Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 26, 2024, 7:16 a.m.	March 26, 2024, 7:23 a.m.

Size	4.2MB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`e2a072228078e6f3cf5073f4af029913`
SHA256	`a742c71ce1ae3316e82d2b8c788b9c6ffd723d8d6da4f94ba5639b84070bb639`
CRC32	`75AC620B`
ssdeep	`98304:DdTDuHIp8vWucCSSR94RD2rwCL2ZtIjcQyWYkgiDyYNWGtlNRtkG2wpOx1DkkSgB:dDbTJGi2rAZUghYPtXR6GhI9R0n0`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

wr.exe "C:\Users\test22\AppData\Local\Temp\wr.exe"
1000
- avgrec.exe "" ""
  2124

Name	Response	Post-Analysis Lookup
www.dblikes.top	CNAME ghs.googlehosted.com AAAA 2404:6800:400a:804::2013	142.250.206.243
www.dblikes.top	CNAME ghs.googlehosted.com A 142.250.206.243	142.250.206.243

IP Address	Status	Action
142.250.206.243	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.103:49152 -> 8.8.8.8:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.3 192.168.56.103:49161 142.250.206.243:443	None	None	None

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA March 26, 2024, 7:17 a.m.	computer_name: TEST22-PC	1	1	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 26, 2024, 7:17 a.m.		1	1	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

www.dblikes.top

description

Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (35 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d40000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000205a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020900000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a70000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020a90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020aa0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020b30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020b40000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020b50000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020b70000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020b80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020b90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020ba0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020bb0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020bc0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020bd0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020be0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020c10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:17 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020d60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020d90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020da0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020dc0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020ed0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000021010000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000021020000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 26, 2024, 7:18 a.m.	process_identifier: 2124 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000020ef0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\avgrec.exe

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses March 26, 2024, 7:16 a.m.	flags: 16 family: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0043aa00', u'virtual_address': u'0x003b0000', u'entropy': 7.891402143102872, u'name': u'UPX1', u'virtual_size': u'0x0043b000'}

entropy

7.8914021431

description

A section with a high entropy has been found

entropy

0.999884553221

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW March 26, 2024, 7:16 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Terminates another process (6 events)

Time & API	Arguments	Status
NtTerminateProcess March 26, 2024, 7:16 a.m.	status_code: 0x00000000 process_identifier: 1372 process_handle: 0x0000000000000128
NtTerminateProcess March 26, 2024, 7:16 a.m.	status_code: 0x00000000 process_identifier: 1372 process_handle: 0x0000000000000128	1
NtTerminateProcess March 26, 2024, 7:18 a.m.	status_code: 0x00000000 process_identifier: 2852 process_handle: 0x0000000000000228
NtTerminateProcess March 26, 2024, 7:18 a.m.	status_code: 0x00000000 process_identifier: 2852 process_handle: 0x0000000000000228	1
NtTerminateProcess March 26, 2024, 7:19 a.m.	status_code: 0x00000000 process_identifier: 2992 process_handle: 0x0000000000000160
NtTerminateProcess March 26, 2024, 7:19 a.m.	status_code: 0x00000000 process_identifier: 2992 process_handle: 0x0000000000000160	1

The executable is compressed using UPX (3 events)

section	UPX0	description	Section name indicates UPX
section	UPX1	description	Section name indicates UPX
section	UPX2	description	Section name indicates UPX

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\Temp\avgrec.exe

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation March 26, 2024, 7:16 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Created a service where a service was also not started (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW March 26, 2024, 7:17 a.m.	service_start_name: start_type: 3 password: display_name: WinRing0_1_2_0 filepath: C:\Users\test22\AppData\Local\Temp\WinRing0x64.sys service_name: WinRing0_1_2_0 filepath_r: C:\Users\test22\AppData\Local\Temp\WinRing0x64.sys desired_access: 983551 service_handle: 0x000000000030e900 error_control: 1 service_type: 1 service_manager_handle: 0x000000000030e8d0	1	3205376	0
CreateServiceW March 26, 2024, 7:18 a.m.	service_start_name: start_type: 3 password: display_name: WinRing0_1_2_0 filepath: C:\Users\test22\AppData\Local\Temp\WinRing0x64.sys service_name: WinRing0_1_2_0 filepath_r: C:\Users\test22\AppData\Local\Temp\WinRing0x64.sys desired_access: 983551 service_handle: 0x000000000031f340 error_control: 1 service_type: 1 service_manager_handle: 0x000000000031f310	1	3273536	0

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\avgrec.exe

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation March 26, 2024, 7:17 a.m.	information_class: 76 (SystemFirmwareTableInformation)		-1073741789	0

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress March 26, 2024, 7:16 a.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W64.AIDetectMalware
Lionic	Riskware.Win32.XMRigMiner.1!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	Artemis!Trojan
ALYac	Trojan.GenericKD.72036465
Cylance	unsafe
VIPRE	Trojan.GenericKD.72036465
Sangfor	Trojan.Win32.Save.a
BitDefender	Trojan.GenericKD.72036465
Arcabit	Trojan.Generic.D44B3071
VirIT	Trojan.Win32.Genus.VKN
Symantec	PUA.Gen.2
ESET-NOD32	a variant of Generik.NKSOCFN
APEX	Malicious
McAfee	Artemis!E2A072228078
Avast	FileRepMalware [Miner]
Kaspersky	not-a-virus:RiskTool.Win64.XMRigMiner.adc
Alibaba	Trojan:Application/WinGo.25c6b0c1
MicroWorld-eScan	Trojan.GenericKD.72036465
Rising	Hacktool.XMRigMiner!8.13C0C (CLOUD)
Emsisoft	Trojan.GenericKD.72036465 (B)
DrWeb	Trojan.BtcMine.3786
FireEye	Generic.mg.e2a072228078e6f3
Sophos	Generic Reputation PUA (PUA)
Ikarus	Trojan.WinGo.Shellcoderunner
Jiangmin	RiskTool.XMRigMiner.by
Google	Detected
MAX	malware (ai score=89)
Antiy-AVL	RiskWare[RiskTool]/Win64.XMrigMiner
Kingsoft	Win32.Troj.Generic.v
Gridinsoft	Ransom.Win64.Wacatac.sa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	not-a-virus:RiskTool.Win64.XMRigMiner.adc
GData	Trojan.GenericKD.72036465
Varist	W64/ABMiner.VUKG-7208
AhnLab-V3	Trojan/Win.Sabsik.C5604942
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4265087698
Panda	Trj/Agent.ABC
TrendMicro-HouseCall	TROJ_GEN.R002H09CL24
Tencent	Win32.Trojan.FalseSign.Jflw
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.237618773.susgen
Fortinet	W32/PossibleThreat
AVG	FileRepMalware [Miner]
CrowdStrike	win/malicious_confidence_100% (W)
alibabacloud	Miner:Win/XMRigMiner.adc

wr.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All