loaderbot | db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820

Analysis

max time kernel
4294215s
max time network
130s
platform
windows7_x64
resource
win7-20220310-en
submitted
14-03-2022 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe
Size

1.6MB
MD5

4017606e11e4713b64376e2370e2af1b
SHA1

008767b820c9b20f1f372649c037529b5639c163
SHA256

db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820
SHA512

0892083dc4d8c4e0678575a50fec988128fc4cb6cf9406557abab6283c04ed38e37d04b16c0acf3321a2c584c782a48295031dd395008de6e8c6c93cec3e0715

Score

10^/10

loaderbot discovery loader miner persistence

Malware Config

Signatures

LoaderBot
LoaderBot is a loader written in .NET downloading and executing miners.
loader miner loaderbot
Detected Stratum cryptominer command
Looks to be attempting to contact Stratum mining pool.
miner

LoaderBot executable 4 IoCs

resource	yara_rule
behavioral1/files/0x00060000000155e5-59.dat	loaderbot
behavioral1/files/0x00060000000155e5-60.dat	loaderbot
behavioral1/files/0x00060000000155e5-61.dat	loaderbot
behavioral1/memory/1788-63-0x0000000001170000-0x000000000156E000-memory.dmp	loaderbot

Nirsoft 2 IoCs

resource	yara_rule
behavioral1/files/0x00060000000155dd-56.dat	Nirsoft
behavioral1/files/0x00060000000155dd-57.dat	Nirsoft

Executes dropped EXE 64 IoCs

pid	Process
960	LastActivityView.exe
1788	Mini.exe
860	Driver.exe
1176	Driver.exe
972	Driver.exe
1660	Driver.exe
820	Driver.exe
792	Driver.exe
296	Driver.exe
1712	Driver.exe
1652	Driver.exe
1448	Driver.exe
580	Driver.exe
1564	Driver.exe
296	Driver.exe
1472	Driver.exe
952	Driver.exe
1104	Driver.exe
1956	Driver.exe
1680	Driver.exe
1200	Driver.exe
864	Driver.exe
1368	Driver.exe
1880	Driver.exe
1672	Driver.exe
1800	Driver.exe
996	Driver.exe
112	Driver.exe
1460	Driver.exe
860	Driver.exe
956	Driver.exe
1216	Driver.exe
1648	Driver.exe
1756	Driver.exe
1524	Driver.exe
1828	Driver.exe
968	Driver.exe
1616	Driver.exe
892	Driver.exe
1584	Driver.exe
1644	Driver.exe
1800	Driver.exe
1624	Driver.exe
1088	Driver.exe
660	Driver.exe
1652	Driver.exe
1632	Driver.exe
1492	Driver.exe
672	Driver.exe
112	Driver.exe
1112	Driver.exe
860	Driver.exe
1448	Driver.exe
1000	Driver.exe
1956	Driver.exe
1964	Driver.exe
2044	Driver.exe
1316	Driver.exe
1664	Driver.exe
612	Driver.exe
860	Driver.exe
2024	Driver.exe
1952	Driver.exe
952	Driver.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Driver.url	Mini.exe

Loads dropped DLL 4 IoCs

pid	Process
1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe
1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe
1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe
1788	Mini.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000\Software\Microsoft\Windows\CurrentVersion\Run\Driver = "C:\\Users\\Admin\\AppData\\Roaming\\Sysfiles\\Mini.exe"	Mini.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe
1788	Mini.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
960	LastActivityView.exe
1788	Mini.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeBackupPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeBackupPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe
Token: SeSecurityPrivilege	960	LastActivityView.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 960	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	27
PID 1760 wrote to memory of 960	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	27
PID 1760 wrote to memory of 960	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	27
PID 1760 wrote to memory of 960	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	27
PID 1760 wrote to memory of 1788	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	28
PID 1760 wrote to memory of 1788	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	28
PID 1760 wrote to memory of 1788	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	28
PID 1760 wrote to memory of 1788	1760	db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe	28
PID 1788 wrote to memory of 860	1788	Mini.exe	31
PID 1788 wrote to memory of 860	1788	Mini.exe	31
PID 1788 wrote to memory of 860	1788	Mini.exe	31
PID 1788 wrote to memory of 860	1788	Mini.exe	31
PID 1788 wrote to memory of 1176	1788	Mini.exe	33
PID 1788 wrote to memory of 1176	1788	Mini.exe	33
PID 1788 wrote to memory of 1176	1788	Mini.exe	33
PID 1788 wrote to memory of 1176	1788	Mini.exe	33
PID 1788 wrote to memory of 972	1788	Mini.exe	35
PID 1788 wrote to memory of 972	1788	Mini.exe	35
PID 1788 wrote to memory of 972	1788	Mini.exe	35
PID 1788 wrote to memory of 972	1788	Mini.exe	35
PID 1788 wrote to memory of 1660	1788	Mini.exe	37
PID 1788 wrote to memory of 1660	1788	Mini.exe	37
PID 1788 wrote to memory of 1660	1788	Mini.exe	37
PID 1788 wrote to memory of 1660	1788	Mini.exe	37
PID 1788 wrote to memory of 820	1788	Mini.exe	40
PID 1788 wrote to memory of 820	1788	Mini.exe	40
PID 1788 wrote to memory of 820	1788	Mini.exe	40
PID 1788 wrote to memory of 820	1788	Mini.exe	40
PID 1788 wrote to memory of 792	1788	Mini.exe	42
PID 1788 wrote to memory of 792	1788	Mini.exe	42
PID 1788 wrote to memory of 792	1788	Mini.exe	42
PID 1788 wrote to memory of 792	1788	Mini.exe	42
PID 1788 wrote to memory of 296	1788	Mini.exe	44
PID 1788 wrote to memory of 296	1788	Mini.exe	44
PID 1788 wrote to memory of 296	1788	Mini.exe	44
PID 1788 wrote to memory of 296	1788	Mini.exe	44
PID 1788 wrote to memory of 1712	1788	Mini.exe	46
PID 1788 wrote to memory of 1712	1788	Mini.exe	46
PID 1788 wrote to memory of 1712	1788	Mini.exe	46
PID 1788 wrote to memory of 1712	1788	Mini.exe	46
PID 1788 wrote to memory of 1652	1788	Mini.exe	48
PID 1788 wrote to memory of 1652	1788	Mini.exe	48
PID 1788 wrote to memory of 1652	1788	Mini.exe	48
PID 1788 wrote to memory of 1652	1788	Mini.exe	48
PID 1788 wrote to memory of 1448	1788	Mini.exe	50
PID 1788 wrote to memory of 1448	1788	Mini.exe	50
PID 1788 wrote to memory of 1448	1788	Mini.exe	50
PID 1788 wrote to memory of 1448	1788	Mini.exe	50
PID 1788 wrote to memory of 580	1788	Mini.exe	52
PID 1788 wrote to memory of 580	1788	Mini.exe	52
PID 1788 wrote to memory of 580	1788	Mini.exe	52
PID 1788 wrote to memory of 580	1788	Mini.exe	52
PID 1788 wrote to memory of 1564	1788	Mini.exe	54
PID 1788 wrote to memory of 1564	1788	Mini.exe	54
PID 1788 wrote to memory of 1564	1788	Mini.exe	54
PID 1788 wrote to memory of 1564	1788	Mini.exe	54
PID 1788 wrote to memory of 296	1788	Mini.exe	56
PID 1788 wrote to memory of 296	1788	Mini.exe	56
PID 1788 wrote to memory of 296	1788	Mini.exe	56
PID 1788 wrote to memory of 296	1788	Mini.exe	56
PID 1788 wrote to memory of 1472	1788	Mini.exe	58
PID 1788 wrote to memory of 1472	1788	Mini.exe	58
PID 1788 wrote to memory of 1472	1788	Mini.exe	58
PID 1788 wrote to memory of 1472	1788	Mini.exe	58

C:\Users\Admin\AppData\Local\Temp\db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe
"C:\Users\Admin\AppData\Local\Temp\db0c5e3400f28450267c71c812c3b95d63d3a9a467508c7b3b387f5f7c0c6820.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Roaming\1337\LastActivityView.exe
  "C:\Users\Admin\AppData\Roaming\1337\LastActivityView.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:960
- C:\Users\Admin\AppData\Roaming\1337\Mini.exe
  "C:\Users\Admin\AppData\Roaming\1337\Mini.exe"
  2⤵
  - Executes dropped EXE
  - Drops startup file
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:860
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1176
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:972
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1660
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:820
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:792
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:296
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1712
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1652
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1448
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:580
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1564
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:296
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1472
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:952
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1104
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1956
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1680
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1200
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:864
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1368
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1880
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1672
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1800
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:996
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:112
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1460
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:860
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:956
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1216
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1648
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1756
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1524
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1828
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:968
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1616
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:892
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1584
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1644
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1800
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1624
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1088
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:660
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1652
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1632
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1492
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:672
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:112
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1112
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:860
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1448
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1000
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1956
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1964
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:2044
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1316
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1664
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:612
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:860
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:2024
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:1952
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    - Executes dropped EXE
    PID:952
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1800
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1936
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:2024
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1332
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1228
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:844
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1180
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1224
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1188
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1672
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1848
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1000
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:996
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1688
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:972
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1144
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:944
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1220
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:112
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:580
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:888
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:516
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:676
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1160
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:276
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:996
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:516
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:956
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1224
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1060
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:988
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1740
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1320
- - C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe
    "C:\Users\Admin\AppData\Roaming\Sysfiles\Driver.exe" -o stratum+tcp://xmr.pool.minergate.com:45700 -u [email protected] -p x -k -v=0 --donate-level=1 -t 1
    3⤵
    PID:1756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/860-68-0x00000000003F0000-0x0000000000404000-memory.dmp

Filesize
80KB

Download
memory/1760-54-0x00000000761D1000-0x00000000761D3000-memory.dmp

Filesize
8KB

Download
memory/1788-65-0x0000000004A90000-0x0000000004A91000-memory.dmp

Filesize
4KB

Download
memory/1788-63-0x0000000001170000-0x000000000156E000-memory.dmp

Filesize
4.0MB

Download
memory/1788-62-0x0000000074710000-0x0000000074DFE000-memory.dmp

Filesize
6.9MB

Download