xmrig | 3ee270c8d5679aceea7072c48b6beb798bc8169a283d9eb3aa8bb1f523e17819

Analysis

max time kernel
1799s
max time network
1808s
platform
windows10-2004_x64
resource
win10v2004-20220414-es
submitted
20-05-2022 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eo-miner-setup-4.3.22.exe
Size

60.0MB
MD5

538a1b596ad5c96ae374f203c6640867
SHA1

26b4e93a864b419b6cf9ce41de85591aa82cc688
SHA256

3ee270c8d5679aceea7072c48b6beb798bc8169a283d9eb3aa8bb1f523e17819
SHA512

882307bbe7cb67d8c12965f5487199f21ba6202c51bebb8a492dbe066c48c251de681c443ac2baa2064bde3c130031118473a7e0261944e21df636f762a818e2

Score

10^/10

xmrig discovery miner persistence

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner Payload 2 IoCs

miner

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\eo-miner\eo-core.exe	xmrig
C:\Users\Admin\AppData\Roaming\eo-miner\eo-core.exe	xmrig

Executes dropped EXE 6 IoCs

Processes:

eo-miner.exeeo-miner.exeeo-miner.exeeo-miner.exeeo-core.exeeo-miner.exe

pid process

3372 eo-miner.exe
2464 eo-miner.exe
3820 eo-miner.exe
680 eo-miner.exe
3568 eo-core.exe
4896 eo-miner.exe

pid	process
3372	eo-miner.exe
2464	eo-miner.exe
3820	eo-miner.exe
680	eo-miner.exe
3568	eo-core.exe
4896	eo-miner.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

eo-miner.exeeo-miner.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	eo-miner.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	eo-miner.exe

Loads dropped DLL 21 IoCs

Processes:

eo-miner-setup-4.3.22.exeeo-miner.exeeo-miner.exeeo-miner.exeeo-miner.exeeo-miner.exe

pid	process
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
3372	eo-miner.exe
3372	eo-miner.exe
3372	eo-miner.exe
2464	eo-miner.exe
3820	eo-miner.exe
2464	eo-miner.exe
2464	eo-miner.exe
2464	eo-miner.exe
2464	eo-miner.exe
2464	eo-miner.exe
680	eo-miner.exe
680	eo-miner.exe
680	eo-miner.exe
4896	eo-miner.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eo-miner = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\eo-miner\\eo-miner.exe\" --hidden"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3840 2488 WerFault.exe
Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

3028 tasklist.exe
Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

4844 reg.exe
2044 reg.exe

pid	pid_target	process	target process
3840	2488	WerFault.exe

pid	process
3028	tasklist.exe

pid	process
4844	reg.exe
2044	reg.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

eo-miner.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	eo-miner.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	eo-miner.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	eo-miner.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

eo-miner-setup-4.3.22.exetasklist.exeeo-miner.exeeo-miner.exeeo-miner.exe

pid	process
4820	eo-miner-setup-4.3.22.exe
4820	eo-miner-setup-4.3.22.exe
3028	tasklist.exe
3028	tasklist.exe
3820	eo-miner.exe
3820	eo-miner.exe
680	eo-miner.exe
680	eo-miner.exe
4896	eo-miner.exe
4896	eo-miner.exe
4896	eo-miner.exe
4896	eo-miner.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

668

pid	process
668

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

tasklist.exeeo-miner-setup-4.3.22.exeeo-core.exe

description	pid	process
Token: SeDebugPrivilege	3028	tasklist.exe
Token: SeSecurityPrivilege	4820	eo-miner-setup-4.3.22.exe
Token: SeLockMemoryPrivilege	3568	eo-core.exe
Token: SeLockMemoryPrivilege	3568	eo-core.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

eo-miner.exeeo-core.exe

pid process

3372 eo-miner.exe
3372 eo-miner.exe
3372 eo-miner.exe
3372 eo-miner.exe
3568 eo-core.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

eo-miner.exe

pid process

3372 eo-miner.exe
3372 eo-miner.exe
3372 eo-miner.exe
3372 eo-miner.exe
3372 eo-miner.exe

pid	process
3372	eo-miner.exe
3372	eo-miner.exe
3372	eo-miner.exe
3372	eo-miner.exe
3568	eo-core.exe

pid	process
3372	eo-miner.exe
3372	eo-miner.exe
3372	eo-miner.exe
3372	eo-miner.exe
3372	eo-miner.exe

Suspicious use of WriteProcessMemory 61 IoCs

Processes:

eo-miner-setup-4.3.22.execmd.exeeo-miner.exe

description	pid	process	target process
PID 4820 wrote to memory of 4976	4820	eo-miner-setup-4.3.22.exe	cmd.exe
PID 4820 wrote to memory of 4976	4820	eo-miner-setup-4.3.22.exe	cmd.exe
PID 4820 wrote to memory of 4976	4820	eo-miner-setup-4.3.22.exe	cmd.exe
PID 4976 wrote to memory of 3028	4976	cmd.exe	tasklist.exe
PID 4976 wrote to memory of 3028	4976	cmd.exe	tasklist.exe
PID 4976 wrote to memory of 3028	4976	cmd.exe	tasklist.exe
PID 4976 wrote to memory of 1636	4976	cmd.exe	find.exe
PID 4976 wrote to memory of 1636	4976	cmd.exe	find.exe
PID 4976 wrote to memory of 1636	4976	cmd.exe	find.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 2464	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 3820	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 3820	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 680	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 680	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 4844	3372	eo-miner.exe	reg.exe
PID 3372 wrote to memory of 4844	3372	eo-miner.exe	reg.exe
PID 3372 wrote to memory of 2044	3372	eo-miner.exe	reg.exe
PID 3372 wrote to memory of 2044	3372	eo-miner.exe	reg.exe
PID 3372 wrote to memory of 3568	3372	eo-miner.exe	eo-core.exe
PID 3372 wrote to memory of 3568	3372	eo-miner.exe	eo-core.exe
PID 3372 wrote to memory of 4896	3372	eo-miner.exe	eo-miner.exe
PID 3372 wrote to memory of 4896	3372	eo-miner.exe	eo-miner.exe

C:\Users\Admin\AppData\Local\Temp\eo-miner-setup-4.3.22.exe
"C:\Users\Admin\AppData\Local\Temp\eo-miner-setup-4.3.22.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4820

C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq eo-miner.exe" | find "eo-miner.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:4976

C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq eo-miner.exe"
3⤵
- Enumerates processes with tasklist
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3028

C:\Windows\SysWOW64\find.exe
find "eo-miner.exe"
3⤵
PID:1636

C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
"C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372

C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
"C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe" --type=gpu-process --field-trial-handle=1580,1101019894068552227,11030521030708305153,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\eo-miner" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2464

C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
"C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,1101019894068552227,11030521030708305153,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\eo-miner" --mojo-platform-channel-handle=2100 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3820

C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
"C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\eo-miner" --app-path="C:\Users\Admin\AppData\Local\Programs\eo-miner\resources\app.asar" --no-sandbox --no-zygote --field-trial-handle=1580,1101019894068552227,11030521030708305153,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2432 /prefetch:1
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:680

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v eo-miner
2⤵
- Modifies registry key
PID:4844

C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v eo-miner /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe\" --hidden" /f
2⤵
- Adds Run key to start application
- Modifies registry key
PID:2044

C:\Users\Admin\AppData\Roaming\eo-miner\eo-core.exe
C:\Users\Admin\AppData\Roaming\eo-miner\eo-core.exe --config C:\Users\Admin\AppData\Roaming\eo-miner\core-config.json
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3568

C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
"C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe" --type=gpu-process --field-trial-handle=1580,1101019894068552227,11030521030708305153,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\eo-miner" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=732 /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 2488 -ip 2488
1⤵
PID:1176

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2488 -s 2072
1⤵
- Program crash
PID:3840

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\eo-miner\D3DCompiler_47.dll
Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\attr.dat
Filesize
64B

MD5
6a173de2c5e3d4a995aac1e5985c0102

SHA1
4d43fbdcd461dabac0e6f411dd43f17e3bf4edea

SHA256
2cf2e6fa8dafc9add4d115c2339431260164f01d483e5647f053d52c4907cd69

SHA512
4e1c44aaeeab907ade89f30fa1ce28ad451b0917bc891db0f854b18ef9a4472167e3e347911cf597a68c0fc0f5762429e63558e0e94a7a1f6465cf3116eaf824

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\chrome_100_percent.pak
Filesize
138KB

MD5
4f7cf265db503b21845d2df4dc903022

SHA1
970b35882db6670c81bd745bdeed11f011c609da

SHA256
c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16

SHA512
5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\chrome_200_percent.pak
Filesize
202KB

MD5
6a7a9dee6b4d47317b4478dba3b2076c

SHA1
e9167673a3d25ad37e2d83e04af92bfda48f0c86

SHA256
b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9

SHA512
67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\d3dcompiler_47.dll
Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
Filesize
133.4MB

MD5
f5e6efd5f3ae5d56c4a5938c83972615

SHA1
ef7ef840c34538f5a9c275e1a166a164f2ada8ec

SHA256
6404570e7ec8e7949ab53ec0bf812e88b089ad9d1aa9223cd6f6b7a838562c72

SHA512
d270c7d35368dedf67ef673277fc4d7961972cd5961cbc49a2aa659313b1814469e4036a17fc01a03d742ef22391cedd881f83a42c591c87053b053b51e1571d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
Filesize
133.4MB

MD5
f5e6efd5f3ae5d56c4a5938c83972615

SHA1
ef7ef840c34538f5a9c275e1a166a164f2ada8ec

SHA256
6404570e7ec8e7949ab53ec0bf812e88b089ad9d1aa9223cd6f6b7a838562c72

SHA512
d270c7d35368dedf67ef673277fc4d7961972cd5961cbc49a2aa659313b1814469e4036a17fc01a03d742ef22391cedd881f83a42c591c87053b053b51e1571d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
Filesize
133.4MB

MD5
f5e6efd5f3ae5d56c4a5938c83972615

SHA1
ef7ef840c34538f5a9c275e1a166a164f2ada8ec

SHA256
6404570e7ec8e7949ab53ec0bf812e88b089ad9d1aa9223cd6f6b7a838562c72

SHA512
d270c7d35368dedf67ef673277fc4d7961972cd5961cbc49a2aa659313b1814469e4036a17fc01a03d742ef22391cedd881f83a42c591c87053b053b51e1571d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
Filesize
133.4MB

MD5
f5e6efd5f3ae5d56c4a5938c83972615

SHA1
ef7ef840c34538f5a9c275e1a166a164f2ada8ec

SHA256
6404570e7ec8e7949ab53ec0bf812e88b089ad9d1aa9223cd6f6b7a838562c72

SHA512
d270c7d35368dedf67ef673277fc4d7961972cd5961cbc49a2aa659313b1814469e4036a17fc01a03d742ef22391cedd881f83a42c591c87053b053b51e1571d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
Filesize
133.4MB

MD5
f5e6efd5f3ae5d56c4a5938c83972615

SHA1
ef7ef840c34538f5a9c275e1a166a164f2ada8ec

SHA256
6404570e7ec8e7949ab53ec0bf812e88b089ad9d1aa9223cd6f6b7a838562c72

SHA512
d270c7d35368dedf67ef673277fc4d7961972cd5961cbc49a2aa659313b1814469e4036a17fc01a03d742ef22391cedd881f83a42c591c87053b053b51e1571d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\eo-miner.exe
Filesize
133.4MB

MD5
f5e6efd5f3ae5d56c4a5938c83972615

SHA1
ef7ef840c34538f5a9c275e1a166a164f2ada8ec

SHA256
6404570e7ec8e7949ab53ec0bf812e88b089ad9d1aa9223cd6f6b7a838562c72

SHA512
d270c7d35368dedf67ef673277fc4d7961972cd5961cbc49a2aa659313b1814469e4036a17fc01a03d742ef22391cedd881f83a42c591c87053b053b51e1571d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\ffmpeg.dll
Filesize
2.6MB

MD5
eccaea7d582504f327b4ec1e41302f49

SHA1
01bfc587b1fd161c876f9e60778e7e9f4668e96e

SHA256
6426b5152cadd4c74429de58dfbdf3ecd52ab1ecaf7a87163e3657b7ed2bd7e1

SHA512
e3daaedb642f3d3135b971764bd00b8259e6059ec2037797973d58986e65e6d8abe1a5a454351ceaa1ee5aad51532dea3879e3ca7fbd79ef940cd6e37ce6c247

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\ffmpeg.dll
Filesize
2.6MB

MD5
eccaea7d582504f327b4ec1e41302f49

SHA1
01bfc587b1fd161c876f9e60778e7e9f4668e96e

SHA256
6426b5152cadd4c74429de58dfbdf3ecd52ab1ecaf7a87163e3657b7ed2bd7e1

SHA512
e3daaedb642f3d3135b971764bd00b8259e6059ec2037797973d58986e65e6d8abe1a5a454351ceaa1ee5aad51532dea3879e3ca7fbd79ef940cd6e37ce6c247

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\ffmpeg.dll
Filesize
2.6MB

MD5
eccaea7d582504f327b4ec1e41302f49

SHA1
01bfc587b1fd161c876f9e60778e7e9f4668e96e

SHA256
6426b5152cadd4c74429de58dfbdf3ecd52ab1ecaf7a87163e3657b7ed2bd7e1

SHA512
e3daaedb642f3d3135b971764bd00b8259e6059ec2037797973d58986e65e6d8abe1a5a454351ceaa1ee5aad51532dea3879e3ca7fbd79ef940cd6e37ce6c247

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\ffmpeg.dll
Filesize
2.6MB

MD5
eccaea7d582504f327b4ec1e41302f49

SHA1
01bfc587b1fd161c876f9e60778e7e9f4668e96e

SHA256
6426b5152cadd4c74429de58dfbdf3ecd52ab1ecaf7a87163e3657b7ed2bd7e1

SHA512
e3daaedb642f3d3135b971764bd00b8259e6059ec2037797973d58986e65e6d8abe1a5a454351ceaa1ee5aad51532dea3879e3ca7fbd79ef940cd6e37ce6c247

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\ffmpeg.dll
Filesize
2.6MB

MD5
eccaea7d582504f327b4ec1e41302f49

SHA1
01bfc587b1fd161c876f9e60778e7e9f4668e96e

SHA256
6426b5152cadd4c74429de58dfbdf3ecd52ab1ecaf7a87163e3657b7ed2bd7e1

SHA512
e3daaedb642f3d3135b971764bd00b8259e6059ec2037797973d58986e65e6d8abe1a5a454351ceaa1ee5aad51532dea3879e3ca7fbd79ef940cd6e37ce6c247

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\ffmpeg.dll
Filesize
2.6MB

MD5
eccaea7d582504f327b4ec1e41302f49

SHA1
01bfc587b1fd161c876f9e60778e7e9f4668e96e

SHA256
6426b5152cadd4c74429de58dfbdf3ecd52ab1ecaf7a87163e3657b7ed2bd7e1

SHA512
e3daaedb642f3d3135b971764bd00b8259e6059ec2037797973d58986e65e6d8abe1a5a454351ceaa1ee5aad51532dea3879e3ca7fbd79ef940cd6e37ce6c247

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\icudtl.dat
Filesize
9.7MB

MD5
2e7d2f6c3eed51f5eca878a466a1ab4e

SHA1
759bd98d218d7e392819107fab2a8fd1cfc63ddf

SHA256
b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa

SHA512
0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\libEGL.dll
Filesize
431KB

MD5
6a017b6fee6f92d7709d3a83a1b9cca0

SHA1
cd0040c35ca1a225350025ebcc80a34db740d105

SHA256
a7ef5aa9dfde980795d7ce2a8ecb1e73538e5a54399d34d8db22cbc8d2d09b2c

SHA512
db6b032e6cd66c79a3081dcfee9ff8e1736f9b17c8e2a089c47c86fb9fb40a8282d0c35cb19f41ca1ccc3fca4a08dd5964b9240de16d2ebb36bef6c227e5f504

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\libGLESv2.dll
Filesize
7.6MB

MD5
88a0539e7b0c87f38f5fc3c4b0cbcb2d

SHA1
d7f196e8323762278cdd5ab97aabc17ed564a35c

SHA256
0fd2c4adc4c11bbfc3a6b69aceb9a53a0f0c4cd6b1f8f69903d31a1ee143f2ae

SHA512
6571d988cf6eef5354bfa8d0e787911363e018a59ea70c037e34b26401720be3cc6fc9d32ef80de214ccc91d6f8055fc474bd9685ac50a9132dd63e5d4af449d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\libegl.dll
Filesize
431KB

MD5
6a017b6fee6f92d7709d3a83a1b9cca0

SHA1
cd0040c35ca1a225350025ebcc80a34db740d105

SHA256
a7ef5aa9dfde980795d7ce2a8ecb1e73538e5a54399d34d8db22cbc8d2d09b2c

SHA512
db6b032e6cd66c79a3081dcfee9ff8e1736f9b17c8e2a089c47c86fb9fb40a8282d0c35cb19f41ca1ccc3fca4a08dd5964b9240de16d2ebb36bef6c227e5f504

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\libglesv2.dll
Filesize
7.6MB

MD5
88a0539e7b0c87f38f5fc3c4b0cbcb2d

SHA1
d7f196e8323762278cdd5ab97aabc17ed564a35c

SHA256
0fd2c4adc4c11bbfc3a6b69aceb9a53a0f0c4cd6b1f8f69903d31a1ee143f2ae

SHA512
6571d988cf6eef5354bfa8d0e787911363e018a59ea70c037e34b26401720be3cc6fc9d32ef80de214ccc91d6f8055fc474bd9685ac50a9132dd63e5d4af449d

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\locales\es.pak
Filesize
121KB

MD5
d70507a4b5eda648d2787c50b08962bd

SHA1
43d15a408f3f048a695b8310a934c4b4ace476de

SHA256
00c7a1e751599c9fa28c6d61d4f7150d98d22708932173e9d18ca385ed06ba79

SHA512
15a2c63e2ec741f1f3b3308403d2de467123316c02b143ef883c897b58cb3b8ed5963dc30ff088fd1dd69ee51d5ac559816ecb8314f7be299091fd8f93859347

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\resources.pak
Filesize
4.9MB

MD5
99c5bf0dcd43f961aa3e177f7dc42d42

SHA1
5618abd2e7b45c50400bb4aa0c455bb0b28bc472

SHA256
75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8

SHA512
2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\resources\app-update.yml
Filesize
124B

MD5
7ee5cec5fe66a8f02c0c6a14e596f79f

SHA1
0d4e63fdb79e33833d24454f7b5710b6220d11a3

SHA256
623d14c3229e271e9e5adfc50314f4f37b5125005838ccec4f16782dfb9a6a9e

SHA512
1028a74b4f7b7214a9a8650b5e3e562770371d00952353da2243c9624b69ea85b556a08cdd62c35b81ee131a1190bfcac08c5f9339d00bda60b2e88c2041ebea

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\resources\app.asar
Filesize
11.6MB

MD5
8967db76a3505cc7e68c23ed3a646e0a

SHA1
5de777a10cea7808642bfffe25105fa83e6ddd14

SHA256
23b3fa4b8041e9b63c0744e0871bccb032868e55cfb625a33394429b02c6ff33

SHA512
e2803bd321413d04d95b402e5887589c149f0c0e6015efdbbda23a79e1b353128a39198c87986bb726fe78b0732fc78cacffbf02ec66fd87bd7d3e086b17c547

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\v8_context_snapshot.bin
Filesize
160KB

MD5
a718c9b6e5e6563e23e450a0d01b932a

SHA1
95ccb1228f024f037259e759dbac464f3c27b8cf

SHA256
315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447

SHA512
b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\vk_swiftshader.dll
Filesize
4.3MB

MD5
30c100b448eaa81969f7adc807560822

SHA1
ef2361a10297fa464308c8869153812635c7f69b

SHA256
b00528bc0bcc90d2a112febb326feeab56de808f794831cb880f9227bac0ee88

SHA512
258f8fc9a363221a6293c33932535df6bda1d7691dc0170ad61f7220fb2fa4f0a6b7bb12b89b656c737adcb068863fe759e99093340c06c8b284011c62ac516c

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\vk_swiftshader.dll
Filesize
4.3MB

MD5
30c100b448eaa81969f7adc807560822

SHA1
ef2361a10297fa464308c8869153812635c7f69b

SHA256
b00528bc0bcc90d2a112febb326feeab56de808f794831cb880f9227bac0ee88

SHA512
258f8fc9a363221a6293c33932535df6bda1d7691dc0170ad61f7220fb2fa4f0a6b7bb12b89b656c737adcb068863fe759e99093340c06c8b284011c62ac516c

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\vulkan-1.dll
Filesize
715KB

MD5
fa26fb1a4654d083c82582e0a52e6302

SHA1
d3f4ee3e71929f1fdf13386d61964bc23e851558

SHA256
99d4d9ea0be1ae681fb11a70c841fd7f932586d5fecf1a7fbec447780015938e

SHA512
c15e7175b54e44b43a47b08d29ee6c3a0c90b8a678bde1348c425607fa56a817dd59a1790b42f049b250fbb3b414440f4b9cb3f79065af7bf6eef7501320b8ab

Download Submit
C:\Users\Admin\AppData\Local\Programs\eo-miner\vulkan-1.dll
Filesize
715KB

MD5
fa26fb1a4654d083c82582e0a52e6302

SHA1
d3f4ee3e71929f1fdf13386d61964bc23e851558

SHA256
99d4d9ea0be1ae681fb11a70c841fd7f932586d5fecf1a7fbec447780015938e

SHA512
c15e7175b54e44b43a47b08d29ee6c3a0c90b8a678bde1348c425607fa56a817dd59a1790b42f049b250fbb3b414440f4b9cb3f79065af7bf6eef7501320b8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\50d03ecc-a1f8-482d-91dd-19d8a140f014.tmp.node
Filesize
146KB

MD5
0907ad08dadf72234f190d0e5473990c

SHA1
be464efdda70346d59287b118f99bf7264c2b711

SHA256
d3b1715b180080bb678d0b30a30f1744e7fe65a4c5e5597a25281138b5c3501d

SHA512
9c7a4ba99c377cd83bc068f9afd06194400324997aa029cb29bb433d1f1fa6ac751df1524d20b6822a10e4e434a41e560f4b9f75718a04c19dc5351aa7a48651

Download Submit
C:\Users\Admin\AppData\Local\Temp\9a96d1fd-656a-438b-a02b-2e8f6bb4d03b.tmp.node
Filesize
146KB

MD5
0907ad08dadf72234f190d0e5473990c

SHA1
be464efdda70346d59287b118f99bf7264c2b711

SHA256
d3b1715b180080bb678d0b30a30f1744e7fe65a4c5e5597a25281138b5c3501d

SHA512
9c7a4ba99c377cd83bc068f9afd06194400324997aa029cb29bb433d1f1fa6ac751df1524d20b6822a10e4e434a41e560f4b9f75718a04c19dc5351aa7a48651

Download Submit
C:\Users\Admin\AppData\Local\Temp\bcb60690-9b86-4ca7-894c-dcbbb0caec7f.tmp.node
Filesize
146KB

MD5
e85147b75f9749e9db015102b5e42837

SHA1
873fbb66ae1b7594c3cb3a510873c29bc9dfc58e

SHA256
f204d200ac35e8988553a6c0d50bed3a051b283970682c9d0f30735704caff59

SHA512
a22d3aaea3ba1284775daa28720096661cd9361827f44dcf0ffbb55c67913a47285f2f3fc8d08b0738e8226009c934fa43374cc9dcd64ecaff989f46ff3bc5f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ee340f0a-c516-49d3-9659-69e5d9e90e50.tmp.node
Filesize
146KB

MD5
e85147b75f9749e9db015102b5e42837

SHA1
873fbb66ae1b7594c3cb3a510873c29bc9dfc58e

SHA256
f204d200ac35e8988553a6c0d50bed3a051b283970682c9d0f30735704caff59

SHA512
a22d3aaea3ba1284775daa28720096661cd9361827f44dcf0ffbb55c67913a47285f2f3fc8d08b0738e8226009c934fa43374cc9dcd64ecaff989f46ff3bc5f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\SpiderBanner.dll
Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\StdUtils.dll
Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\System.dll
Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\WinShell.dll
Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\nsExec.dll
Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoEBBD.tmp\nsis7z.dll
Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner\core-config.json
Filesize
4KB

MD5
19f8e30a5cdc0c6931a6959c7c7edd28

SHA1
89faf80f5a139ab2d910f664e19b5d03b67628be

SHA256
260c4790d5ee7c2d2bb9a2d2127b5542e2e78ace0943ddab524e84fc4763f0a2

SHA512
a9141e1454e579b68e8ff5467aecc8c936c94e08f8dcb9585e30d2effd8b1532ab07bca853778121576970a993d58e5861daed899e739c66de4d6009ad2c12d8

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner\eo-core.exe
Filesize
5.6MB

MD5
6a33a7c3f440c9820aac1dd7dd8a33a6

SHA1
296db9b505d5a276d56aaf6a09e3d543bd23c630

SHA256
fb600379a9370faafd2478d2f286ca3b8a690d5c6553738e9ffb6f97292f1ebd

SHA512
dd3236d6772e918ed14e9f06c7fd52064014be72e117f53ccd1b6014872bc366ada258ee0432cab609d672b3d510aae5881d64da5c4c1a2915b8dd652034c0fb

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner\eo-core.exe
Filesize
5.6MB

MD5
6a33a7c3f440c9820aac1dd7dd8a33a6

SHA1
296db9b505d5a276d56aaf6a09e3d543bd23c630

SHA256
fb600379a9370faafd2478d2f286ca3b8a690d5c6553738e9ffb6f97292f1ebd

SHA512
dd3236d6772e918ed14e9f06c7fd52064014be72e117f53ccd1b6014872bc366ada258ee0432cab609d672b3d510aae5881d64da5c4c1a2915b8dd652034c0fb

Download Submit
C:\Users\Admin\AppData\Roaming\eo-miner\eo-miner.conf
Filesize
97B

MD5
43979004672c6daa52dd113eb9f5f055

SHA1
1c035ce031734a7d7a26f4ad28b205cda72f6427

SHA256
6b9cabeb24ae09f206a39d6cdc697532cc6c01d2eb19c7ba6fb5d505d24f3705

SHA512
10c3923ab892044545073d348e672cdbcb41ef0f82eddfec3d3f7d9a0d16ab6dfd823079a79fe8d8864efeef6ab76eb71fbbbc3a950e05291c32d82f6e6e09ad

Download Submit
memory/680-171-0x0000000000000000-mapping.dmp

Download
memory/1636-136-0x0000000000000000-mapping.dmp

Download
memory/2044-176-0x0000000000000000-mapping.dmp

Download
memory/2464-153-0x0000000000000000-mapping.dmp

Download
memory/3028-135-0x0000000000000000-mapping.dmp

Download
memory/3568-185-0x0000000000000000-mapping.dmp

Download
memory/3568-188-0x0000024AFCE50000-0x0000024AFCE70000-memory.dmp

Filesize
128KB

Download
memory/3568-190-0x0000024AFE910000-0x0000024AFE950000-memory.dmp

Filesize
256KB

Download
memory/3568-191-0x0000024AFE950000-0x0000024AFE970000-memory.dmp

Filesize
128KB

Download
memory/3820-156-0x0000000000000000-mapping.dmp

Download
memory/4844-172-0x0000000000000000-mapping.dmp

Download
memory/4896-192-0x0000000000000000-mapping.dmp

Download
memory/4976-134-0x0000000000000000-mapping.dmp

Download