 4412 set thread context of 2752	4412	ri0t.exe	102
PID 2100 set thread context of 2868	2100	ri0t.exe	105
PID 3612 set thread context of 960	3612	ri0t.exe	111
PID 3568 set thread context of 1752	3568	ri0t.exe	114
PID 4528 set thread context of 4612	4528	ri0t.exe	117
PID 4784 set thread context of 5104	4784	ri0t.exe	120
PID 568 set thread context of 4368	568	ri0t.exe	123
PID 1784 set thread context of 2472	1784	ri0t.exe	127
PID 2712 set thread context of 4608	2712	ri0t.exe	131
PID 3036 set thread context of 2380	3036	ri0t.exe	134
PID 1596 set thread context of 1236	1596	ri0t.exe	137
PID 4536 set thread context of 1800	4536	ri0t.exe	140
PID 2968 set thread context of 2552	2968	ri0t.exe	143
PID 3968 set thread context of 4552	3968	ri0t.exe	146
PID 1884 set thread context of 4308	1884	ri0t.exe	149
PID 864 set thread context of 4460	864	ri0t.exe	152
PID 2700 set thread context of 888	2700	ri0t.exe	155
PID 2044 set thread context of 3752	2044	ri0t.exe	158
PID 4516 set thread context of 3568	4516	ri0t.exe	161
PID 2196 set thread context of 4428	2196	ri0t.exe	164
PID 5084 set thread context of 2520	5084	ri0t.exe	167
PID 2032 set thread context of 2704	2032	ri0t.exe	171
PID 4384 set thread context of 1992	4384	ri0t.exe	174
PID 1908 set thread context of 2456	1908	ri0t.exe	177
PID 2952 set thread context of 2152	2952	ri0t.exe	180
PID 1808 set thread context of 4400	1808	ri0t.exe	183
PID 3660 set thread context of 3552	3660	ri0t.exe	186
PID 1864 set thread context of 2100	1864	ri0t.exe	189
PID 5088 set thread context of 3744	5088	ri0t.exe	192
PID 3668 set thread context of 4408	3668	ri0t.exe	195
PID 4212 set thread context of 1596	4212	ri0t.exe	198
PID 1988 set thread context of 4816	1988	ri0t.exe	201
PID 892 set thread context of 4664	892	ri0t.exe	204
PID 1240 set thread context of 944	1240	ri0t.exe	207
PID 2952 set thread context of 3616	2952	ri0t.exe	210
PID 1864 set thread context of 3232	1864	ri0t.exe	218
PID 2604 set thread context of 4360	2604	ri0t.exe	221
PID 736 set thread context of 4416	736	ri0t.exe	224
PID 4656 set thread context of 5052	4656	ri0t.exe	227
PID 2248 set thread context of 4488	2248	ri0t.exe	230
PID 4864 set thread context of 4052	4864	ri0t.exe	233
PID 2952 set thread context of 2096	2952	ri0t.exe	236
PID 3572 set thread context of 1092	3572	ri0t.exe	242
PID 380 set thread context of 2872	380	ri0t.exe	245
PID 3364 set thread context of 1932	3364	ri0t.exe	248
PID 1764 set thread context of 4164	1764	ri0t.exe	251
PID 2248 set thread context of 2612	2248	ri0t.exe	254
PID 2480 set thread context of 3836	2480	ri0t.exe	257
PID 4784 set thread context of 1784	4784	ri0t.exe	260
PID 1040 set thread context of 3920	1040	ri0t.exe	263
PID 2044 set thread context of 2600	2044	ri0t.exe	266
PID 380 set thread context of 4740	380	ri0t.exe	269
PID 2812 set thread context of 4524	2812	ri0t.exe	272
PID 3884 set thread context of 3492	3884	ri0t.exe	275
PID 2640 set thread context of 4684	2640	ri0t.exe	278
PID 2372 set thread context of 1172	2372	ri0t.exe	281
PID 384 set thread context of 5064	384	ri0t.exe	284
PID 5028 set thread context of 3464	5028	ri0t.exe	287
PID 3264 set thread context of 4500	3264	ri0t.exe	290
PID 568 set thread context of 2196	568	ri0t.exe	293

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	Process not Found

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ri0t.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2868	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	88
PID 2196 wrote to memory of 2868	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	88
PID 2196 wrote to memory of 2868	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	88
PID 2868 wrote to memory of 2192	2868	Fbot.exe	90
PID 2868 wrote to memory of 2192	2868	Fbot.exe	90
PID 2868 wrote to memory of 2192	2868	Fbot.exe	90
PID 2868 wrote to memory of 2192	2868	Fbot.exe	90
PID 2868 wrote to memory of 2192	2868	Fbot.exe	90
PID 2196 wrote to memory of 2008	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	89
PID 2196 wrote to memory of 2008	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	89
PID 2196 wrote to memory of 2008	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	89
PID 2196 wrote to memory of 408	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	91
PID 2196 wrote to memory of 408	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	91
PID 2196 wrote to memory of 408	2196	b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe	91
PID 408 wrote to memory of 1588	408	ri0t.exe	92
PID 408 wrote to memory of 1588	408	ri0t.exe	92
PID 408 wrote to memory of 1588	408	ri0t.exe	92
PID 408 wrote to memory of 1588	408	ri0t.exe	92
PID 408 wrote to memory of 1588	408	ri0t.exe	92
PID 1588 wrote to memory of 2040	1588	ri0t.exe	93
PID 1588 wrote to memory of 2040	1588	ri0t.exe	93
PID 1588 wrote to memory of 2040	1588	ri0t.exe	93
PID 2192 wrote to memory of 3604	2192	Fbot.exe	94
PID 2192 wrote to memory of 3604	2192	Fbot.exe	94
PID 2192 wrote to memory of 3604	2192	Fbot.exe	94
PID 1588 wrote to memory of 4508	1588	ri0t.exe	95
PID 1588 wrote to memory of 4508	1588	ri0t.exe	95
PID 1588 wrote to memory of 4508	1588	ri0t.exe	95
PID 3604 wrote to memory of 4936	3604	svchosts.exe	96
PID 3604 wrote to memory of 4936	3604	svchosts.exe	96
PID 3604 wrote to memory of 4936	3604	svchosts.exe	96
PID 3604 wrote to memory of 4936	3604	svchosts.exe	96
PID 3604 wrote to memory of 4936	3604	svchosts.exe	96
PID 4508 wrote to memory of 3708	4508	ri0t.exe	97
PID 4508 wrote to memory of 3708	4508	ri0t.exe	97
PID 4508 wrote to memory of 3708	4508	ri0t.exe	97
PID 4508 wrote to memory of 3708	4508	ri0t.exe	97
PID 4508 wrote to memory of 3708	4508	ri0t.exe	97
PID 3708 wrote to memory of 4488	3708	ri0t.exe	98
PID 3708 wrote to memory of 4488	3708	ri0t.exe	98
PID 3708 wrote to memory of 4488	3708	ri0t.exe	98
PID 3708 wrote to memory of 4412	3708	ri0t.exe	99
PID 3708 wrote to memory of 4412	3708	ri0t.exe	99
PID 3708 wrote to memory of 4412	3708	ri0t.exe	99
PID 2008 wrote to memory of 4572	2008	Install.exe	100
PID 2008 wrote to memory of 4572	2008	Install.exe	100
PID 2008 wrote to memory of 4572	2008	Install.exe	100
PID 4412 wrote to memory of 2752	4412	ri0t.exe	102
PID 4412 wrote to memory of 2752	4412	ri0t.exe	102
PID 4412 wrote to memory of 2752	4412	ri0t.exe	102
PID 4412 wrote to memory of 2752	4412	ri0t.exe	102
PID 4412 wrote to memory of 2752	4412	ri0t.exe	102
PID 2752 wrote to memory of 3776	2752	ri0t.exe	103
PID 2752 wrote to memory of 3776	2752	ri0t.exe	103
PID 2752 wrote to memory of 3776	2752	ri0t.exe	103
PID 2752 wrote to memory of 2100	2752	ri0t.exe	104
PID 2752 wrote to memory of 2100	2752	ri0t.exe	104
PID 2752 wrote to memory of 2100	2752	ri0t.exe	104
PID 2100 wrote to memory of 2868	2100	ri0t.exe	105
PID 2100 wrote to memory of 2868	2100	ri0t.exe	105
PID 2100 wrote to memory of 2868	2100	ri0t.exe	105
PID 2100 wrote to memory of 2868	2100	ri0t.exe	105
PID 2100 wrote to memory of 2868	2100	ri0t.exe	105
PID 2868 wrote to memory of 3048	2868	ri0t.exe	106

C:\Users\Admin\AppData\Local\Temp\b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b6996f1307bf63655e005fbd11665cab_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\tempalbert\Fbot.exe
  "C:\Users\Admin\AppData\Local\Temp\tempalbert\Fbot.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\tempalbert\Fbot.exe
    C:\Users\Admin\AppData\Local\Temp\tempalbert\Fbot.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Windows\SysWOW64\svchosts.exe
      C:\Windows\system32\svchosts.exe 1048 "C:\Users\Admin\AppData\Local\Temp\tempalbert\Fbot.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:3604
    - - C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\SysWOW64\svchosts.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4936
      - C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\system32\svchosts.exe 1148 "C:\Windows\SysWOW64\svchosts.exe"
        6⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\SysWOW64\svchosts.exe
        7⤵
        Drops file in System32 directory
        
        PID:2920
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\system32\svchosts.exe 1124 "C:\Windows\SysWOW64\svchosts.exe"
        8⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\SysWOW64\svchosts.exe
        9⤵
        Drops file in System32 directory
        
        PID:1684
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\system32\svchosts.exe 1124 "C:\Windows\SysWOW64\svchosts.exe"
        10⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\SysWOW64\svchosts.exe
        11⤵
        Drops file in System32 directory
        
        PID:2700
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\system32\svchosts.exe 1124 "C:\Windows\SysWOW64\svchosts.exe"
        12⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\svchosts.exe
        
        C:\Windows\SysWOW64\svchosts.exe
        13⤵
        Drops file in System32 directory
        
        PID:5720
- C:\Users\Admin\AppData\Local\Temp\tempalbert\Install.exe
  "C:\Users\Admin\AppData\Local\Temp\tempalbert\Install.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\Windows Vista SP2 Activator v2.0 By CLoNY.bat" "
    3⤵
    PID:4572
  - - C:\Windows\SysWOW64\choice.exe
      CHOICE /C ABCDEFGHIJKLMNOPQRSTUVWXYZ /N /M "Which SLIC would you like to install?"
      4⤵
      PID:876
- C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
  "C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:408
- - C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
    C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Windows\SysWOW64\netsh.exe
      netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
      C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3708
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2868
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        11⤵
        Executes dropped EXE
        
        PID:960
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        12⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        13⤵
        Executes dropped EXE
        
        PID:1752
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        15⤵
        Executes dropped EXE
        
        PID:4612
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        16⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        17⤵
        Executes dropped EXE
        
        PID:5104
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        18⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4368
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        20⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        21⤵
        Executes dropped EXE
        
        PID:2472
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        22⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        23⤵
        Executes dropped EXE
        
        PID:4608
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        24⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        25⤵
        Executes dropped EXE
        
        PID:2380
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        26⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        27⤵
        Executes dropped EXE
        
        PID:1236
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        28⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        29⤵
        Executes dropped EXE
        
        PID:1800
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        30⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        31⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        32⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        33⤵
        Executes dropped EXE
        
        PID:4552
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        34⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        35⤵
        Executes dropped EXE
        
        PID:4308
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        36⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        37⤵
        Executes dropped EXE
        
        PID:4460
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        38⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        39⤵
        Executes dropped EXE
        
        PID:888
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        40⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        41⤵
        Executes dropped EXE
        
        PID:3752
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        42⤵
        Modifies Windows Firewall
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        43⤵
        Executes dropped EXE
        
        PID:3568
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        44⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        45⤵
        Executes dropped EXE
        
        PID:4428
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        46⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        47⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        48⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        49⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        50⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        50⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        51⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        52⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        52⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        53⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        54⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        54⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        55⤵
        Executes dropped EXE
        
        PID:2152
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        56⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        57⤵
        Executes dropped EXE
        
        PID:4400
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        58⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        58⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        59⤵
        Executes dropped EXE
        
        PID:3552
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        60⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        60⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        61⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        62⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        62⤵
        Suspicious use of SetThreadContext
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        63⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        64⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        64⤵
        Suspicious use of SetThreadContext
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        65⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        66⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        66⤵
        Suspicious use of SetThreadContext
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        67⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        68⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        68⤵
        Suspicious use of SetThreadContext
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        69⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        70⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        70⤵
        Suspicious use of SetThreadContext
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        71⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        72⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        72⤵
        Suspicious use of SetThreadContext
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        73⤵
        
        PID:944
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        74⤵
        Modifies Windows Firewall
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        74⤵
        Suspicious use of SetThreadContext
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        75⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        76⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        76⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        77⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        78⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        78⤵
        Suspicious use of SetThreadContext
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        79⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        80⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        80⤵
        Suspicious use of SetThreadContext
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        81⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        82⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        82⤵
        Suspicious use of SetThreadContext
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        83⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        84⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        84⤵
        Suspicious use of SetThreadContext
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        85⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        86⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        86⤵
        Suspicious use of SetThreadContext
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        87⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        88⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        88⤵
        Suspicious use of SetThreadContext
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        89⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        90⤵
        Suspicious use of SetThreadContext
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        91⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        92⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        92⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        93⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        94⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        94⤵
        Suspicious use of SetThreadContext
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        95⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        96⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        96⤵
        Suspicious use of SetThreadContext
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        97⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        98⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        98⤵
        Suspicious use of SetThreadContext
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        99⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        100⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        100⤵
        Suspicious use of SetThreadContext
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        101⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        102⤵
        Modifies Windows Firewall
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        102⤵
        Suspicious use of SetThreadContext
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        103⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        104⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        104⤵
        Suspicious use of SetThreadContext
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        105⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        106⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        106⤵
        Suspicious use of SetThreadContext
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        107⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        108⤵
        Modifies Windows Firewall
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        108⤵
        Suspicious use of SetThreadContext
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        109⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        110⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        110⤵
        Suspicious use of SetThreadContext
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        111⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        112⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        112⤵
        Suspicious use of SetThreadContext
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        113⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        114⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        114⤵
        Suspicious use of SetThreadContext
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        115⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        116⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        116⤵
        Suspicious use of SetThreadContext
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        117⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        118⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        118⤵
        Suspicious use of SetThreadContext
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        119⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        120⤵
        Suspicious use of SetThreadContext
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        121⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        122⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        122⤵
        Suspicious use of SetThreadContext
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        123⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        124⤵
        Modifies Windows Firewall
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        124⤵
        Suspicious use of SetThreadContext
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        125⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        126⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        126⤵
        Suspicious use of SetThreadContext
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        127⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        128⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        128⤵
        Suspicious use of SetThreadContext
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        129⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        130⤵
        Modifies Windows Firewall
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        130⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        131⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        132⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        132⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        133⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        134⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        134⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        135⤵
        
        PID:748
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        136⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        136⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        137⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        138⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        138⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        139⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        140⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        140⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        141⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        142⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        142⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        143⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        144⤵
        Modifies Windows Firewall
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        144⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        145⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        146⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        146⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        147⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        148⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        148⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        149⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        150⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        150⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        151⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        152⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        152⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        153⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        154⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        155⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        156⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        156⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        157⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        158⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        158⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        159⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        160⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        160⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        161⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        162⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        162⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        163⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        164⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        164⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        165⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        166⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        166⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        167⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        168⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        168⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        169⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        170⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        170⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        171⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        172⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        172⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        173⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        174⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        174⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        175⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        176⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        176⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        177⤵
        
        PID:756
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        178⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        178⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        179⤵
        
        PID:752
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        180⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        180⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        181⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        182⤵
        Modifies Windows Firewall
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        182⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        183⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        184⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        184⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        185⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        186⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        186⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        187⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        188⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        188⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        189⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        190⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        190⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        191⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        192⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        192⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        193⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        194⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        194⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        195⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        196⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        196⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        197⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        198⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        198⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        199⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        200⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        200⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        201⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        202⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        202⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        203⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        204⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        204⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        205⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        206⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        206⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        207⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        208⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        208⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        209⤵
        
        PID:452
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        210⤵
        Modifies Windows Firewall
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        210⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        211⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        212⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        213⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        214⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        214⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        215⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        216⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        216⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        217⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        218⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        219⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        220⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        220⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        221⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        222⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        222⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        223⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        224⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        224⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        225⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        226⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        226⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        227⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        228⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        228⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        229⤵
        
        PID:636
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        230⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        230⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        231⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        232⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        232⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        233⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        234⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        234⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        235⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        236⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        236⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        237⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        238⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        238⤵
        System Location Discovery: System Language Discovery
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        239⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        240⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        240⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        241⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        242⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        243⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        244⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        244⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        245⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        246⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        246⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        247⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        248⤵
        Modifies Windows Firewall
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        248⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        249⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        250⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        250⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        251⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        252⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        252⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        253⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        254⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        254⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        255⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        256⤵
        Modifies Windows Firewall
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        256⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        257⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        258⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        258⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        259⤵
        
        PID:924
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        260⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        260⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        261⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        262⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        262⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        263⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        264⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        264⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        265⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        266⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        266⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        267⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        268⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        268⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        269⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        270⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        270⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        271⤵
        
        PID:784
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        272⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        272⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        273⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        274⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        274⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        275⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        276⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        276⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        277⤵
        
        PID:324
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        278⤵
        Modifies Windows Firewall
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        278⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        279⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        280⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        280⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        281⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        282⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        282⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        283⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        284⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        284⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        285⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        286⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        286⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        287⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        288⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        288⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        289⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        290⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        290⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        291⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        292⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        292⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        293⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        294⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        294⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        295⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        296⤵
        Modifies Windows Firewall
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        296⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        297⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        298⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        298⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        299⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        300⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        300⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        301⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        302⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        302⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        303⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        304⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        304⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        305⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        306⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        306⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        307⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        308⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        308⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        309⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        310⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        310⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        311⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        312⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        312⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        313⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        314⤵
        Modifies Windows Firewall
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        314⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        315⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        316⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        316⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        317⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        318⤵
        Modifies Windows Firewall
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        318⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        319⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        320⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        320⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        321⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        322⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        322⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        323⤵
        
        PID:772
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        324⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        324⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        325⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        326⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        326⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        327⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        328⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        328⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        329⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        330⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        330⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        331⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        332⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        332⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        333⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        334⤵
        System Location Discovery: System Language Discovery
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        334⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        335⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        336⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        336⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        337⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        338⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        338⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        339⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        340⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        340⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        341⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        342⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        342⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        343⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        344⤵
        Modifies Windows Firewall
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        344⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        345⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        346⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        346⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        347⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        348⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        348⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        349⤵
        
        PID:336
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        350⤵
        Modifies Windows Firewall
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        350⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        351⤵
        
        PID:408
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        352⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        352⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        353⤵
        
        PID:780
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        354⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        354⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        355⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        356⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        356⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        357⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        358⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        358⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        359⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        360⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        360⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        361⤵
        
        PID:380
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        362⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        362⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        363⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        364⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        364⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        365⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        366⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        366⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        367⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        368⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        368⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        369⤵
        
        PID:404
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        370⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        370⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        371⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        372⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        372⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        373⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        374⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        374⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        375⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        376⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        376⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        377⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        378⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        378⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        379⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        380⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        380⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        381⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        382⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        382⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        383⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        384⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        384⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        385⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        386⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        386⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        387⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        388⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        388⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        389⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        390⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        390⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        391⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        392⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        392⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        393⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        394⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        394⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        395⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        396⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        396⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        397⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        398⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        398⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        399⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        400⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        400⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        401⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        402⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        402⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        403⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        404⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        404⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        405⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        406⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        406⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        407⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        408⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        408⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        409⤵
        
        PID:220
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        410⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        410⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        411⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        412⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        412⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        413⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        414⤵
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        414⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        415⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        416⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        416⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        417⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        418⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        418⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        419⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        420⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        420⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        421⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        422⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        422⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        423⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        424⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        424⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        425⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        426⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        426⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        427⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        428⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        428⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        429⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        430⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        430⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        431⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        432⤵
        Modifies Windows Firewall
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        432⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        433⤵
        
        PID:976
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        434⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        434⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        435⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        436⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        436⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        437⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        438⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        438⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        439⤵
        
        PID:892
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        440⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        440⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        441⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        442⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        442⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        443⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        444⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        444⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        445⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        446⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        446⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        447⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        448⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        448⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        449⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        450⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        450⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        451⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        452⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        452⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        453⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        454⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        454⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        455⤵
        
        PID:880
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        456⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        456⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        457⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        458⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        458⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        459⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        460⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        460⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        461⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        462⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        462⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        463⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        464⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        464⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        465⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        466⤵
        Modifies Windows Firewall
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        466⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        467⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        468⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        468⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        469⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        470⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        470⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        471⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        472⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        472⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        473⤵
        
        PID:1520
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        474⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        474⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        475⤵
        
        PID:772
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        476⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        476⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        477⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        478⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        478⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        479⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        480⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        480⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        481⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        482⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        482⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        483⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        484⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        484⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        485⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        486⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        486⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        487⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        488⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        488⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        489⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        490⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        490⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        491⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        492⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        492⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        493⤵
        
        PID:740
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        494⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        494⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        495⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        496⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        496⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        497⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        498⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        498⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        499⤵
        System Location Discovery: System Language Discovery
        
        PID:4072
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        500⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        500⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        501⤵
        
        PID:348
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        502⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        502⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        503⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        504⤵
        Modifies Windows Firewall
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        504⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        505⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        506⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        506⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        507⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        508⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        508⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        509⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        510⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        510⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        511⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        512⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        512⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        513⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        514⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        514⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        515⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        516⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        516⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        517⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        518⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        518⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        519⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        520⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        520⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        521⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        522⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        522⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        523⤵
        
        PID:368
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        524⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        524⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        525⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        526⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        526⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        527⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        528⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        528⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        529⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        530⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        530⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        531⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        532⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        532⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        533⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        534⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        534⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        535⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        536⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        536⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        537⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        538⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        538⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        539⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        540⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        540⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        541⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        542⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        542⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        543⤵
        
        PID:568
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        544⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        544⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        545⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        546⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        546⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        547⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        548⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        548⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        549⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        550⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        550⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        551⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        552⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        552⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        553⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        554⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        554⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        555⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        556⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        556⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        557⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        558⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        558⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        559⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        560⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        560⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        561⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        562⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        562⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        563⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        564⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        564⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        565⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        566⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        566⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        567⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        568⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        568⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        569⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        570⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        570⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        571⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        572⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        572⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        573⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        574⤵
        Modifies Windows Firewall
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        574⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        575⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        576⤵
        Modifies Windows Firewall
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        576⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        577⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        578⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        578⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        579⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        580⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        580⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        581⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        582⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        582⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        583⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        584⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        584⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        585⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        586⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        586⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        587⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        588⤵
        Modifies Windows Firewall
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        588⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        589⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        590⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        590⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        591⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        592⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        592⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        593⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        594⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        594⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        595⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        596⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        596⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        597⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        598⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        598⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        599⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        600⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        600⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        601⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        602⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        602⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        603⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        604⤵
        Modifies Windows Firewall
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        604⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        605⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        606⤵
        Modifies Windows Firewall
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        606⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        607⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        608⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        608⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        609⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        610⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        610⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        611⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        612⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        612⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        613⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        614⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        614⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        615⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        616⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        616⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        617⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        618⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        618⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        619⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        620⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        620⤵
        System Location Discovery: System Language Discovery
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        621⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        622⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        622⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        623⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        624⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        624⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        625⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        626⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        626⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        627⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        628⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        628⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        629⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        630⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        630⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        631⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        632⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        632⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        633⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        634⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        634⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        635⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        636⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        636⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        637⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        638⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        638⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        639⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        640⤵
        Modifies Windows Firewall
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        640⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        641⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        642⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        642⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        643⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        644⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        644⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        645⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        646⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        646⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        647⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        648⤵
        Modifies Windows Firewall
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        648⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        649⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        650⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        650⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        651⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        652⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        652⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        653⤵
        
        PID:656
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        654⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        654⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        655⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        656⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        656⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        657⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        658⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        658⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        659⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        660⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        660⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        661⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        662⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        662⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        663⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        664⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        664⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        665⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        666⤵
        System Location Discovery: System Language Discovery
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        666⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        667⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        668⤵
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        668⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        669⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        670⤵
        Modifies Windows Firewall
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        670⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        671⤵
        System Location Discovery: System Language Discovery
        
        PID:5936
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh.exe firewall add allowedprogram dlmanager.exe dlmanager ENABLE
        672⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        672⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        
        C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe
        673⤵
        
        PID:5864

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:3316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Fbot.exe

Filesize
397KB

MD5
d417cba986dfc878f9616d1e685203fd

SHA1
44202945f13941668ee7969502e0ed5da08c67e3

SHA256
e2003d55f9f2211bedaccb57c1a73e5d82dd64ddeb71c10faa04538c3989b6a4

SHA512
80524f1b95511271352f3d3d5379c9c03b96200dd970489b59e0bbe8d2c12a8e7ce9d376fe6dc2d5969031a746077f3ad8a61af2210f9e3e857bc5798ce01a13

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Windows Vista SP2 Activator v2.0 By CLoNY.bat

Filesize
7KB

MD5
86c7acb1ff5bbe271601050d770b0920

SHA1
d80171323e83546c4f407814ec7cf8296f67fa76

SHA256
b6a38a31203672d689fd972cc63b936293dbc9832bd97f62a37ffa6ee55e7169

SHA512
d7006b9f14957617c09b279619358270464d5733fa94001a7809a3595d606e96dd283705ed436947046915c8522cf150cd632370959151bf387c4f5fe3ef3009

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\DELLB8K.bootmgr

Filesize
428KB

MD5
63a118d44736d26579eaa2eef243866c

SHA1
f1577b36cd96ef18427c2109b473612cc285b0f6

SHA256
d88bbdcd4c313f67306e584ee7bff30f93a2788898597d01cff3932e523df776

SHA512
66f91bf991edc3862fa29c422b9c65c6cf36cd238764e81f7fc08c0a3e2bd658b3fd7d4575d2206c190784bc65eeeb2e1053afa349a8176c0000c4f53a5183f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\LENOVOTP-79.XRM-MS

Filesize
2KB

MD5
4baa251d0af2e67eb5d7e231175e9e94

SHA1
abe28d29811d239567f522b6b99ea85eed911a90

SHA256
166ff1fab4c76ea695b57fb8ff902f962399cefb4b7df31c04ec4e8999b76317

SHA512
1358312aa25f5f1dbc17b44040b1f38194116a19ecb023d5de2d87fa82e820b0652703f313aff6849bfa8d4f5088bbc56e5c5280e762a7c7b9a90cb7058c09db

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempalbert\Install.exe

Filesize
5.4MB

MD5
e6078c3f1bef0f6c0d5525515824b04d

SHA1
b9a0be6c84cb717aea8b0d79588e84812cdde4b7

SHA256
ee1060b8d8d296120306ac54a51856a0a7a45e27efd08eab49829260ca24e9c1

SHA512
32a80606ec853027460aee2b1cdb07590000536f277372c9bf2b5f80540e49fff8484a28921e90b1d34b70e809d4c2525cf79a1fcc5d0842534487307245c863

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempalbert\ri0t.exe

Filesize
393KB

MD5
2a8425ad65aa5421518d317c86c5e6cf

SHA1
bc14db27c135cc57360140dc10a28cb7b3144b29

SHA256
bd4beb5bf95dca7f31e2a5c518d9f3e9167d22a8ddd20a9ab345e12051b94ca0

SHA512
2beb868b3303705aa9fd2506d43fbeaf6f153a985652c3fffcafebcd591a33c505aa10f3c644485a35298a41226d241a23e1ffe9b990c998f90a0a495f72e221

Download Submit
memory/960-253-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1236-301-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1588-48-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1588-183-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1588-60-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1752-259-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1800-307-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2192-147-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2192-38-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2192-33-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2192-45-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/2380-295-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2472-283-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2752-238-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2868-247-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/3708-234-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4368-277-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4608-289-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4612-265-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/5104-271-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads