loaderbot | e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e

Analysis

max time kernel
210s
max time network
207s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-10-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
Size

2.9MB
MD5

f1c1e000b7a5eed40ab8ee2c26762ee0
SHA1

9b8ab465443188315937a634977d9540316fc844
SHA256

e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e
SHA512

403b1a6bc21b3d06a21cfb970580a8b17e206882a0d2b2c851d9692ad4bf32ef45c61d99fd77b74e7436dc12620f1e0dd94c6a816ec566270f32913e37a30ac4
SSDEEP

49152:/KeQYo/yWQx5Y0kh0AwS5T4Gh0P678H6FpuasPrEHMWC52YsnkSXTK0uvooNCul2:kz/8x5YgE5T4Z96Hu7Y+2lK0somCQ16d

Score

10^/10

loaderbot xmrig discovery loader miner persistence

Malware Config

Extracted

Family

loaderbot

http://reebokfm.beget.tech/cmd.php

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

LoaderBot executable 5 IoCs

resource	yara_rule
behavioral1/memory/2188-1-0x0000000000D30000-0x0000000001494000-memory.dmp	loaderbot
behavioral1/memory/2188-2-0x0000000000D30000-0x0000000001494000-memory.dmp	loaderbot
behavioral1/memory/2188-3-0x0000000000D30000-0x0000000001494000-memory.dmp	loaderbot
behavioral1/memory/2188-33-0x0000000000D30000-0x0000000001494000-memory.dmp	loaderbot
behavioral1/memory/2188-40-0x0000000006A40000-0x00000000075B5000-memory.dmp	loaderbot

XMRig Miner payload 33 IoCs

miner

resource	yara_rule
behavioral1/memory/2808-17-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2952-23-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2816-29-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2672-35-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2192-43-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1180-49-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1456-55-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2672-61-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1644-60-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2056-66-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2004-71-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2940-77-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2268-82-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/112-87-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2772-92-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2992-97-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1552-102-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1728-108-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1716-113-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2436-118-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1092-123-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3060-128-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2524-133-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/948-138-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1704-143-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2756-149-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2892-154-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/3036-159-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1904-164-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2948-169-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2284-174-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/2032-179-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig
behavioral1/memory/1964-184-0x0000000140000000-0x0000000140B75000-memory.dmp	xmrig

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Executes dropped EXE 64 IoCs

pid	Process
2808	Driver.exe
2952	Driver.exe
2816	Driver.exe
2672	Driver.exe
2192	Driver.exe
1180	Driver.exe
1456	Driver.exe
1644	Driver.exe
2056	Driver.exe
2004	Driver.exe
2940	Driver.exe
2268	Driver.exe
112	Driver.exe
2772	Driver.exe
2992	Driver.exe
1552	Driver.exe
1728	Driver.exe
1716	Driver.exe
2436	Driver.exe
1092	Driver.exe
3060	Driver.exe
2524	Driver.exe
948	Driver.exe
1704	Driver.exe
2756	Driver.exe
2892	Driver.exe
3036	Driver.exe
1904	Driver.exe
2948	Driver.exe
2284	Driver.exe
2032	Driver.exe
1964	Driver.exe
2364	Driver.exe
2192	Driver.exe
2120	Driver.exe
2064	Driver.exe
2776	Driver.exe
2264	Driver.exe
2464	Driver.exe
2440	Driver.exe
656	Driver.exe
1616	Driver.exe
1732	Driver.exe
3044	Driver.exe
1100	Driver.exe
820	Driver.exe
2004	Driver.exe
2652	Driver.exe
2460	Driver.exe
2336	Driver.exe
2324	Driver.exe
2904	Driver.exe
1264	Driver.exe
2104	Driver.exe
2732	Driver.exe
2660	Driver.exe
1832	Driver.exe
1664	Driver.exe
2008	Driver.exe
1328	Driver.exe
3036	Driver.exe
2308	Driver.exe
2028	Driver.exe
1764	Driver.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe"	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs

pid	Process
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2808	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	32
PID 2188 wrote to memory of 2808	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	32
PID 2188 wrote to memory of 2808	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	32
PID 2188 wrote to memory of 2808	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	32
PID 2188 wrote to memory of 2952	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	34
PID 2188 wrote to memory of 2952	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	34
PID 2188 wrote to memory of 2952	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	34
PID 2188 wrote to memory of 2952	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	34
PID 2188 wrote to memory of 2816	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	36
PID 2188 wrote to memory of 2816	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	36
PID 2188 wrote to memory of 2816	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	36
PID 2188 wrote to memory of 2816	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	36
PID 2188 wrote to memory of 2672	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	38
PID 2188 wrote to memory of 2672	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	38
PID 2188 wrote to memory of 2672	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	38
PID 2188 wrote to memory of 2672	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	38
PID 2188 wrote to memory of 2192	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	40
PID 2188 wrote to memory of 2192	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	40
PID 2188 wrote to memory of 2192	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	40
PID 2188 wrote to memory of 2192	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	40
PID 2188 wrote to memory of 1180	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	42
PID 2188 wrote to memory of 1180	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	42
PID 2188 wrote to memory of 1180	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	42
PID 2188 wrote to memory of 1180	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	42
PID 2188 wrote to memory of 1456	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	44
PID 2188 wrote to memory of 1456	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	44
PID 2188 wrote to memory of 1456	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	44
PID 2188 wrote to memory of 1456	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	44
PID 2188 wrote to memory of 1644	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	46
PID 2188 wrote to memory of 1644	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	46
PID 2188 wrote to memory of 1644	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	46
PID 2188 wrote to memory of 1644	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	46
PID 2188 wrote to memory of 2056	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	48
PID 2188 wrote to memory of 2056	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	48
PID 2188 wrote to memory of 2056	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	48
PID 2188 wrote to memory of 2056	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	48
PID 2188 wrote to memory of 2004	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	50
PID 2188 wrote to memory of 2004	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	50
PID 2188 wrote to memory of 2004	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	50
PID 2188 wrote to memory of 2004	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	50
PID 2188 wrote to memory of 2940	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	52
PID 2188 wrote to memory of 2940	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	52
PID 2188 wrote to memory of 2940	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	52
PID 2188 wrote to memory of 2940	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	52
PID 2188 wrote to memory of 2268	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	54
PID 2188 wrote to memory of 2268	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	54
PID 2188 wrote to memory of 2268	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	54
PID 2188 wrote to memory of 2268	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	54
PID 2188 wrote to memory of 112	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	56
PID 2188 wrote to memory of 112	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	56
PID 2188 wrote to memory of 112	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	56
PID 2188 wrote to memory of 112	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	56
PID 2188 wrote to memory of 2772	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	58
PID 2188 wrote to memory of 2772	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	58
PID 2188 wrote to memory of 2772	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	58
PID 2188 wrote to memory of 2772	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	58
PID 2188 wrote to memory of 2992	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	60
PID 2188 wrote to memory of 2992	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	60
PID 2188 wrote to memory of 2992	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	60
PID 2188 wrote to memory of 2992	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	60
PID 2188 wrote to memory of 1552	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	62
PID 2188 wrote to memory of 1552	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	62
PID 2188 wrote to memory of 1552	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	62
PID 2188 wrote to memory of 1552	2188	e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe	62

C:\Users\Admin\AppData\Local\Temp\e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe
"C:\Users\Admin\AppData\Local\Temp\e3801874cc5d57f0f249ba6499d6c870e2a1ed6f695ada3389cbf19ed2c85d6e.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:3012
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2428
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1612
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1700
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2588
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1284
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1412
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1424
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1648
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1092
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1808
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2640
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2556
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:264
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2888
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2828
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2460
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2652
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:992
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2908
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2680
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2836
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:524
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1152
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2744
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2576
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1180
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2056
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:3004
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2280
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1696
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1928
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:976
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1700
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2496
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1516
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1036
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2164
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2436
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1912
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1016
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:3040
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2796
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2004
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2984
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2216
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2800
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2644
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2908
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1092
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2456
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1496
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1640
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2816
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1904
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2928
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2016
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2144
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2100
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1492
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1512
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1612
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1756
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1784
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1184
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:640
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2280
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2568
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:580
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:864
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2508
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2884
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2872
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2464
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2088
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2172
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2716
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2664
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2460
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:264
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1032
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:936
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2444
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1904
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2400
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:992
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1200
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1656
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1796
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2660
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1764
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2024
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2328
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1716
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2496
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1240
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2432
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:572
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2928
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:560
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2336
- C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
  "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 47vHWCbAN63PGUDefhL7tV5TeAqZxYjs7E2UexaZWyRCG63u9D5oHThTjEexj5HjNXP2TWAMCkAMiST5kAkYKTP7EJmsebD -p x -k -v=0 --donate-level=0 -t 4
  2⤵
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe

Filesize
3.9MB

MD5
02569a7a91a71133d4a1023bf32aa6f4

SHA1
0f16bcb3f3f085d3d3be912195558e9f9680d574

SHA256
8d6abba9b216172cfc64b8802db0d20a1c634c96e1049f451eddba2363966bf0

SHA512
534be1fe93ee556a14cfd8fad5377f57fb056ab4cd2bca14e4f376f4a25d3d4d270917d68a90b3c40d8a8daaeba6f592fa095ecff478332ba23405d1df728322

Download Submit
memory/112-87-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/948-138-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1092-123-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1180-49-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1456-55-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1552-102-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1644-60-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1704-143-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1716-113-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1728-108-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1904-164-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/1964-184-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2004-71-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2032-179-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2056-66-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2188-1-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2188-2-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2188-6-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2188-0-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2188-13-0x0000000006A40000-0x00000000075B5000-memory.dmp

Filesize
11.5MB

Download
memory/2188-40-0x0000000006A40000-0x00000000075B5000-memory.dmp

Filesize
11.5MB

Download
memory/2188-3-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2188-8-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2188-33-0x0000000000D30000-0x0000000001494000-memory.dmp

Filesize
7.4MB

Download
memory/2192-43-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2268-82-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2284-174-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2436-118-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2524-133-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2672-35-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2672-61-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2756-149-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2772-92-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2808-17-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2808-14-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2808-15-0x00000000001F0000-0x0000000000204000-memory.dmp

Filesize
80KB

Download
memory/2816-29-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2892-154-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2940-77-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2948-169-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2952-23-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/2992-97-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3036-159-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download
memory/3060-128-0x0000000140000000-0x0000000140B75000-memory.dmp

Filesize
11.5MB

Download