Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Mining (Altcoins)
Re: [ANN] [1080 | 1080TI] ETHlargement - The Hashrate Hardener
by
kyovlodik
on 11/05/2018, 21:15:43 UTC
Devs, can you please explain the following behavior after the binary is launched?

Quote
Callback: 2.21.242.213:80
watadminsvc.exe
svchost.exe

Callback: 2.21.242.237:80
watadminsvc.exe
svchost.exe

Callback: 46.226.136.5:53

Quote
POST /6b06490d-f9fd-424c-8b6d-83edc4369e89/
HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Content-Type: application/soap+xml
User-Agent: WSDAPI
Content-Length: 733
Host: 192.168.56.153:5357

Quote
POST /fwlink/?LinkId=151645
HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: WAT
ClientContent-Length: 2500
Host: go.microsoft.com

S\agt;\alt;GROUPPEERNAME\agt;258e2e9f3bd43a297f050566f5788283bd087a85.HomeGroupPeerGroupClassifier\alt;/GROUPPEERNAME\agt;\alt;GROUPFRIENDLYNAME\agt;HomeGroup\sPeer\sGroup\alt;/GROUPFRIENDLYNAME\agt;\alt;/PEERINVITATION\agt;\r\n\l/INVITATION>\lGUIDNAME>{2D866516-217B-4A95-B31D-A9174BBCBE17}\l/GUIDNAME>\lOWNER>HAPUBWS\l/OWNER>\lOWNERID>ffff80eb2050085c6f3dee2f51f0e12ca9592d9b.HomeGroupClassifier\l/OWNERID>\lOWNERMACHINENAME>HAPUBWS-PC\l/OWNERMACHINENAME>\lLASTCHANGED>131567727744841250\l/LASTCHANGED>\lHOMEGROUPSIZE>1\l/HOMEGROUPSIZE>\lADDRESS>[fe80::7007:58d0:7dee:d3e2%11]:3587\l/ADDRESS>\lDIGITALHASH>-----BEGIN\sCERTIFICATE-----\r\n8FkcvuaS5BO6pbSEzPjpH7hORXNBnZZo4tsk3BH8Qt/tNvqIaIXH13t6xb3bcucC\r\nmYXGg9f0t74N7HyeY3ARTfbtSvURq4HJ5RNpyIFJK0SrEfpllxNPOf40tV4hcrQe\r\nEBBn0RIsOiFKIBZb1YscyetmIDy9fbfQeemD02Hl2jRuPr6SmbHiajDkwAh38pSA\r\nk1XQjdcHQTHM438w0wNDNnuwI/JXEYirq0ZwblOnNPrfuc2JLFa7FJCIpc5jrHNN\r\n2dHa3EXhFpS/euOMwWSg+Jot+bXoGlaiSBwbMQrm8JD+UvcVpim2XG42rLztZLOF\r\nhsEzS1cGRUAJ7vqG8Q9lLA==\r\n-----END\sCERTIFICATE-----\r\n\l/DIGITALHASH>\l/HOMEGROUP_RECORD>

Sandbox analysis: https://www.hybrid-analysis.com/sample/1261052e34b3205dc04f5dd9e4b76d2649dbcda738dc8e2665b07f56d659e716/5ae113157ca3e11cac3236dc