Malware Analysis Report

2025-01-06 15:14

Sample ID 240525-qqdkmsee49
Target miner 2.55555.rar
SHA256 f5bd0ebcfc01b3431f67795b918ea0220ec4204530a959b2c161afecf61b74aa
Tags
miner xmrig
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f5bd0ebcfc01b3431f67795b918ea0220ec4204530a959b2c161afecf61b74aa

Threat Level: Known bad

The file miner 2.55555.rar was found to be: Known bad.

Malicious Activity Summary

miner xmrig

XMRig Miner payload

Xmrig family

Unsigned PE

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-25 13:27

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xmrig family

xmrig

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240508-en

Max time kernel

839s

Max time network

1190s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2668-0-0x0000000000080000-0x00000000000A0000-memory.dmp

memory/2668-2-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2668-1-0x00000000004D0000-0x00000000004F0000-memory.dmp

memory/2668-4-0x0000000000500000-0x0000000000520000-memory.dmp

memory/2668-3-0x00000000004D0000-0x00000000004F0000-memory.dmp

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:49

Platform

win10v2004-20240226-en

Max time kernel

1192s

Max time network

1207s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3588 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp

Files

memory/1780-0-0x0000028F5D790000-0x0000028F5D7B0000-memory.dmp

memory/1780-1-0x0000028F5D7E0000-0x0000028F5D800000-memory.dmp

memory/1780-2-0x0000028F5D800000-0x0000028F5D820000-memory.dmp

memory/1780-3-0x0000028F5D820000-0x0000028F5D840000-memory.dmp

memory/1780-4-0x0000028F5D800000-0x0000028F5D820000-memory.dmp

memory/1780-5-0x0000028F5D820000-0x0000028F5D840000-memory.dmp

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:35

Platform

win7-20240220-en

Max time kernel

119s

Max time network

298s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1692-0-0x0000000000080000-0x00000000000A0000-memory.dmp

memory/1692-2-0x00000000003E0000-0x0000000000400000-memory.dmp

memory/1692-1-0x00000000003C0000-0x00000000003E0000-memory.dmp

memory/1692-4-0x00000000003E0000-0x0000000000400000-memory.dmp

memory/1692-3-0x00000000003C0000-0x00000000003E0000-memory.dmp

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240508-en

Max time kernel

886s

Max time network

1202s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (10).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 199.111.78.13.in-addr.arpa udp

Files

memory/2120-0-0x0000025330A40000-0x0000025330A60000-memory.dmp

memory/2120-1-0x0000025330A80000-0x0000025330AA0000-memory.dmp

memory/2120-3-0x0000025330AD0000-0x0000025330AF0000-memory.dmp

memory/2120-2-0x0000025330AB0000-0x0000025330AD0000-memory.dmp

memory/2120-4-0x0000025330AB0000-0x0000025330AD0000-memory.dmp

memory/2120-5-0x0000025330AD0000-0x0000025330AF0000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:33

Platform

win10v2004-20240426-en

Max time kernel

134s

Max time network

291s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

memory/2476-0-0x000001F3366B0000-0x000001F3366D0000-memory.dmp

memory/2476-1-0x000001F337FE0000-0x000001F338000000-memory.dmp

memory/2476-3-0x000001F338020000-0x000001F338040000-memory.dmp

memory/2476-2-0x000001F338000000-0x000001F338020000-memory.dmp

memory/2476-4-0x000001F338000000-0x000001F338020000-memory.dmp

memory/2476-5-0x000001F338020000-0x000001F338040000-memory.dmp

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240508-en

Max time kernel

450s

Max time network

1190s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/4800-0-0x00000242891F0000-0x0000024289210000-memory.dmp

memory/4800-1-0x0000024289350000-0x0000024289370000-memory.dmp

memory/4800-2-0x0000024289370000-0x0000024289390000-memory.dmp

memory/4800-3-0x0000024289390000-0x00000242893B0000-memory.dmp

memory/4800-4-0x0000024289370000-0x0000024289390000-memory.dmp

memory/4800-5-0x0000024289390000-0x00000242893B0000-memory.dmp

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:49

Platform

win7-20240220-en

Max time kernel

844s

Max time network

1199s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1796-0-0x0000000000300000-0x0000000000320000-memory.dmp

memory/1796-2-0x0000000002520000-0x0000000002540000-memory.dmp

memory/1796-1-0x0000000002500000-0x0000000002520000-memory.dmp

memory/1796-4-0x0000000002520000-0x0000000002540000-memory.dmp

memory/1796-3-0x0000000002500000-0x0000000002520000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20231129-en

Max time kernel

845s

Max time network

1208s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1580-0-0x00000000002F0000-0x0000000000310000-memory.dmp

memory/1580-1-0x00000000004C0000-0x00000000004E0000-memory.dmp

memory/1580-2-0x00000000004E0000-0x0000000000500000-memory.dmp

memory/1580-3-0x00000000004C0000-0x00000000004E0000-memory.dmp

memory/1580-4-0x00000000004E0000-0x0000000000500000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240221-en

Max time kernel

839s

Max time network

1201s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2684-0-0x00000000002F0000-0x0000000000310000-memory.dmp

memory/2684-2-0x00000000005E0000-0x0000000000600000-memory.dmp

memory/2684-1-0x00000000005C0000-0x00000000005E0000-memory.dmp

memory/2684-4-0x00000000005E0000-0x0000000000600000-memory.dmp

memory/2684-3-0x00000000005C0000-0x00000000005E0000-memory.dmp

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240508-en

Max time kernel

1194s

Max time network

1206s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4168,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=3148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4132,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 192.98.74.40.in-addr.arpa udp

Files

memory/3692-0-0x000002590A390000-0x000002590A3B0000-memory.dmp

memory/3692-1-0x000002590A3E0000-0x000002590A400000-memory.dmp

memory/3692-3-0x000002590A420000-0x000002590A440000-memory.dmp

memory/3692-2-0x000002590A400000-0x000002590A420000-memory.dmp

memory/3692-5-0x000002590A420000-0x000002590A440000-memory.dmp

memory/3692-4-0x000002590A400000-0x000002590A420000-memory.dmp

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

450s

Max time network

1204s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/712-0-0x000001B887C50000-0x000001B887C70000-memory.dmp

memory/712-1-0x000001B887CF0000-0x000001B887D10000-memory.dmp

memory/712-2-0x000001B887D10000-0x000001B887D30000-memory.dmp

memory/712-3-0x000001B887D30000-0x000001B887D50000-memory.dmp

memory/712-4-0x000001B887D10000-0x000001B887D30000-memory.dmp

memory/712-5-0x000001B887D30000-0x000001B887D50000-memory.dmp

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20231129-en

Max time kernel

843s

Max time network

1192s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2044-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2044-2-0x00000000006B0000-0x00000000006D0000-memory.dmp

memory/2044-1-0x0000000000690000-0x00000000006B0000-memory.dmp

memory/2044-4-0x00000000006B0000-0x00000000006D0000-memory.dmp

memory/2044-3-0x0000000000690000-0x00000000006B0000-memory.dmp

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:35

Platform

win7-20240220-en

Max time kernel

122s

Max time network

297s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1744-0-0x0000000000080000-0x00000000000A0000-memory.dmp

memory/1744-2-0x0000000002110000-0x0000000002130000-memory.dmp

memory/1744-1-0x00000000020F0000-0x0000000002110000-memory.dmp

memory/1744-4-0x0000000002110000-0x0000000002130000-memory.dmp

memory/1744-3-0x00000000020F0000-0x0000000002110000-memory.dmp

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

449s

Max time network

1204s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (12).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

memory/4048-0-0x00000204E8A20000-0x00000204E8A40000-memory.dmp

memory/4048-1-0x00000204E8A80000-0x00000204E8AA0000-memory.dmp

memory/4048-2-0x00000204E8AA0000-0x00000204E8AC0000-memory.dmp

memory/4048-3-0x00000204E8AC0000-0x00000204E8AE0000-memory.dmp

memory/4048-4-0x00000204E8AA0000-0x00000204E8AC0000-memory.dmp

memory/4048-5-0x00000204E8AC0000-0x00000204E8AE0000-memory.dmp

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240419-en

Max time kernel

844s

Max time network

1199s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (13).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2260-0-0x0000000000420000-0x0000000000440000-memory.dmp

memory/2260-1-0x0000000002680000-0x00000000026A0000-memory.dmp

memory/2260-2-0x00000000026A0000-0x00000000026C0000-memory.dmp

memory/2260-3-0x0000000002680000-0x00000000026A0000-memory.dmp

memory/2260-4-0x00000000026A0000-0x00000000026C0000-memory.dmp

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240221-en

Max time kernel

840s

Max time network

1202s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2216-0-0x00000000001F0000-0x0000000000210000-memory.dmp

memory/2216-1-0x0000000000510000-0x0000000000530000-memory.dmp

memory/2216-2-0x0000000000530000-0x0000000000550000-memory.dmp

memory/2216-3-0x0000000000510000-0x0000000000530000-memory.dmp

memory/2216-4-0x0000000000530000-0x0000000000550000-memory.dmp

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240508-en

Max time kernel

554s

Max time network

1199s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (16).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp

Files

memory/1640-0-0x00000258D9D40000-0x00000258D9D60000-memory.dmp

memory/1640-1-0x00007FF85D5F0000-0x00007FF85D8B9000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240419-en

Max time kernel

844s

Max time network

1190s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/1980-2-0x00000000004E0000-0x0000000000500000-memory.dmp

memory/1980-1-0x00000000004C0000-0x00000000004E0000-memory.dmp

memory/1980-0-0x0000000000080000-0x00000000000A0000-memory.dmp

memory/1980-3-0x00000000004C0000-0x00000000004E0000-memory.dmp

memory/1980-4-0x00000000004E0000-0x0000000000500000-memory.dmp

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240508-en

Max time kernel

1193s

Max time network

1208s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4004,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 192.98.74.40.in-addr.arpa udp

Files

memory/1112-0-0x00000257AD460000-0x00000257AD480000-memory.dmp

memory/1112-1-0x00000257AEE50000-0x00000257AEE70000-memory.dmp

memory/1112-2-0x00000257AEE80000-0x00000257AEEA0000-memory.dmp

memory/1112-3-0x00000257AEEA0000-0x00000257AEEC0000-memory.dmp

memory/1112-4-0x00000257AEE80000-0x00000257AEEA0000-memory.dmp

memory/1112-5-0x00000257AEEA0000-0x00000257AEEC0000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240221-en

Max time kernel

837s

Max time network

1197s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

Signatures

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2308-0-0x00000000000F0000-0x0000000000110000-memory.dmp

memory/2308-2-0x0000000001C40000-0x0000000001C60000-memory.dmp

memory/2308-1-0x0000000001C10000-0x0000000001C30000-memory.dmp

memory/2308-4-0x0000000001C40000-0x0000000001C60000-memory.dmp

memory/2308-3-0x0000000001C10000-0x0000000001C30000-memory.dmp

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240508-en

Max time kernel

842s

Max time network

1188s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (5) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/3012-0-0x0000000000310000-0x0000000000330000-memory.dmp

memory/3012-2-0x0000000002750000-0x0000000002770000-memory.dmp

memory/3012-1-0x00000000024C0000-0x00000000024E0000-memory.dmp

memory/3012-4-0x0000000002750000-0x0000000002770000-memory.dmp

memory/3012-3-0x00000000024C0000-0x00000000024E0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

456s

Max time network

1202s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

memory/4720-0-0x0000016758AA0000-0x0000016758AC0000-memory.dmp

memory/4720-1-0x0000016758AF0000-0x0000016758B10000-memory.dmp

memory/4720-2-0x0000016758B30000-0x0000016758B50000-memory.dmp

memory/4720-3-0x0000016758B10000-0x0000016758B30000-memory.dmp

memory/4720-4-0x0000016758B30000-0x0000016758B50000-memory.dmp

memory/4720-5-0x0000016758B10000-0x0000016758B30000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240220-en

Max time kernel

838s

Max time network

1191s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2632-0-0x00000000002F0000-0x0000000000310000-memory.dmp

memory/2632-2-0x00000000005E0000-0x0000000000600000-memory.dmp

memory/2632-1-0x00000000005C0000-0x00000000005E0000-memory.dmp

memory/2632-4-0x00000000005E0000-0x0000000000600000-memory.dmp

memory/2632-3-0x00000000005C0000-0x00000000005E0000-memory.dmp

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20231129-en

Max time kernel

837s

Max time network

1204s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (11).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2324-0-0x0000000000080000-0x00000000000A0000-memory.dmp

memory/2324-1-0x0000000002040000-0x0000000002060000-memory.dmp

memory/2324-2-0x00000000024A0000-0x00000000024C0000-memory.dmp

memory/2324-3-0x0000000002040000-0x0000000002060000-memory.dmp

memory/2324-4-0x00000000024A0000-0x00000000024C0000-memory.dmp

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:49

Platform

win10v2004-20240426-en

Max time kernel

450s

Max time network

1196s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp

Files

memory/1056-0-0x0000022ECC530000-0x0000022ECC550000-memory.dmp

memory/1056-1-0x0000022ECDE20000-0x0000022ECDE40000-memory.dmp

memory/1056-2-0x0000022ECDE40000-0x0000022ECDE60000-memory.dmp

memory/1056-3-0x0000022ECDE60000-0x0000022ECDE80000-memory.dmp

memory/1056-4-0x0000022ECDE40000-0x0000022ECDE60000-memory.dmp

memory/1056-5-0x0000022ECDE60000-0x0000022ECDE80000-memory.dmp

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

452s

Max time network

1199s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (15).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 204.79.197.237:443 g.bing.com tcp

Files

memory/1588-0-0x000001BEF4630000-0x000001BEF4650000-memory.dmp

memory/1588-1-0x000001BEF4680000-0x000001BEF46A0000-memory.dmp

memory/1588-2-0x000001BEF6040000-0x000001BEF6060000-memory.dmp

memory/1588-3-0x000001BEF6060000-0x000001BEF6080000-memory.dmp

memory/1588-4-0x000001BEF6040000-0x000001BEF6060000-memory.dmp

memory/1588-5-0x000001BEF6060000-0x000001BEF6080000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:33

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

294s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

memory/3144-0-0x000001CD76780000-0x000001CD767A0000-memory.dmp

memory/3144-1-0x000001CD767D0000-0x000001CD767F0000-memory.dmp

memory/3144-3-0x000001CD76810000-0x000001CD76830000-memory.dmp

memory/3144-2-0x000001CD767F0000-0x000001CD76810000-memory.dmp

memory/3144-4-0x000001CD767F0000-0x000001CD76810000-memory.dmp

memory/3144-5-0x000001CD76810000-0x000001CD76830000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

456s

Max time network

1192s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp

Files

memory/4952-0-0x00000121D9880000-0x00000121D98A0000-memory.dmp

memory/4952-1-0x000001226BA50000-0x000001226BA70000-memory.dmp

memory/4952-2-0x000001226BEA0000-0x000001226BEC0000-memory.dmp

memory/4952-3-0x000001226C0D0000-0x000001226C0F0000-memory.dmp

memory/4952-4-0x000001226BEA0000-0x000001226BEC0000-memory.dmp

memory/4952-5-0x000001226C0D0000-0x000001226C0F0000-memory.dmp

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

448s

Max time network

1204s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (3).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

memory/1624-0-0x0000027F38FD0000-0x0000027F38FF0000-memory.dmp

memory/1624-1-0x0000027F3AA10000-0x0000027F3AA30000-memory.dmp

memory/1624-2-0x0000027F3AA30000-0x0000027F3AA50000-memory.dmp

memory/1624-3-0x0000027F3AA50000-0x0000027F3AA70000-memory.dmp

memory/1624-4-0x0000027F3AA30000-0x0000027F3AA50000-memory.dmp

memory/1624-5-0x0000027F3AA50000-0x0000027F3AA70000-memory.dmp

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win10v2004-20240426-en

Max time kernel

454s

Max time network

1196s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy (4) - Copy.cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

memory/4560-0-0x0000026F84340000-0x0000026F84360000-memory.dmp

memory/4560-1-0x0000026F84390000-0x0000026F843B0000-memory.dmp

memory/4560-3-0x0000026F843D0000-0x0000026F843F0000-memory.dmp

memory/4560-2-0x0000026F843B0000-0x0000026F843D0000-memory.dmp

memory/4560-4-0x0000026F843B0000-0x0000026F843D0000-memory.dmp

memory/4560-5-0x0000026F843D0000-0x0000026F843F0000-memory.dmp

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:48

Platform

win7-20240221-en

Max time kernel

839s

Max time network

1195s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (14).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/2996-0-0x0000000000190000-0x00000000001B0000-memory.dmp

memory/2996-1-0x0000000002480000-0x00000000024A0000-memory.dmp

memory/2996-2-0x00000000024A0000-0x00000000024C0000-memory.dmp

memory/2996-3-0x0000000002480000-0x00000000024A0000-memory.dmp

memory/2996-4-0x00000000024A0000-0x00000000024C0000-memory.dmp

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-25 13:27

Reported

2024-05-25 13:33

Platform

win7-20240508-en

Max time kernel

117s

Max time network

303s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\pool_mine_example - Copy - Copy (2).cmd"

C:\Users\Admin\AppData\Local\Temp\miner 2.55555\miner 2.5\xmrig-6.21.3\xmrig.exe

xmrig.exe -o xmr.2miners.com:2222 -u 435StpkeVHdcvMVhY4SQNdHusi7VaQSNkZqa1bABLLdS5wtNcPrkJNDHvquj4NXXwbJav1T7RGgybAUJvHLKWGmJAhse82k -p x

Network

Country Destination Domain Proto
US 8.8.8.8:53 xmr.2miners.com udp
DE 162.19.139.184:2222 xmr.2miners.com tcp

Files

memory/3040-2-0x00000000024B0000-0x00000000024D0000-memory.dmp

memory/3040-1-0x0000000000620000-0x0000000000640000-memory.dmp

memory/3040-0-0x00000000001F0000-0x0000000000210000-memory.dmp

memory/3040-4-0x00000000024B0000-0x00000000024D0000-memory.dmp

memory/3040-3-0x0000000000620000-0x0000000000640000-memory.dmp