hxxps://unmineable[.]com/?algorithm=sha512256d

Analysis

max time kernel
196s
max time network
240s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://unmineable.com/?algorithm=sha512256d

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	unMiner.exe

Executes dropped EXE 8 IoCs

pid	Process
5592	unMiner.2.5.0-beta-mfi.exe
876	unMiner.2.5.0-beta-mfi.exe
768	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5708	unMiner.exe
4296	unMiner.exe
2928	unMiner.exe
6072	unMiner.exe

Loads dropped DLL 23 IoCs

pid	Process
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
876	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
876	unMiner.2.5.0-beta-mfi.exe
5592	unMiner.2.5.0-beta-mfi.exe
5592	unMiner.2.5.0-beta-mfi.exe
768	unMiner.2.5.0-beta-mfi.exe
768	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5708	unMiner.exe
4296	unMiner.exe
2928	unMiner.exe
4296	unMiner.exe
4296	unMiner.exe
4296	unMiner.exe
6072	unMiner.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
162	raw.githubusercontent.com
163	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
5568	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{53C07E12-4359-4349-BD84-ED9640C9D67F}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 303628.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\unmineable-miner-mfi-updater\installer.exe\:SmartScreen:$DATA	unMiner.2.5.0-beta-mfi.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
4904	msedge.exe
4904	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe
5132	msedge.exe
5132	msedge.exe
4760	msedge.exe
4760	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
5552	unMiner.2.5.0-beta-mfi.exe
5552	unMiner.2.5.0-beta-mfi.exe
5568	tasklist.exe
5568	tasklist.exe
2928	unMiner.exe
2928	unMiner.exe
6072	unMiner.exe
6072	unMiner.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5568	tasklist.exe
Token: SeSecurityPrivilege	5552	unMiner.2.5.0-beta-mfi.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
5708	unMiner.exe
5708	unMiner.exe
5708	unMiner.exe
5708	unMiner.exe
5708	unMiner.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 2868	4904	msedge.exe	89
PID 4904 wrote to memory of 2868	4904	msedge.exe	89
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 4620	4904	msedge.exe	90
PID 4904 wrote to memory of 3616	4904	msedge.exe	91
PID 4904 wrote to memory of 3616	4904	msedge.exe	91
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92
PID 4904 wrote to memory of 5116	4904	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://unmineable.com/?algorithm=sha512256d
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7f2346f8,0x7ffe7f234708,0x7ffe7f234718
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe
  "C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5592
- C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe
  "C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:768
- C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe
  "C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5552
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq unMiner.exe" | find "unMiner.exe"
    3⤵
    PID:5980
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq unMiner.exe"
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5568
  - - C:\Windows\SysWOW64\find.exe
      find "unMiner.exe"
      4⤵
      PID:5588
- C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe
  "C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10445982343384775360,18073767853599169958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
"C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SendNotifyMessage
PID:5708
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=gpu-process --field-trial-handle=1728,4402495760528363866,7964334735706739961,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4296
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=utility --field-trial-handle=1728,4402495760528363866,7964334735706739961,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe
  "C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe" --type=renderer --field-trial-handle=1728,4402495760528363866,7964334735706739961,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=electron.app.unMiner --app-path="C:\Users\Admin\AppData\Local\Programs\unMiner\resources\app.asar" --node-integration --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\unMiner\resources\app.asar\dist\electron\static\ws.js" --enable-remote-module --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:6072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    PID:3596
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5724

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e0044bbc5ce8e4172638779f26068ecb

SHA1
428aa48b8b2da9fad967e2c79337027e0e9df375

SHA256
e1653e869cac2db9da379247ca959531f88462b68acc0f1b87952f878713981e

SHA512
c0c86e4fcb6ce9e8b1295f130795fdcd5b100c23195b4f1b732c7d2ad6d89f788d5f82d0993e11cd0a9e469b86c913f95197c5141cccb4eca070315219913f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f0903acc10a21f1f2e0e2b55c026f576

SHA1
1c494ca25a52461d62cca126597e2d2b2a468c06

SHA256
aea745e64420f79ccc09b5725fe1fa7053172f96349a4ada7ef9492a5effdcd1

SHA512
8d82548f444e08cc7930a488cdc3bc49631e877f9fd84741dc79f532bc0f2dfbe62a9c27403fa0196b23ce17686d94fc0af2b5704306bb0bb35b239109876b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
657f3cf570c10156ec0a4b0258c85605

SHA1
47cb8f0bf08eeadb01a0061ac94a88528e718d3e

SHA256
a90ef214d3fecddc5b18ece971d664b3855ed268f03974c10e8b1fd5bfa2d3e5

SHA512
165fe3dae60de616132ab70c871e083c5ac5f80fac4aca409fc00efae01f48322851378a4a4d27d3060be4e946c6e033c22561a58c7e00b9e438bcba244e0413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b2ed62760cd997e5ee78665a5efa049

SHA1
1a086eeae63f708eb92f0b54fe5d70886023a7b3

SHA256
c8f12af71963cce42ab55c5e3a958a0e5f19bf6280e337f1e9fe1452782bd84c

SHA512
eed1f6b691e6b28228f5b0e33d7b221b33be1400b99b3cd504580b33c5bfb68fb6e9bf9700c904a3ff5fc4ab22e3591aa77f20b824567c1079427316cff33b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eb769a2320ab4fea0a0ef2d4c9ab3c4e

SHA1
29f697ad119600ea736f45807e69bba77e2c7bbe

SHA256
6d3a46693da7748eac49262698e2a0beaf5f2e00329133208349276146eaab7c

SHA512
3ce05e27735bcc41d064dfead861fc7dc38b2a1acf375fa0248af9ba9b708fd46c1594542468237372eb93ced7b24351c58994ac290a75ac9b81e4149505fa29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03468817f037d49d170cc10085fcd36f

SHA1
1934069b6dd4596ef6b7466e7cea9b904eba22a9

SHA256
c8d7fb7bd5fe2231b172713a0c9760ae3e03ad975eac361efaa91375a3ce7ad9

SHA512
f7371b294b75b01c99a277a64d8c50186e59195b56d74985a58bca4e7ac8038e9347511e0d4f07b197b3f74a002986fc275dc27b7d859563d9ef777f3b164f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28a427327abc0a8a35f8e4d1cb7c5458

SHA1
74a1f06a5c06d8f1e4c19b7422e12fc2732edfd0

SHA256
6778f200cddef7ece2b757f1524a783c0b6ccab543111531735415c19a079c2e

SHA512
3c5f6f9edea7895d915ccc9601671af0cd94db835bee2f432186ba57496c5e0194df429a479487b73d34e51f9f70f547eaf44dc3c274d3edb300b1a261f1c3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
899b6604870de79241cb323572f437bb

SHA1
55a0b223311b011a3fc7da498ff75c80bdbca4bf

SHA256
bd040e8a08e128012d50674af4294ae9f26770a0ffde1337edbb7c8fda5bb5e3

SHA512
bf456457038eea95504c29183b3b01174af17e5dcc9ad6eba6593b12654028282812d662f874b02e91c582746e36fabe22740f6b707de6715876cbfecf060b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16619e70375a1950c04745ad10ceecfa

SHA1
a74900d5ac4956b759243178ee8de85d5fedea2b

SHA256
903433019414e9cb9e4f90ef9894199abf006a34694d6496b47fd5d6b9d9d6d8

SHA512
5ef4054e761f77c67cbc453fb2b8d58a3c30b431fea5086ac935496ba52758d96df6959f3273e75a9ed09669ca65e983d8133c0f480211c6faeba6f7db85461e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1a9c64884b1d3a31e3cd7a11549bff4

SHA1
dffca848a46a405781d37dc9b703a319d9d3bf44

SHA256
ce186553b8ae183645d82c60466f08cdfa57b08698e76fd95248c92886861b32

SHA512
4d71db9629eaa788e2011696c2d580a5b9e0400f3ddbf68a8456ddb244941fdf48333c4c3e1335bcb0ae7be6ef503dbc173312229c19927ff6a658662f454d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
02dbdcd3f6e72d21241ce499603df0da

SHA1
175673ba5183b8e97b102d4d9bf877fa2f037fc5

SHA256
460a9f857e44ae71d529b2966b86ed2d414e733ab3a3260052e7bc1dfe87999d

SHA512
3a090c24918e5ef020e1ac4551011622a4b7bd753733fd9b83cee9a40fe86b18787e11034affe56d1ab178b407755bfc741618e5a9b37beb13a6bd26cfa3fc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f2785328d4778e957b5b6c9c34f9b250

SHA1
aeff5f6ce86bc535bbe778977363e9ffe74d2be4

SHA256
3ea620ee5df401ee166de88d32a1852f6f909b32802e8321362a35cbb14f0cf4

SHA512
43c6247e35bfa6c6fc30f066ba3a1be882ebdb9b37ee7c0c06c56937cc33fc0cccbaa6ba1fb5640fbb696f18dce98999b5935162f8f8cc16e771d6909df81f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09160b997101c59fb9e772a436d04bdc

SHA1
0e66092ba35074302003aa354366a62a928bfa16

SHA256
49754c99b5ec767dce2b5f381f525d91e8baa9bd63f02ebb3b4776b45b52565e

SHA512
b0a0bdbc06ed1645ec2b02bac67825978d3ba0c1e9a63080c468ad82e2082c865aff10e5b391ed6eb4498bfe08b425318cf78c60b01cae68d206ca2225209021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585ce0.TMP

Filesize
873B

MD5
b55b8e9f612f82f8db5e7cf15a6a5e93

SHA1
a1c228c13743dd5ce2d750d5396ad107e08779af

SHA256
25ebc5170304d06909581ceb00679594303a5ecfe3d3e089d090657ad42ff92e

SHA512
5fa07eace8e87e161d22b79bf96f9b470f7c6a4e7c0a9e8d3444e7dfc38aaaf74ec7da62b651a3e7d874a17e3733030b114f654932814d2f75ce18d1a77b9d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
08c4b8b7a100a2d9943afdd2491de8c0

SHA1
f4004789314dbdfaa15ce76a3498a209684ff0fc

SHA256
ebaba3fb2f4d6ec53a36036c4a018d75a48a81729b1a01c270e0ae38159fed74

SHA512
6e343d636df2ee712ce2613936527b987cf468b595d2cec1d7b687f6cbf9019211606cb99204a89a3498bc52eb503bc1035c9b79f48b372ececd49fe4be74d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d6643157698dad23a0b3b4cfcc6f25c8

SHA1
ac0efe8850037a888e9400fca6e57462e46e3633

SHA256
76de56c735dcbf9b3731214b332bcae5c6eb5399cc336eb46e4612b813538fa2

SHA512
4d34510cb45c5e4a2e4bed5b9e9d9b7524f268cc30b0c0fcdbe6686f5a5ad7cf556fab8576683b4229670c6ed969da4a0d3130c6f328e6c58ef23eb2e01655df

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\D3DCompiler_47.dll

Filesize
320KB

MD5
a3963cba4207e3c5f83bfa65c16bd49c

SHA1
6dbec92f39df0ee5de93c026bc8ddc409857e063

SHA256
94174005aa0ff36de8f7bbc7991187b0eb272387a20b6e568162972cea1c5bee

SHA512
1be16dc4bace7bb0a92ce225b1da7916f969b920f237ce10de08056dc8649f705f758190a7ea12a8a86a354527a415b6c53f193f1759a0b785ba57d10a92ab9e

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\chrome_100_percent.pak

Filesize
175KB

MD5
7c4728b2d58afdd97c4549c96b9561cc

SHA1
1e0d251eedd67e7021fc764b9188184617465c54

SHA256
419cfcc6dc5f38b2e0c970ebd4fad1ef55054579d5c0db2521d7ae494996aac3

SHA512
82d0931e4d1cf38f88050980f518cdacdc981c382771b1732bfbe69f601074a0e7378e27a7470c7dea4e287cb1617a5c038052908ed85134abcd5b6591b4e7df

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\chrome_200_percent.pak

Filesize
312KB

MD5
6af049ad6fd11ee90ad9db31c4e02082

SHA1
5d2f9a59a74dc584b5dd78aeb6de583e969e3eb7

SHA256
edecf8e1ac353bfdae534e42507e5a59973cb4cab76fbb1ff1a470363e725bc4

SHA512
c7fa6e1a57861e62b9b4d615a988c98d13cde8abc23eaed7c36c2ecb86409da4b65b1f579ca2f307e90eb4d08d14b07f7f41ccb8d8c165d6de67c09c16009715

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\d3dcompiler_47.dll

Filesize
256KB

MD5
8453507c00776b89d8eb2ea904e7d8c9

SHA1
c5aaefcedab48af40130b2c08e806eea471b1f48

SHA256
2ce23b1d2c93bc6baf69477fb6ae32acd0f20387b0bddadfc2ec6a5532ace2fb

SHA512
85544d195a8ac684a0cf5a7a5e68120df3d5f3bde699c78a903ad070155eed6029d2d2fc762d6cf03fd1abe6218bbeb5ab1f2d687c60eb611aa08c14979784de

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\ffmpeg.dll

Filesize
832KB

MD5
a8beb52e3b2400a9029a5868d72663f0

SHA1
867b38b4d90fda80ef77ea957c26ef11d4646341

SHA256
7d233b02a6c0a0968213aabe90137707c8a6c2988241910b618eef4d607e5eaf

SHA512
069790c0e0ece38293a6dc01453fdafc1f0a29dae79dcd9e5adabc94818a79b60a827fb4ebc4c9c5ffef0dcb22ea8198a70d30a28d73f02b40996ebddd377516

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\ffmpeg.dll

Filesize
1.9MB

MD5
729c5ea475fcf1d11e95a1758b46d139

SHA1
fcf1bc452f092ef312572ed412abcfa120957719

SHA256
a379743d87c44c28d8d9ba463ab72700ba516634f0857e23893ed7778cdad260

SHA512
2f51a93f6568109858dcfe1ba5cfe6238a8252d883a5b00a07c437235f34da251310ffb4c70c3fef7df059ecab0b92f3f5b7b071c622011c05de88bdc66467c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\ffmpeg.dll

Filesize
512KB

MD5
f7bb85876008a6bd6f1d1e1c10751c3d

SHA1
a2ec86ec5a1b677d8b317382b45e296fdaf8e0e7

SHA256
30f7b21d817f9a65f2eddcbbf50cb347d171abceb1685a7fae7c6ea4b47a4da9

SHA512
3e7e676ecadbc9c5ca0b9d715129cf227c81fb6a89ddeacde2891affc3553b1d00cc5163a63096bfe2cf463f16964eaefdd01e7850bf8fae9bee263508b1d9a8

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\ffmpeg.dll

Filesize
384KB

MD5
6fe474892efc2a489b1acd78d1d2317e

SHA1
e5ec81332bc01d18b74556f3e47073de04f33402

SHA256
92e44c7761bdf2324664e1429338391bfa3dc0737b03b4bfdc25121dc095ca5f

SHA512
f55430afa8c9971b5368b05c9cd3a886fd87fd6d0f9d127bfb523fd73118d3d2a522410f842ae5823c57a12f301a2e113b1e93063b3bdf10c24b9656f2f7b339

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\icudtl.dat

Filesize
896KB

MD5
83d4fc5f96a2ff6d34998a648bc26184

SHA1
2ac2a9843fbf7cb4f467fbca65f15ebbbb9c60c7

SHA256
02f51065394618e450d1960d3f2a626241f751776027bc29d69ba92e49842b20

SHA512
af38f898013eadc8a3ab2ae316d7872cb68b7f33df02b0a6558fb9d5a180cce1f2fa6937d4c258d711bbc0ab8bb4dcf721b00c383c5fdca140aebdb6cd2ea09a

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\locales\en-US.pak

Filesize
79KB

MD5
98c8cfc3cb98ab34e06d4323b8bcb043

SHA1
2c0bda072161530b710fa0a1dfc3c23926184afe

SHA256
35adc5aeeebfe440e295b88d2a4089360ada33c353843b1f5438f4118501878b

SHA512
25edeca13b4a29f63bdc4f135eda1b1b8c72f3a58315f57895950bdc15f56b2af1aca42affe397716f5965437ece836f683265a33ec919b8b26056634612ed3c

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\resources.pak

Filesize
4.2MB

MD5
c2915b0c0c9c965e67224f88010fe1cb

SHA1
32dde0dcae4165987eb34e37cd2b77a1f556abf9

SHA256
084fbd63980a37e58b1f762b933d0636071200382944c14689ea561ad13fd636

SHA512
d06cfc0b2fa2fc0c98507b1c577cb249ed68aed5933465cb0f1cf92f1d535fda990c4b79752300a1e415e185d05f345859f72cf0e36183e6720915cc9ca73170

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\resources\app.asar

Filesize
4.9MB

MD5
f7d95ee0fd745fcda06e384c8282ff6c

SHA1
6a3db70311497a331434986cd283be7d31046959

SHA256
d035a8c191f6810de6492193a31ad061bf7e936430263bc0ff005540bfd3f4e3

SHA512
0e5f6142049dae031d80fdbab675881c9b87a95fa9f65b230b13e0a4064305cd1ad8592048ad65f3fe1133ea87c2a0142fad7a7e3b0a8118bc268405a4783262

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe

Filesize
22.4MB

MD5
5bab6631e730459a6a0b815fcee5b462

SHA1
c1764bc47339b7c9afa6018a0595f88ced37dd89

SHA256
40317d31c31c64c88c3793ad3454ff0fb49d433f7aa22b044c920aad419b27a2

SHA512
c11dd5ecd37169ba27a7662963af7712a7ee9763a3ec0f129a106d2519bead18a2746ed10acdad62523155eb011c3cb5b1516be227382dcffe1e3712d48f2b9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe

Filesize
1.8MB

MD5
d6049ae2f3829c4ba4fd1d6f3eb9a596

SHA1
4dae16f099edbaf5d156efe1a020efda7258c060

SHA256
7cb38051bf58647d36afc23240452ad29c11e8403c4d7a57e739444f1816299f

SHA512
da6bb95124aadd8fd28087d9898ef7861e7be3d9a982996efafac88c4eadc5f03813e211008157f9803291da7bfbf7f71fa0fbeae3637f49c332e4419f785885

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe

Filesize
768KB

MD5
6bf69d65f9158b3ae173fd84818b9b7c

SHA1
c80c00df716949b3198fc750dd4435c9eedf1f37

SHA256
44a90c63cc2bcf5e7cb630b0f3dfc53b170f3f336853c9e97ad0966d005cfc0f

SHA512
4faf1a5e1ae92d187b736a77996f71388409a1cb8e781b74c2bb1390fb0f1c0de14b1c2d391e6e6492fcd9a6475294a5a3c20070cee7b46576490fc980c41c80

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\unMiner.exe

Filesize
320KB

MD5
9b7c3c381e75e9e25463f183d73caec3

SHA1
625c465a42494c31e8f73550035fbeb9942fb074

SHA256
68acd0d51f7ce1dc382420a51e20bfdc7c67829e765652737e6df27bd5e8a444

SHA512
e3508de7fa36f9b5564f4e5ba0dfd97a30edd165e8268e994aa4374db5bd297623ef832f184f194b4dee6825e0e5eb4d5c7ae9827e8e27559f19d4622cfa7230

Download Submit
C:\Users\Admin\AppData\Local\Programs\unMiner\v8_context_snapshot.bin

Filesize
166KB

MD5
24a8ccb59d71f491e0ca72fc2b113955

SHA1
3715f364c55b8d8b2bb0ce9fe3328d00095a6cae

SHA256
9bb627f1c7c1e085f599a5e89a0481954b81d97024c7bbe0217b400369e63342

SHA512
0796d96c11295fff12a39556494bcac580c69839a8833390f8b3e4e339e7a0ba25267fe8fe1db9c5f489d325efbffe455b9ca3bf3a3fe55184ae630b9d77cffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\e122d6eb-9706-447e-abaf-0af88a1b667a.tmp.ico

Filesize
4KB

MD5
c77d51e37440c8152eaecfa7414279ec

SHA1
b2a96c470db78a5db21074e53d32f8a22c8d70cd

SHA256
8efd9f928ec28f7a101b246bbd5370af0a493451c2618ddeebf4e8aa787267d8

SHA512
a381347ccc977294c5f47743bc95fe6c834639df2eb879acf009b27eb6fbffe648bc717b078c93bd96470a73ac37464743221e9e879118860492cafd74515743

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr85B2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr85B2.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr85B2.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr85B2.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr85B2.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr85B2.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw85D1.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
879B

MD5
3f6e58dfdee4455d68ca6a45d0494c94

SHA1
8a2f84ab45ef1004c54cf90e15bf1d67156922a2

SHA256
ec49f80b734b0f4155bd7f5e33e7a3f0f0f17320646c9bc0703f61ec1fcd0f79

SHA512
d0d76ccbb83dff258bbf5b5c33516177f4d2c0b89953801cf058af801d4c4a9d0707f8e33d26172ccd2db5460fb66cb626a1c436dc70d44d590e9056757cefe1

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
73B

MD5
fd14599d86f49fcc455c419fc70c20bb

SHA1
d61a7e77b736e7ad0050d67aaae4f3f775f5e66b

SHA256
9c77e07f9b039cfad91202506178cb0ccba021e9c91e19fd5c12a0475f3fb189

SHA512
3a0194cdf8fd704deef3b0cf74edfecfbef31ef5d455fdfe06546f28f35c53e1aabdc32ffab6c6692d77e47cd00004a8374097bace2619c683e15261e1e813e2

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
176B

MD5
62b1d217f4686521720d5bf867751f0c

SHA1
e9ba3644a3d8dbd27664ca1d361a62abd3db01b3

SHA256
3ca0a55eebe90e2179cb1ea87b8bcb087bb84115cfa1f70f4db8585a738dedfc

SHA512
e44398b940ce4763cddae030f83bff48bfad80ca1bd7959693bfc92c75729bfd56fafc2afbcc6546e8a9c6bcfda8be278b9c5bf222c25d2fab10956dcf912e2f

Download Submit
C:\Users\Admin\AppData\Roaming\unmineable-miner-mfi\settings.json

Filesize
301B

MD5
f7749e427e0d37a7cb625e6fceeece5a

SHA1
a5e01da98bb006c93d0bbb76931eab85ad706b27

SHA256
5ef6068ed434cb34ef9c0a8ae86e60eae4725cfcc4d22ab8bba0d3987e2319c7

SHA512
f0e564977adf3b22242492272b7b37315bcfe4fcad4dbd980bd2c211c8fe6c5af551b51e90024fc42d3172b628e4b93a252bb250782b98af0dfd08db8d4aa46c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 303628.crdownload

Filesize
13.7MB

MD5
c6041ed600c6ebb27fc934b0d07557a1

SHA1
4cf9079d77862e13c76ac3fcd4094e77cf16fec9

SHA256
1a2634dcb43867fee70d3be71c5f29fe73cc96b874e2a7fda54554f779f4df0d

SHA512
14f21ae323313df311983b158011b164b51be686e429a5ff024f5d62d98d4d648bc3ec559e6f68ca77d59f3e5755dea96d7cf43980be0a8e59efb67799cff010

Download Submit
C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe

Filesize
1.9MB

MD5
bd8d11351275235d307fa9b5662dce71

SHA1
14f888ce7ebc4775af3f61c723cda2802b335b4f

SHA256
8d8420d88619920a1294f8e19df6699f838ae1306bdd29f975ee40e64a178c6c

SHA512
61ccd5f0c4247e13a88307e77448f8727432f453d36312b096c3d65c6fc09aebe4837324c5d3b8e0ed3cefbd1e5187f2de7778594941f9ffaa9d9ffaa97b170a

Download Submit
C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe

Filesize
1.9MB

MD5
289f4c6146ebef22a35e76fd05736149

SHA1
8c8fa412f9a00ea8525c776eed375d780fe4725d

SHA256
38bd3c3ace2634f78e396bccd86f78af62ebecae7495aed797533453c8425c2b

SHA512
c7c91f6a0141fe228ab9ca431dd75650ebfae7da62c3de9faba5a6512f3ad208330b047c06b91dde092614a908c4c1dff12210edce415629bd341141c365348b

Download Submit
C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe

Filesize
1.7MB

MD5
f0f23e38fe738fac35b1e8217ee9e522

SHA1
16957254c95c96ebc88e2f01bd0ddeb46267a05c

SHA256
9a89676721c6f261d9cb60ac20a98e2a0efefbb62d3741e7af3fd793d1897d12

SHA512
6054c4ab71fb6d9f6dd10b8c2e9087891f8204123a625a36bba3317137b1930410958af9cd08c26cd79fa20ce7aacdb6ec6f4ba9f9df87498f224ea4f3cab352

Download Submit
C:\Users\Admin\Downloads\unMiner.2.5.0-beta-mfi.exe

Filesize
1.6MB

MD5
d65375c24f563690b438147f551f1661

SHA1
ed104e411445a101be81182f7b33ba18677c92e9

SHA256
7bf49f42e18ccf6a44675a139995dd5d9878193ab9d59c65dba78061b1fb8c92

SHA512
d5803ca5089a187ff44756e722e4fabb0dbfcc82c85ccbe0bb4be448ffdba3da32c12a5b16e6eb36de33196f9edf1278edf015b52b9d63e437686b90f04c7805

Download Submit
memory/4296-970-0x000001DDBCF70000-0x000001DDBDD0C000-memory.dmp

Filesize
13.6MB

Download
memory/4296-905-0x00007FFE8DE60000-0x00007FFE8DE61000-memory.dmp

Filesize
4KB

Download
memory/4296-1045-0x000001DDBCF70000-0x000001DDBDD0C000-memory.dmp

Filesize
13.6MB

Download