0135aafc6a99a21d8bd2e890f91addf37a2702f0caa8863708a90825c44c9fc6

Analysis

max time kernel
333s
max time network
345s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nhm_windows_3.1.1.0.exe
Size

59.4MB
MD5

f8150f79dc9ff6bd7d6125833d40fd4d
SHA1

45d57406663dbb82f77e2cbe113f477585dae2ed
SHA256

0135aafc6a99a21d8bd2e890f91addf37a2702f0caa8863708a90825c44c9fc6
SHA512

911a75e018f43880cc07ccc3817406de7050183868793f4862d729d6e6bc0b3576e68bf4a4d67caf8a18d51c0b7f6a2ce251d8213923543b98d7e4c3157ace52
SSDEEP

1572864:59DSIGOFHBrKZon4TyqKH9n2ELQhIxJslzR5ScHY3botwMq:5JSjOFhrce8yqKd3yIslz3MMtwx

Score

9^/10

discovery miner

Malware Config

Signatures

Detectes NBMiner Payload 1 IoCs

miner

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.deps.json	miner_nbminer

Detectes NanoMiner Payload 1 IoCs

miner

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.deps.json	miner_nanominer

Detectes NiceHashMiner Payload 5 IoCs

miner

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\NiceHashMiner.exe	miner_nicenashminer
behavioral1/memory/1032-1317-0x0000024E9B080000-0x0000024E9B15E000-memory.dmp	miner_nicenashminer
behavioral1/memory/1032-1334-0x00007FFA05020000-0x00007FFA05AE1000-memory.dmp	miner_nicenashminer
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.dll	miner_nicenashminer
behavioral1/memory/1032-1391-0x00007FFA05020000-0x00007FFA05AE1000-memory.dmp	miner_nicenashminer

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NiceHashMiner.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	NiceHashMiner.exe

Executes dropped EXE 2 IoCs

Processes:

NiceHashMiner.exeapp_nhm.exe

pid process

1032 NiceHashMiner.exe
2164 app_nhm.exe

pid	process
1032	NiceHashMiner.exe
2164	app_nhm.exe

Loads dropped DLL 64 IoCs

Processes:

nhm_windows_3.1.1.0.exeapp_nhm.exe

pid	process
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe
2164	app_nhm.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

nhm_windows_3.1.1.0.exeapp_nhm.exe

pid	process
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
4664	nhm_windows_3.1.1.0.exe
2164	app_nhm.exe
2164	app_nhm.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

nhm_windows_3.1.1.0.exeapp_nhm.exe

description pid process

Token: SeSecurityPrivilege 4664 nhm_windows_3.1.1.0.exe
Token: SeDebugPrivilege 2164 app_nhm.exe

description	pid	process
Token: SeSecurityPrivilege	4664	nhm_windows_3.1.1.0.exe
Token: SeDebugPrivilege	2164	app_nhm.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

NiceHashMiner.exeapp_nhm.exe

description	pid	process	target process
PID 1032 wrote to memory of 2164	1032	NiceHashMiner.exe	app_nhm.exe
PID 1032 wrote to memory of 2164	1032	NiceHashMiner.exe	app_nhm.exe
PID 2164 wrote to memory of 4348	2164	app_nhm.exe	msedge.exe
PID 2164 wrote to memory of 4348	2164	app_nhm.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\nhm_windows_3.1.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\nhm_windows_3.1.1.0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:2608

C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\NiceHashMiner.exe
"C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\NiceHashMiner.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.exe
"C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.exe" -lc -PID1032
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nicehash.com/my/register
3⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5276 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4136 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5340 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5336 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3752 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5720 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5896 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\NiceHashMiner.exe

Filesize
885KB

MD5
a8e9a74893e23463a7fe58adad5ccf21

SHA1
c20951f7f2c9b3b19298a344ba36a68e19979d4e

SHA256
8e242acd71c8e5e00561f17b434afe8298e763288df86c8679516210cb892fa5

SHA512
1497f44f66ff4ae85611266278b5b052f27a6605df54629fda12c18c8846a52df3bf75c61a15b439af494e731c2264a89a53e0416fbfca060439f2f80b4551d3

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\NiceHashMiner.exe.config

Filesize
186B

MD5
bcaa2d9fe0561f95cf143bffe0947d07

SHA1
b77d835481ff149f002e438c605b3bdb001c0cb1

SHA256
39e38947e5b2ee5944698835b8eacf60cf3a66d76bfebde6755e389f2950d744

SHA512
8876e58aaa77a1173b429143a1b7c49f393e34576ad718f030001733ec1e82ba3b2908874b66771eb4d2117fd66431ef7baf5ef8ee5f1e035efd70407f37ee02

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\DirectWriteForwarder.dll

Filesize
513KB

MD5
9f8e4f74bc8b85d3ba189c623109422a

SHA1
b336ea3251a681c6fa1554b5e91fb32c8508b13a

SHA256
848c8aaab93e5642a413826e0be717bb6819fe583e525bfb6b0f29d08a9978ec

SHA512
9e92866c97415a56c4b348a1aaad47fe7fe17ab92db3c9e2063d890af75091f70a99a6a900939ceb63fc3244c33c3935e2559a5c0c13fc3f5f09b01eff335e5d

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\Microsoft.Win32.Primitives.dll

Filesize
25KB

MD5
250f014c3fa45b3be5ee22aa2d6873d9

SHA1
69a4945d65822e7060826bcd69835d5c9a7515f6

SHA256
78aa0b3b4089b9675cd6e5693e22053cfd778ce93a1401eb7717789888d69265

SHA512
89cb21bcf4d968cf1761547a846c267eba13a20284b3b4e60b23cea5d796fb38b71e4464ffc85e03f092975e86cea862406e711748573c496593e14c973d1f85

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\Microsoft.Win32.Registry.dll

Filesize
85KB

MD5
3a4c4d3312ecdf3fa14829380d19d4ce

SHA1
eac77c81a0c435b291875a248ab1d71ceb2ca789

SHA256
83ca3853f766561aa1af43b795e4c17575078c3abc54d7ca0f6be891f4878a76

SHA512
a23d718b2a029992a3c63b31a07557a3fe21cb8790a5829aeb67f2622be74cafb10521750621486b17f814a3f7d223c5bbccc912d1fdc33b15f0b17137ac6537

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\PresentationCore.dll

Filesize
8.3MB

MD5
50460709ac3282412c0d2b6116d5e4d4

SHA1
f0753a86118ff7517536b93cfa4323132e20a66d

SHA256
2d0da514e727a4b1c77a1cac805c8061d694d7fc8c1304ca20aad3b9af53ef16

SHA512
fa26d833db9a3dd2acc130d4e56f2eb30ebc6efa792af68bbabafc5b644e43a7e129640ac99b9e80d8f8b8b31b5696b81c577d810ecab777d9a80aebc7310df6

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\PresentationFramework.dll

Filesize
15.5MB

MD5
8b9880a8bcf21aba27b6439434dffda2

SHA1
60d9640ace0f1c9c242a8a064d094580e0b7135e

SHA256
23210748fa896f16c059b8793c5edbd18ef52c87928d23de248bdb0631280b8c

SHA512
c639ab148fd4e1fef4a84e596bcefc60af6ea855339878e655bee5aeff70e75a1b47f458bca215736a0e487babdf0645c3089a3b7fe65e43a6ca05515a338cad

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
5ffca968e268abd41f76b533e97b43b1

SHA1
cd2b6b712a6027b7c385c1e79b6cefabb0b2fe9c

SHA256
5a45bfbd08b3b31c61b7ee949ee68c2f04b31bf21b3fe1a0b9cfb0241c0b0851

SHA512
d21b922c95cd6f9c7f852ffb6469d9e24e8b0ded6cc3f04f87e17d8742587a0563fb4e6208de204432b682266c9e56b2b23925134d33aab7e5777a7966545ad3

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Collections.NonGeneric.dll

Filesize
98KB

MD5
8114fe4cbbf79d392cafaacfaa93fe4c

SHA1
57f7cee0c27848e0d26c8edc250a9a47b5ddd412

SHA256
c7e1f0a053ac05c5675859c577ca24d94ca4c06166d9726251dd7fa597d3e2e3

SHA512
7e1d72eeb612c114f4a6a0a51d21b5a4249af600961eaa00c4083a18fbd39ece7319550889f6eb109ff55c440a8aa72a64b5258d68c333f891422323e7bcc408

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Collections.Specialized.dll

Filesize
93KB

MD5
e03229e528019f707f87fe02f3a855cd

SHA1
5c93a51af93de8b982d52b6f166f594c6e4ff979

SHA256
000ae98457e4ebaa5e8f803a1a63a7643bce6f67754c9fffcf764a6e68f6480d

SHA512
8cc3a49f90cd892088701e7596487bcf5d3ded5ebc6f16013eba90d16207adcd5d25dfe7d30b1387063cf4c18e8e9cbf0e2b1efc0a89b8b3c2a28ec3fb71ddca

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Collections.dll

Filesize
258KB

MD5
6a1a7bc9c9156d601771906735d363af

SHA1
a418d627b7ed68dde30dfafea89f8778a43b1e49

SHA256
27ce3c082707642e28a6f849a602ed558f42b08b6017fe087fe0c757ed987b5d

SHA512
2b8dc8cf19235fd663c195f82049c974570632492a67613d150af036b5b4e7e17d087f1437fe461593bc4940ea40c673d35b02e3bf67c3f0d67bffd3b27e18a4

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.ComponentModel.Primitives.dll

Filesize
73KB

MD5
fe59bf684a15645c85c23696f42cdd3f

SHA1
aa5e1bb46f85ab31018008fffce7d1929b743657

SHA256
8dce9e2e75a7c5e7165d8ceddcdabf393117bce0dc27a213bbdfd9f9e5e9bbbb

SHA512
61104c6282cf6890facdde2df708ceeb8c4a5a6a77b0a556031cb9bb9480b8d30ca9119c7b3bfd2a8a6c1a8f7a2f56cb1785bf5deebd2e92720bc4e69b0fad88

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Configuration.ConfigurationManager.dll

Filesize
982KB

MD5
8a17a60d240546b4e2085b7280c3c9e3

SHA1
94cf138780b58cfdaf0d51756c8fc6f3dea813df

SHA256
14c1bee3e496d1b4d665ae3310459fb76313440f9d072a50caf729a4eb0bcaff

SHA512
9f9569172714e2f4f97fac13b6385cd6e00fcaa61ee1234db52fae34e1829e98ad39e2feab11fae98eeabe29afce287b681cf9122feb43bae01640692db439a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Diagnostics.Debug.dll

Filesize
15KB

MD5
e366ac71e0592c2923f4e26157f08391

SHA1
3c1c16a23e037dc733be3754c913869abb1fac35

SHA256
db91b470ed44e450971724fe8608d8a8ef89362e95f152a2bc106b857ddec01f

SHA512
71aec92b96f7a9f37e326ab888a9395afc89098bba1423dec9f5a28058a6edf82be001f34a22c4c2f02d1dbfae054a3eeb27b166f4809437b43560c4c6bc5f86

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.IO.Packaging.dll

Filesize
273KB

MD5
bb6215b05280c71ee49d8f8c26d76d8b

SHA1
92fd1f0abbb6665c629541147e8835e719c1b1ed

SHA256
d52dbf7fa06e9881c820955b95283668f3aae73125f1bb0d2a105af8a9524b05

SHA512
7a66cc01b15c45c71e3ed1d6224e3bad1163bc1b455c61035ce642b82d8a51d587fb6ec47d32012b76168fa6da77f3ab6f14be76216ef6c9865084d4b07e02ab

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Private.CoreLib.dll

Filesize
10.1MB

MD5
1af8685bb8e67c6841b1f2150b0aec4c

SHA1
3b15c45109cbb61b1600bafede5275f1947934c5

SHA256
30a3a396ea1edd01ddbef642decf688def749c685880f4037c037d94aa7f0269

SHA512
404cdc52176cd34336c876fff884db6035b888da5d7ea102609317b4feca18a0d9ee882cf45cf317cbc3e8f1de339762bf03bd8a946fd04e23c21964e7a43686

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Private.Uri.dll

Filesize
246KB

MD5
c8a698c457a143a0c626d2cdac205b8c

SHA1
af669ba4f81b7f614b8a335cc56b369037df954c

SHA256
995f6e05185b26052ce39e74a046869069c164d07901f283c0420ba2dd3ebec4

SHA512
e9b9cc0dcc42fe0ca649331c8499cabecc2161c337b6758c67ee748069587cc9a28c3e99c09d9e341286f3ca42e16cce221505874e4a19469a951ec6e9c9b9de

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Runtime.CompilerServices.VisualC.dll

Filesize
19KB

MD5
1c2f5535a96224791a6d022c68d3522b

SHA1
280eb964636c8685cf6eff65ba5f5e4091c36ff7

SHA256
47e12cf0102482d7a3f6a4cdca82961218cffae5289cde8794008cdd1c01526d

SHA512
d89ff5bb25130d6effc4e97659d7cd41214ef43c36a2ae553e66342e0555ce43585193b0420e8265277c05c32f50771680770e47b159f7ba2eedbd2afbac889d

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Runtime.Extensions.dll

Filesize
17KB

MD5
3ea9cac6b18b8e65385d1a7b4f153ca3

SHA1
4bf7890e8e032c2ba0fe5b80872877f62d1ccb4f

SHA256
aa370bd6b9eb68bdd094bf1d6f0e0ab251e8484477c39868f0ad2f03c7c2e6e3

SHA512
4c59297597cd287413a664bfac71f4e1c596a937b4b01c373666f01dbf294f20bcb0771be05e409480eda134a134b94918275e656c02e5498fe081f94c1b415e

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Runtime.InteropServices.dll

Filesize
50KB

MD5
a5e599717ffcb8d6b863ee0d4810d3f4

SHA1
b620005c738214756aaca04157f122b68e7b33e2

SHA256
16cb844698cfda630ebc9b22a598cd44cf6920ce88d1caac9d7042ed1e09b88f

SHA512
0a4690c7c13a23f814c5658bc9beae32e33448c7c7b109dc4684904e0021c86be1557d1bbe6a09f60b4d6620ba833bc301618ddd99cc0be8c08baabd4d6b901a

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Runtime.dll

Filesize
41KB

MD5
83e4f7a918fa3ee8e573423fbd18acf2

SHA1
fa1cc21b687c239b2d4ba276c538d6c33bde6045

SHA256
301cd1655c519d9b528eaf52b950f321b2462f6cc35a9ef8a0f91ce19eb5834d

SHA512
40b88c17eeaace6e5eb1bd86fb8d84b6d4e0d284bb749e7f9655d4949de8c0fb7a9aaedbeba6da5becdc92f687cec2c2a39da7cb162ec36322de70889b662dde

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Threading.Thread.dll

Filesize
15KB

MD5
c903d407e2cf4dac2d770ecfb8d336cf

SHA1
1a178baccfbf0f9067a31cc3365d0604d60d92e3

SHA256
815ff8a09f99ba063b2886976bf661406fd28d9b16275af346aa9a49ebe073f9

SHA512
b7ae2a192a9ebebee42d1d74a60b78cfc2c4f496a05c33e02d91d8a847151fa566d708768cdddd313363f3b41725a2f2e7df71683249d54208491680c5b4d711

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Threading.dll

Filesize
78KB

MD5
9ee12292f2cfa4a7c6742f339492e272

SHA1
82d850e8fb7ee1ec9fa349513e54564cd9b40c95

SHA256
a56f2a2096862b760b749153d39e0271e796b2a337e70723707f3cec1d61fab4

SHA512
4e53b494813ca6e27b713e153e9d37c43990688679208cf79dcb87d78b9820ba382985c243adcbd9aea1854668340a6ee799800cd59c2e3a1b30383aeea65132

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\System.Xaml.dll

Filesize
1.4MB

MD5
93bec1198a4b46e566f6e44a164a837b

SHA1
3458ab682811d21a3e761b75ce453a5498ccafb2

SHA256
0676dbb9a0173ae925e18c6c6df53d8c8a054595dc128baa11036ccfa394d77d

SHA512
8ffa49c305bf15a046a95ac72e5fcaa868d0da721871382f654fac91335ebc366562b882f2976e9aba00248298a156734c9503d15c30bc0afaebd9c408dbdce1

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\WindowsBase.dll

Filesize
2.2MB

MD5
698b4e3b13f9338e4c0b7f0ec370eae2

SHA1
0d925cee28fba0c5f27a617ca5cc240999682758

SHA256
f1d426060733b03f2eb36b92b2ebb6d41aa1d0b582fba9d0ac0030a62f12cd76

SHA512
fc266a0582df0786e077227ac157998859177218e14a83fdac98d46e01aac1382b7301c88203575a0607ab891304f7b9ca2a32e256b0a3c78f3b6844696bdef9

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.deps.json

Filesize
91KB

MD5
010d4125f41853a71f728f4ae4cbd1bc

SHA1
bf016910226e61e20af1a50b2348e8ebb7dea585

SHA256
e457a894a7de7b0b3b14071e75abe5f19aea086799b2893b37525cffb492407b

SHA512
cc4bd7475f2a78e540cf3f1db38ef465c6abeb9a3ba718804305d908e05fb75104fff411bcb2e46403a583a443d40b529366bb142a5d93901be8b81a819082d8

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.dll

Filesize
5.9MB

MD5
f06eb0bc5f0268792f14a40e198fff45

SHA1
94ad9f41c5c69dc2f61c343ac474d23f344f0023

SHA256
ad7261e9fc343c48b45020e50c0c12ee724cf85810fa36828fd6bc1fcf9053f9

SHA512
f124224dbba2475a0ab5434d52576cc75748abb6d6e8756283764ae20ffb343463241c00082fca8ddaf17ea8524451f8d1a44b40430dca3dd934ac56d110f537

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.exe

Filesize
9.3MB

MD5
3b39cf64643f76b4e217190cb5a7c775

SHA1
53cef061cdad0841269a0daf076f61560fb855fa

SHA256
6cce8e7ba913273fb2507c804a39b128135a79456c80c3af10365687413f505f

SHA512
dea49c4643600d65d9797775963e86ed488b0528d07b8d4776ee1e31a33d41a845bc7705372eb9357fa9c2250ffad106e8cd0451c43e875f9b919e7f652ab4e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\app_nhm.runtimeconfig.json

Filesize
380B

MD5
a29d5db32cb141c0947b80a53fdfddd4

SHA1
5b20186e3903dd2754211f1d4dfaaa1792fc308f

SHA256
3aefc5532eb70032d8070753bb246c2ca9c9145693d6c16abf2150ad0870891b

SHA512
24f2dbaf3a53229ab83b386ae353d905e9b299a89d48ef7acd5b9669c25d58f5224d00a0bf5add81d2b7a6047830ce0a4c92b074b26f3e90df2b9847a357df0b

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\app_3.1.1.0\mscorrc.dll

Filesize
149KB

MD5
4759738dbecf4772c5a097382f9f0453

SHA1
1b6339a2a2be777e6e4f07164f35c052b2ff0aa2

SHA256
aa94888e445231ebcfe08db0c3c84fe85e00f67e8df71add510368745e32f269

SHA512
f1efa6823c26dbdfc79603c4be66d94877f08553604b879823823240dd53d440c4ba1b298e8ca75ecc2bf286e714c528ec800b57c81cff14be5b90c43c5c9d10

Download Submit
C:\Users\Admin\AppData\Local\Programs\NiceHash Miner\runnhmasadmin.exe.config

Filesize
178B

MD5
69a865985cbae6ef2cc93c1a892d3975

SHA1
1e7092a434323c021409e5da902320770c2b01dc

SHA256
2ef673c54b8bdfc29635f88c7fe7f5437399790583b823dfafb667392ecf78e0

SHA512
bc71f531231c1caae2bd8bc3d494f6a9a1534c21badfecc04cb66025c5e28a03532f31cc03698ea40cf99755e3ed87d71a08477a118f0bf3fc56c3f4c721d438

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\StdUtils.dll

Filesize
98KB

MD5
b7f044787bb5a0c1eb43907c061c1ac0

SHA1
84675f05e0e406482a688c61e0dee35b9a8fb390

SHA256
4787e95796035dda92a6cbff56ffddde5ace96f5e46f0f40d2998189ccd6e7ce

SHA512
7f0ebc15ee74050a8b493f2c944fc6551056efedde60193be76d4115d28b10f06cc9a859cb42135deee56d614d2ca90e432627f30432d303320dd41fc7fcde6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr62EC.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
memory/1032-1334-0x00007FFA05020000-0x00007FFA05AE1000-memory.dmp

Filesize
10.8MB

Download
memory/1032-1317-0x0000024E9B080000-0x0000024E9B15E000-memory.dmp

Filesize
888KB

Download
memory/1032-1316-0x00007FFA05023000-0x00007FFA05025000-memory.dmp

Filesize
8KB

Download
memory/1032-1389-0x00007FFA05023000-0x00007FFA05025000-memory.dmp

Filesize
8KB

Download
memory/1032-1391-0x00007FFA05020000-0x00007FFA05AE1000-memory.dmp

Filesize
10.8MB

Download