Automated Malware Analysis Report for Gridcoin-4.0.4-Win64-Setup

ID: 137413 Sample Name: gridcoin-4.0.4- win64-setup (1).exe Cookbook: default.jbs Time: 20:59:04 Date: 31/05/2019 Version: 26.0.0 Aquamarine Table of Contents

Table of Contents 2 Analysis Report gridcoin-4.0.4-win64-setup (1).exe 4 Overview 4 General Information 4 Detection 4 Confidence 5 Classification 5 Analysis Advice 6 Mitre Att&ck Matrix 6 Signature Overview 7 AV Detection: 7 Cryptography: 7 Spreading: 7 Networking: 7 Key, Mouse, Clipboard, Microphone and Screen Capturing: 8 E-Banking Fraud: 8 System Summary: 8 Data Obfuscation: 8 Persistence and Installation Behavior: 8 Boot Survival: 8 Hooking and other Techniques for Hiding and Protection: 9 Malware Analysis System Evasion: 9 Anti Debugging: 9 HIPS / PFW / Operating System Protection Evasion: 9 Language, Device and Operating System Detection: 9 Behavior Graph 9 Simulations 10 Behavior and APIs 10 Antivirus and Machine Learning Detection 10 Initial Sample 10 Dropped Files 10 Unpacked PE Files 11 Domains 11 URLs 11 Yara Overview 11 Initial Sample 11 PCAP (Network Traffic) 11 Dropped Files 11 Memory Dumps 11 Unpacked PEs 11 Joe Sandbox View / Context 11 IPs 11 Domains 12 ASN 12 JA3 Fingerprints 13 Dropped Files 13 Screenshots 13 Thumbnails 13 Startup 14 Created / dropped Files 14 Domains and IPs 33 Contacted Domains 33 Contacted URLs 33 URLs from Memory and Binaries 33 Contacted IPs 38 Public 38 Static File Info 38 General 38 File Icon 39 Copyright Joe Security LLC 2019 Page 2 of 109 Static PE Info 39 General 39 Entrypoint Preview 39 Data Directories 40 Sections 40 Resources 42 Imports 42 Version Infos 42 Possible Origin 42 Static AutoIT Info 43 General 43 Network Behavior 43 Network Port Distribution 43 TCP Packets 43 UDP Packets 45 DNS Queries 45 DNS Answers 46 HTTP Request Dependency Graph 46 HTTP Packets 46 Code Manipulations 47 Statistics 47 Behavior 47 System Behavior 47 Analysis Process: gridcoin-4.0.4-win64-setup (1).exe PID: 2292 Parent PID: 3592 47 General 47 File Activities 47 File Created 48 File Deleted 52 File Written 52 File Read 84 Registry Activities 84 Key Created 84 Key Value Created 85 Key Value Modified 85 Analysis Process: gridcoinresearch.exe PID: 944 Parent PID: 2292 85 General 85 File Activities 86 File Created 86 File Deleted 87 File Moved 87 File Written 87 File Read 108 Registry Activities 108 Key Created 108 Disassembly 109 Code Analysis 109

Overview

General Information

Joe Sandbox Version: 26.0.0 Aquamarine Analysis ID: 137413 Start date: 31.05.2019 Start time: 20:59:04 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 10m 28s Hypervisor based Inspection enabled: false Report type: light Sample file name: gridcoin-4.0.4-win64-setup (1).exe Cookbook file name: default.jbs Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 13 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis stop reason: Timeout Detection: SUS Classification: sus28.troj.winEXE@3/69@13/7 EGA Information: Successful, ratio: 100% HDC Information: Successful, ratio: 39.1% (good quality ratio 24.6%) Quality average: 41.4% Quality standard deviation: 41% HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Found application associated with file extension: .exe

Warnings: Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, dllhost.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exe TCP Packets have been reduced to 100 Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtOpenKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found.

Detection

Threshold 28 0 - 100 false

Confidence

Strategy Score Range Further Analysis Required? Confidence

Threshold 2 0 - 5 true

Classification

Miner Spreading

mmaallliiiccciiioouusss

malicious

Evader Phishing

sssuusssppiiiccciiioouusss

suspicious

cccllleeaann

clean

Exploiter Banker

Spyware Trojan / Bot

Adware

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample searches for specific file, try point organization specific fake files to the analysis machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Mitre Att&ck Matrix

Privilege Credential Lateral Command Initial Access Execution Persistence Escalation Defense Evasion Access Discovery Movement Collection Exfiltration and Control Valid Accounts Execution Startup Startup Deobfuscate/Decode Input System Time Remote File Input Data Uncommonly through API 1 Items 1 Items 1 Files or Capture 1 Discovery 1 Copy 1 Capture 1 Encrypted 1 1 Used Port 1 Information 1 Replication Service Registry Run Process Obfuscated Files or Network Security Remote Clipboard Exfiltration Over Commonly Through Execution Keys / Startup Injection 1 Information 2 Sniffing Software Services Data 1 Other Network Used Port 1 Removable Folder 1 Discovery 1 1 Medium Media

Copyright Joe Security LLC 2019 Page 6 of 109 Privilege Credential Lateral Command Initial Access Execution Persistence Escalation Defense Evasion Access Discovery Movement Collection Exfiltration and Control Drive-by Windows Modify Existing New Service 1 Masquerading 1 Input Capture File and Windows Data from Automated Remote File Compromise Management Service 1 Directory Remote Network Exfiltration Copy 1 Instrumentation Discovery 1 2 Management Shared Drive Exploit Public- Scheduled Task New Service 1 DLL Search Process Injection 1 Credentials in System Logon Scripts Input Capture Data Encrypted Standard Facing Order Hijacking Files Information Cryptographic Application Discovery 2 3 Protocol 1 Spearphishing Command-Line Shortcut File System DLL Side- Account Query Shared Data Staged Scheduled Standard Link Interface Modification Permissions Loading 1 Manipulation Registry 1 Webroot Transfer Non- Weakness Application Layer Protocol 2 Spearphishing Graphical User Modify Existing New Service DLL Search Order Brute Force Process Third-party Screen Data Transfer Standard Attachment Interface Service Hijacking Discovery 2 Software Capture Size Limits Application Layer Protocol 2 Spearphishing Scripting Path Scheduled Task Software Packing Two-Factor Remote System Pass the Hash Email Exfiltration Over Uncommonly via Service Interception Authentication Discovery 1 Collection Command and Used Port Interception Control Channel

Signature Overview

• AV Detection • Cryptography • Spreading • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • E-Banking Fraud • System Summary • Data Obfuscation • Persistence and Installation Behavior • Boot Survival • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection

Click to jump to signature section

AV Detection:

Multi AV Scanner detection for submitted file

Cryptography:

Public key (encryption) found

Spreading:

Enumerates the file system

Contains functionality to enumerate / list files inside a directory

Networking:

Connects to many ports of the same IP (likely port scanning)

Detected TCP or UDP traffic on non-standard ports

Connects to IPs without corresponding DNS lookups

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Downloads files from webservers via HTTP

Found strings which match to known social media urls

Urls found in memory or binary data

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality for read data from the clipboard

Creates a DirectInput object (often for capturing keystrokes)

E-Banking Fraud:

Found strings which match to known bank urls

System Summary:

Contains functionality to shutdown / reboot the system

Creates mutexes

Detected potential crypto function

Enables security privileges

Found potential string decryption / allocating functions

Reads the hosts file

Sample file is different than original file name gathered from version info

Sample reads its own file content

Tries to load missing DLLs

Binary contains paths to development resources

Classification label

Contains functionality to check free disk space

Contains functionality to instantiate COM classes

Creates files inside the program directory

Creates files inside the user directory

Creates temporary files

PE file has an executable .text section and no other executable section

Reads ini files

Reads software policies

Sample is known by Antivirus

Spawns processes

Uses an in-process (OLE) Automation server

Found GUI installer (many successful clicks)

Found graphical window changes (likely an installer)

Creates a directory in C:\Program Files

Creates a software uninstall entry

Submission file is bigger than most known malware samples

Data Obfuscation:

Contains functionality to dynamically determine API calls

PE file contains an invalid checksum

Uses code obfuscation techniques (call, push, ret)

Persistence and Installation Behavior:

Drops PE files

Boot Survival:

Creates or modifies windows services

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Malware Analysis System Evasion:

Checks the free space of harddrives

Enumerates the file system

Found dropped PE file which has not been started or loaded

Contains functionality to enumerate / list files inside a directory

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Queries a list of all running processes

Anti Debugging:

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains functionality to register its own exception handler

HIPS / PFW / Operating System Protection Evasion:

May try to detect the Windows Explorer process (often used for injection)

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Contains functionality to query local / system time

Contains functionality to query windows version

Queries the cryptographic machine GUID

Behavior Graph

Sample: gridcoin-4.0.4-win64-setup (1).exe Created File Startdate: 31/05/2019 DNS/IP Info Architecture: WINDOWS Score: 28 Is Dropped

Is Windows Process

Connects to many ports Detected TCP or UDP Multi AV Scanner detection of the same IP (likely traffic on non-standard started Number of created Registry Values for submitted file port scanning) ports Number of created Files

Visual Basic gridcoin-4.0.4-win64-setup (1).exe Delphi

12 94 Java

.Net C# or VB.NET dropped dropped dropped dropped C, C++ or other language C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 C:\Users\user\AppData\Local\...\System.dll, PE32 C:\Users\user\AppData\Local\...\StartMenu.dll, PE32 3 other files (none is malicious) started Is malicious

Internet

gridcoinresearch.exe

1 35

london.grcnode.co.uk sonic.crypto.fans

104.238.174.180, 32749, 49716 173.212.235.53, 32749, 49715 7 other IPs or domains unknown unknown United States Germany

Detected TCP or UDP traffic on non-standard ports

Simulations

Behavior and APIs

Time Type Description 21:00:12 API Interceptor 2x Sleep call for process: gridcoin-4.0.4-win64-setup (1).exe modified

Antivirus and Machine Learning Detection

Initial Sample

Source Detection Scanner Label Link gridcoin-4.0.4-win64-setup (1).exe 11% virustotal Browse

Dropped Files

Source Detection Scanner Label Link C:\Program Files\GridcoinResearch\daemon\gridcoinresearchd.exe 0% virustotal Browse C:\Program Files\GridcoinResearch\gridcoinresearch.exe 1% virustotal Browse C:\Program Files\GridcoinResearch\uninstall.exe 3% virustotal Browse C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll 0% virustotal Browse C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll 0% metadefender Browse C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\System.dll 0% virustotal Browse C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\System.dll 0% metadefender Browse C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll 0% virustotal Browse C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll 0% metadefender Browse

No Antivirus matches

Domains

Source Detection Scanner Label Link sonic.crypto.fans 0% virustotal Browse nuad.de 0% virustotal Browse london.grcnode.co.uk 0% virustotal Browse

URLs

Source Detection Scanner Label Link https://grcinvite.herokuapp.com/) 0% Avira URL Cloud safe fukuchi.org/works/qrencode/index.html.en 0% virustotal Browse fukuchi.org/works/qrencode/index.html.en 0% Avira URL Cloud safe www.tiro.comMicrosoft 0% Avira URL Cloud safe miniupnp.tuxfamily.org/files/. 3% virustotal Browse miniupnp.tuxfamily.org/files/. 0% Avira URL Cloud safe https://www.visualstudio.com). 0% Avira URL Cloud safe https://raw.githubusercontent.com/theuni/osx-cross- 0% Avira URL Cloud safe depends/master/patches/cdrtools/genisoimage.diff) https://brew.sh). 0% Avira URL Cloud safe www.icon-king.com/projects/nuvola/ 0% virustotal Browse www.icon-king.com/projects/nuvola/ 0% Avira URL Cloud safe https://gridcoin.us). 0% Avira URL Cloud safe www.chiark.greenend.org.uk/~sgtatham/putty/download.html) 0% Avira URL Cloud safe www.everaldo.com 0% virustotal Browse www.everaldo.com 0% Avira URL Cloud safe 0% Avira URL Cloud safe https://gist.githubusercontent.com/laanwj/bf359281dc319b8ff2e1/raw/92250de8404b97bb99d72ab898f4a 8cb3

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs Copyright Joe Security LLC 2019 Page 11 of 109 Match Associated Sample Name / URL SHA 256 Detection Link Context 91.198.22.70 Invoice.scr Get hash malicious Browse checkip.dy ndns.org/ 8Purchase Order_pdf.exe Get hash malicious Browse checkip.dy ndns.org/ 67Invoice details_pdf.exe Get hash malicious Browse checkip.dy ndns.org/ 77inquiry.exe Get hash malicious Browse checkip.dy ndns.org/ 53Invoice$67,22373.exe Get hash malicious Browse checkip.dy ndns.org/ 62Specification, Drawings and Product list.exe Get hash malicious Browse checkip.dy ndns.org/ 51January 2018-Proforma Invoice..exe Get hash malicious Browse checkip.dy ndns.org/ 48elc_output6EC703.exe Get hash malicious Browse checkip.dy ndns.org/ Payment Copy.pdf.bat.exe Get hash malicious Browse checkip.dy ndns.org/ 9Infringement Notice.exe Get hash malicious Browse checkip.dy ndns.org/ 9Scan payment swift1778.exe Get hash malicious Browse checkip.dy ndns.org/ 34PURCHASE ORDER #0023930938-27022018 pdf.exe Get hash malicious Browse checkip.dy ndns.org/ 27Swift Copy.pdf.exe Get hash malicious Browse checkip.dy ndns.org/ 33Term.exe Get hash malicious Browse checkip.dy ndns.org/ 30PO765.exe Get hash malicious Browse checkip.dy ndns.org/ 57Proforma invoice.exe Get hash malicious Browse checkip.dy ndns.org/ 63Bank transfer.exe Get hash malicious Browse checkip.dy ndns.org/ 43SKMBT_COPY_ACK_TRANSFER_REF062.pdf.exe Get hash malicious Browse checkip.dy ndns.org/ 16Revised PI_#249.xls.exe Get hash malicious Browse checkip.dy ndns.org/ 55POALC-4300086459PR.xls.exe Get hash malicious Browse checkip.dy ndns.org/

Domains

No context

ASN

Match Associated Sample Name / URL SHA 256 Detection Link Context unknown request.doc Get hash malicious Browse 192.168.0.44 FERK444259.doc Get hash malicious Browse 192.168.0.44 b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7 Get hash malicious Browse 192.168.0.40 f3cd4e5bb150a4.js Setup.exe Get hash malicious Browse 192.168.0.40 base64.pdf Get hash malicious Browse 192.168.0.40 file.pdf Get hash malicious Browse 192.168.0.40 Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40 request_08.30.doc Get hash malicious Browse 192.168.0.44 P_2038402.xlsx Get hash malicious Browse 192.168.0.44 48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22 seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40 Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40 QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40 pptxb.pdf Get hash malicious Browse 192.168.0.40 unknown request.doc Get hash malicious Browse 192.168.0.44 FERK444259.doc Get hash malicious Browse 192.168.0.44 b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7 Get hash malicious Browse 192.168.0.40 f3cd4e5bb150a4.js Setup.exe Get hash malicious Browse 192.168.0.40 base64.pdf Get hash malicious Browse 192.168.0.40 file.pdf Get hash malicious Browse 192.168.0.40

Copyright Joe Security LLC 2019 Page 12 of 109 Match Associated Sample Name / URL SHA 256 Detection Link Context Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40 request_08.30.doc Get hash malicious Browse 192.168.0.44 P_2038402.xlsx Get hash malicious Browse 192.168.0.44 48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22 seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40 Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40 QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40 pptxb.pdf Get hash malicious Browse 192.168.0.40

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.

System is w10x64 gridcoin-4.0.4-win64-setup (1).exe (PID: 2292 cmdline: 'C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe' MD5: 3C890F51D3A68AB8142D477022811B8A) gridcoinresearch.exe (PID: 944 cmdline: C:\Program Files\GridcoinResearch\gridcoinresearch.exe MD5: 78E48A7A001B99EBDF855A4D9CD65167) cleanup

Created / dropped Files

C:\Program Files\GridcoinResearch\COPYING.txt Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 1238 Entropy (8bit): 5.234401542129518 Encrypted: false MD5: 7C7B786254A395E5227263E7A585D029 SHA1: 2D7680D1F734C81CC1345341DE882DCE59EEB361 SHA-256: 02B8D3339DF6F84D11ABE30B9928E2D2F8E5B2E2380B56D336718609699D6543 SHA-512: CACE2C047134A76D3F10570FE7F6FBC267B9753C18EBBEC2935AF0A94F61DC2A5BB1D8536FE42DAAAB93CF944794E18BFBE761EB93008277A54561A384D4EE C6 Malicious: false Reputation: low

Copyright Joe Security LLC 2019 Page 14 of 109 C:\Program Files\GridcoinResearch\COPYING.txt Preview: Copyright (c) 2014 Black-Coin Developers.Copyright (c) 2013-2014 NovaCoin Developers.Copyright (c) 2011-2012 PPCoin Developers.Copyright (c) 2009-2014 Bitcoin D evelopers.Copyright (c) 2014-2019 Gridcoin Developers..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sub license, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright n otice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

C:\Program Files\GridcoinResearch\daemon\gridcoinresearchd.exe

Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows Size (bytes): 8474112 Entropy (8bit): 6.360180900990016 Encrypted: false MD5: 87C2E5CDBC72465030DA8103F3E39D24 SHA1: D8755536F4C7D6F5A2C1785A8E62B1CC2BA6D639 SHA-256: D1EB74788AACA27611879C30C99AED40A00E92590BFDDE9CD8CF6A385D9B562F SHA-512: FBF19405567274620A2795F9DA58F9E98E57D32CE788DFA5425410371A7EEEACA8714B818E0AFB02C9D1AAEE4E6E5F5C5CA6582C4E7FE950B7E2F196F420CCF F Malicious: false Antivirus: Antivirus: virustotal, Detection: 0%, Browse Reputation: low Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..d...... /...... g..J...... @...... P...... `...... `=...@...... w.|8...... 0..(...... text.....g...... g...... `.p`.data...... g...... g...... @.` ..rdata...=...@h..>...,h...... @.`@.pdata..|8....w..:...jw...... @[email protected]...... @.@@.bss...... 0...... `..idata..`=...... >...... @.0 ..CRT....x...... D...... @[email protected]...... F...... @.`..rsrc...... @...... H...... @.0......

C:\Program Files\GridcoinResearch\doc\.gitignore Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 9 Entropy (8bit): 3.169925001442312 Encrypted: false MD5: 68AAD7856515B76A12A433BBDA0A5618 SHA1: 525F8A25275741C44BBC2A33E33FE4580EB7C93F SHA-256: C34F4FA586509556660AB9B4027E2BA0A57EED7CFF8230FA63375A032AB9D862 SHA-512: DB889483C5F91507EE8DCA0E5FE504890A87717D183C143EDCCAADC8605BD3BD8BDA27AB09D34253E594C47336E1A72EEF64ECB5CACD1CE835504344B50516 C3 Malicious: false Reputation: low Preview: Doxyfile.

C:\Program Files\GridcoinResearch\doc\README.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 2555 Entropy (8bit): 4.971343297911148 Encrypted: false MD5: 555777A1A1D4FC2E6E4FF5EE3F09BA87 SHA1: AD196A6206CD7018A45622A4B42A21A292EC2D1B SHA-256: 38FFF61A143AC45C999B8C142220867FAC956162373F1FC1D9F4ECB536526793 SHA-512: D9B94F45AA6D886F5C58ED2077515A9DB996E48E0A0370A1D9FC98BF5FD31FDAC1691D2781D443A364A4504AC62283D4AF2911ACB9FEE4BFE20392BFA449AD1 A Malicious: false Reputation: low Preview: Gridcoin.======..Setup.------.Gridcoin is a free open source project derived from Bitcoin, with.the goal of providing a long-term energy-efficient cryptocurrency, rewarding BOINC work..Built on the foundation of Bitcoin, PPCoin and NovaCoin, innovations such as proof-of-stake.help further advance the field of cryptocurrency. The Gridcoin Client downloads and, by default, stores the entire history of Gridcoin transactions; depending on the speed of your computer and network connecti on, the synchronization process can take anywhere from a few hours to a day or more...To download Gridcoin, visit [gridcoin.us](https://gridcoin.us)...### Need Help?..* S ee the documentation at the [Gridcoin Wiki](http://wiki.gridcoin.us/Main_Page).for help and more information..* A lot of features core features are based on Bitcoin and have been documented on the [Bitcoin Wiki](https://en.bitcoin.it/wiki/Main_Page).* Ask for help or discuss on [#gridcoin](http://webchat.freenode.net?c

C:\Program Files\GridcoinResearch\doc\README_osx.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 5796 Entropy (8bit): 4.8240901514377414 Encrypted: false

Copyright Joe Security LLC 2019 Page 15 of 109 C:\Program Files\GridcoinResearch\doc\README_osx.md MD5: 494C0FDCD640C4BB97936F80046F3A26 SHA1: F3C1ECF10FCE6E414C187A4F717C53AF63CF869C SHA-256: 26A9D8F3A39AC3DB91C76C93D205B7B22114FFDEE88123F8A05A69B4DA2EA6CF SHA-512: EAE910E2516148D00112409BE653414B7C8D3FBA5AEF9E8EF6E401A8A957B3355EC9920C060267DB55DBA9E710E6D3D3486B0B5DC810402FD27B3FF6CB8C91B 5 Malicious: false Reputation: low Preview: Cross Plattform and Deterministic OS X Dmg Notes..======..Working OS X DMGs are created in Linux by combining a recent clang,.the Apple binutils (ld, ar, etc) and DMG authoring tools...Apple uses clang extensively for development and has upstreamed the necessary.funct ionality so that a vanilla clang can take advantage. It supports the use.of -F, -target, -mmacosx-version-min, and --sysroot, which are all necessary.when building for OS X...Apple's version of binutils (called cctools) contains lots of functionality.missing in the FSF's binutils. In addition to extra linker options for.frameworks and sysroots, sev eral other tools are needed as well such as.install_name_tool, lipo, and nmedit. These do not build under linux, so they.have been patched to do so. The work here was used as a starting point:.[mingwandroid/toolchain4](https://github.com/mingwandroid/toolchain4)...In order to build a working toolchain, the following source packages are ne

C:\Program Files\GridcoinResearch\doc\assets-attribution.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 2056 Entropy (8bit): 5.029101193339673 Encrypted: false MD5: 2EDEE506FEDB6AE0AD0A03E3235BE204 SHA1: 836593AF7E213F59F1669E00B1A0A073B3999372 SHA-256: F2F7893B61D9AF3796B3BDBF66DD6239D1632FB692FC6CB6F60ABC8A1CE7698D SHA-512: 66D263EF67E551AE7888FE0BD285B0009F4D90CFD607EAFCC60B1D7ED0C0EDF69BEBD23831F057E6E45F5CD23ED787DA65A672C5B7AA3834271BC3E5AE48A7 A5 Malicious: false Reputation: low Preview: Assets Attribution.======..Code: src/strlcpy.h.Author: Todd C. Miller .License: ISC..Icon: src/qt/res/icons/clock*.png, src/qt/res/icons/tx*.png,. src/qt/res/src/*.svg.Designer: Wladimir van der Laan.License: MIT..Icon: src/qt/res/icons/address-book.png, src/qt/res/icons/export.png,. src/qt/res/icons/history.png, src/qt/res/icons/key.png,. src/qt/res/icons/lock_*.png, src/qt/res/icons/overview.png,. src/qt/res/icons/receive.png, src/qt/res/icons/ send.png,. src/qt/res/icons/synced.png, src/qt/res/icons/filesave.png.Icon Pack: NUVOLA ICON THEME for KDE 3.x.Designer: David Vignoni ([email protected]). ICON KING - www.icon-king.com.License: LGPL.Site: http://www.icon-king.com/projects/nuvola/..Icon: src/qt/res/icons/connect*.png.Icon Pack: Human-O2.Designer: schollidesign.License: GNU/GPL.Site: http://findicons.com/icon/93743/blocks_gnome_netstatus_0..Icon: src/qt/res/icons/transaction*.png.Designer: md2k7.Site: ht

C:\Program Files\GridcoinResearch\doc\build-macos.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 2040 Entropy (8bit): 4.727467967526661 Encrypted: false MD5: 816E70B7C5CEC4D8CF6DFE63429722D3 SHA1: CF0F6B95B4D4B52F60B451BE3BD65D5D60757ED8 SHA-256: 46F98E0CF2A405DDC9809587357C0EA076C7CE62EC99D06DC7826B0CFBB88323 SHA-512: 306B0664D7981724303C7AE341D04CCAEE975118B3BF4873D3F01F72C0B7596EB45AFA2A751300DA0F0D8CF44330F5FA77A6DFA21B48137B0C71E7FF7E601863

Malicious: false Reputation: low Preview: MacOS Build and Run Instructions.======.The commands in this guide should be executed in a Terminal application..The built-in one is located in /Applications/Utilities/Terminal.app...Preparation.------.Install the OS X command line tools:.. xcode-select --install..When the popup appears, click:.. Insta ll..Then install [Homebrew](https://brew.sh)...Dependencies.------.. brew install automake berkeley-db4 libtool boost --c++11 miniupnpc openssl pkg-config qt lib qrencode..To build .app and .dmg files with, make deploy, you will need RSVG installed... brew install librsvg..NOTE: Building with Qt4 is no longer supported. Build with Qt5...Build Gridcoin.------..1. Clone the Gridcoin source code and cd into "Gridcoin-Research"... . git clone https://github.com/gridcoin/Gridcoin-Research. . cd Gridcoin-Research..2. Build Gridcoin:.. Configure and build the headless gridcoin binaries as well as the GUI (if Qt is found)... Cle

C:\Program Files\GridcoinResearch\doc\build-openbsd.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 7049 Entropy (8bit): 5.271199225750603 Encrypted: false MD5: 84E37C97701734BBF10BF572E80CA449 SHA1: 4B930A93E57088634CFA9A5AA3F33E016AAC9488 SHA-256: 67981CDF254E8F4F9793C69B1A658A5201F00220B4C5C5BDFDEBF1A4FC76B555 SHA-512: D1EC195FBF59E42BA4FE614E859695D5827BA2DCE72A244C7AC5848F9A03B0E100D7D9B95F15D616F02239ACBD9226B07A700E6842512932B7C21D2A2F220FF5

Malicious: false Reputation: low

Copyright Joe Security LLC 2019 Page 16 of 109 C:\Program Files\GridcoinResearch\doc\build-openbsd.md Preview: OpenBSD build guide.======.(updated for OpenBSD 6.0)..This guide describes how to build gridcoinresearchd and command-line utilities on OpenBSD...As OpenBSD is most common as a server OS, we will not bother with the GUI...Preparation.------..Run the following as root to install the base dependenc ies for building:..```bash.pkg_add gmake libtool libevent.pkg_add autoconf # (select highest version, e.g. 2.69).pkg_add automake # (select highest version, e.g. 1.15).pk g_add python # (select highest version, e.g. 3.5).```..The default C++ compiler that comes with OpenBSD 5.9 is g++ 4.2. This version is old (from 2007), and is not able to compile the current version of Bitcoin Core, primarily as it has no C++11 support, but even before there were issues. So here we will be installing a newer compiler...GCC.------..You can install a newer version of gcc with:..```bash.pkg_add g++ # (select newest 4.x version, e.g. 4.9.3).```..This compiler will not overwrite the system c

C:\Program Files\GridcoinResearch\doc\build-unix.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 10207 Entropy (8bit): 4.909713817938937 Encrypted: false MD5: 16D8C74B56F2BCDC31FEAB24987B6DC2 SHA1: 96E7736EF71E51B8A16021AA70CBA7085F33D05D SHA-256: F4067466E77067F0E11DC7FBD174210521EE9409C26C516ED5152F748D7C5297 SHA-512: 654A79121E02131F905915BAC108C07CEE730713559898139FB50A826CBFD452D133E5261DF9C4835DDF51BEAE646453FFE082D33A33A5D4A7111A82F4CF6FE8

Malicious: false Reputation: low Preview: UNIX BUILD NOTES.======.Some notes on how to build Gridcoin in Unix...(for OpenBSD specific instructions, see [build-openbsd.md](build-o penbsd.md))..Note.------.Always use absolute paths to configure and compile gridcoin and the dependencies,.for example, when specifying the path of the dep endency:...../dist/configure --enable-cxx --disable-shared --with-pic --prefix=$BDB_PREFIX..Here BDB_PREFIX must be an absolute path - it is defined using $(pwd) which ensures.the usage of the absolute path...Preparing the Build.------..Install git:.Ubuntu & Debian: `sudo apt-get install git`.openSUSE: `sudo zypper install git`.Clone the repository and cd into it:..```bash.git clone https://github.com/gridcoin/Gridcoin-Research.cd Gridcoin-Research.```.Go to platform specific instructions for the required depencies below...To Build.------..```bash../autogen.sh../configure.make.make install # optional.```..Or, to keep the source directory clean

C:\Program Files\GridcoinResearch\doc\build-windows.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 6577 Entropy (8bit): 5.003728158969639 Encrypted: false MD5: 5A6C7524B5CD4F0AD26212C80C6B7CF5 SHA1: BC150B84FAE7DEB526AA7D77BC4D44E799415DFF SHA-256: 6288B769495609CD15EE4FDE35C575322740270DF20AB3DDCCAAD86B82A95B9B SHA-512: 98717C9A2B089F1B53CC834C308F1CD98F52E048152AA2B7642CD34B43962AA3C859AE4148BCF5DEA87D4511D16A22A9C667BD3DF421B7BD9C7B93AE12AA960 D Malicious: false Reputation: low Preview: WINDOWS BUILD NOTES.======..Below are some notes on how to build Gridcoin for Windows...The options known to work for building on Windows are:..* On Linux using the [Mingw-w64](https://mingw-w64.org/doku.php) cross compiler tool chain. Ubuntu Trusty 14.04 is recommended.and is the platform used to build the Gridcoin Windows release binaries..* On Windows using [Windows.Subsystem for Linux (WSL)](https://msdn.microsoft.com/commandline/wsl/about) and the Mingw- w64 cross compiler tool chain...Other options which may work but which have not been extensively tested are (please contribute instructions):..* On Windows using a POSIX compatibility layer application such as [cygwin](http://www.cygwin.com/) or [msys2](http://www.msys2.org/)..* On Windows using a native compiler tool chain such as [Visual Studio](https://www.visualstudio.com)...Compiling with Windows Subsystem For Linux.------..With Windows 10, Microsoft has released a new feature

C:\Program Files\GridcoinResearch\doc\coding.txt Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 3078 Entropy (8bit): 4.706685139057198 Encrypted: false MD5: D4E0C28F538E4A4D2441EE6541051D73 SHA1: 2051476AAFCBA8B4D5D501585186E7CBB4E039D4 SHA-256: 70A83E1EEAA5DFF9451F59F06D9D04F38A73131092C621A32ACD4B346EB19A20 SHA-512: ACBC7580F6C06F4C05298768ADB97EA72F9D8D974139822E66FDAB3427D46BBBA4FE5670C8D185473826B0A83E3B3A129D44C2FE286EE42EB4E3556B5C40595 A Malicious: false Reputation: low Preview: Please be consistent with the existing coding style...Block style:..bool Function(char* psz, int n).{. // Comment summarising what this section of code does. for (int i = 0; i < n; i++). {. // When something fails, return early. if (!Something()). return false;. .... }.. // Success return is usually at the end. return true;.}..- ANSI/Allman block style.- 4 space indenting, no tabs.- No extra spaces inside parenthesis; please don't do ( this ).- No space after function names, one space after if, for and while..Variable names begin with the type in lowercase, like nSomeVariable..Please don't put the first word of the variable name in lowercase like.someVariable... Common types:.n integer number: short, unsigned short, int, unsigned int,. int64_t, uint64_t, sometimes char if used as a number.d double, float.f flag .hash uint256.p pointer or array, one p for each level of indirection.psz pointer to nu

C:\Program Files\GridcoinResearch\doc\gitian-building.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text, with very long lines

Copyright Joe Security LLC 2019 Page 17 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building.md Size (bytes): 19424 Entropy (8bit): 5.048010900190012 Encrypted: false MD5: 9C65A2E3E5213B356E437D4F7F651182 SHA1: 65BEFC486E8C00B9FEDF38E3B82BBC6DC0FA8754 SHA-256: 657C646A2807BB82BDA52ACC92FD4C89F8D666D8BD4171EA59B990913F553453 SHA-512: F2119C27C8E07767406122D757CDCCC2B2A2F00603AFEF7CC9731700BC4168C4A93B616AD7E084E891EEE2BDFD87B609F5BB7F0659E101FAFB2C932183897E48

Malicious: false Reputation: low Preview: Gitian building.======..*Setup instructions for a Gitian build of Bitcoin Core using a Debian VM or physical system.*..Gitian is the deterministic build process that is used to build the Bitcoin.Core executables. It provides a way to be reasonably sure that the.executables are really built from the source on GitHub. It also makes sure that.the same, tested dependencies are used and statically built into the executable...Multiple developers build the source code by following a specific descriptor. ("recipe"), cryptographically sign the result, and upload the resulting signature..These results are compared and only if they match, the build is accepted and uploaded.to bitcoin.org...More independent Gitian builders are needed, which is why this guide exists..It is preferred you follow these steps yourself instead of using someone els e's.VM image to avoid 'contaminating' the build...Table of Contents.------..- [Create a new VirtualBox VM](#create-a-new-virtualbox-vm).-

C:\Program Files\GridcoinResearch\doc\gitian-building\all_files_in_one_partition.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3333 Entropy (8bit): 7.642307380384602 Encrypted: false MD5: 5C2DBB25C71B5F017508D814A9BAEB7E SHA1: B6C5E0B54E45AB6D4E599EB8BC61701060F11830 SHA-256: D686BBF41E91AD4AC175BB333793321232E2694327F738789ED9F4BBA74907C7 SHA-512: 3BB01C6B49A83AE2848AEFF678098A3209CAD91666C0ACBB1CF2BFBDA9EE8375E66AC1CC270D5AE511943A7BE7B160EB2705D05EF39BABCE899A988006EC3 53E Malicious: false Reputation: low Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... f..p..a(z..'pnPq...xb.,<.....W..;1..J....+y9.../.. .B .U~.\d...... "...L.!6.. <...x.@`.@.. .r..\.....~...... oYe..._.!...... # .>sH@.@....'../x..5.0...v...... !./.@...)[email protected] [..e:..O../.A.@..._...... C....I%.....#.XP...... 9 .a...O..G.....(... .7...... `Z..P...z...Z .b..'[email protected].>.Te....yL. ."..M...=.H..{.....Io-..I].1...... ^.. ..W..|...... Z..H..9 .:.....Cu.z<....}...M&...... RX.w{..".o....E .B..

C:\Program Files\GridcoinResearch\doc\gitian-building\create_new_vm.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 609 x 374, 8-bit/color RGB, non-interlaced Size (bytes): 69174 Entropy (8bit): 7.9868744482075815 Encrypted: false MD5: A12945EB102DF478F8F67B4E3B7DE152 SHA1: 15D0AD0EDC572251D661C6052A4839CA2AFFF095 SHA-256: 94F99FE9F57A6E2A1906CB647ECE14431A733F7E5B01AFFE5915D65E715C92E2 SHA-512: 5204CB05E8FF14DF7C184B8D4C1C8DD98F94CC355866D97F1552126B692CE2A91DE171CE798772299A0BF0139263113F8A2EB39ECDE9F87F6B7A745A7A39F340

Malicious: false Reputation: low Preview: .PNG...... IHDR...a...v...... IDATx...E..0...&...s.r....oC..Y._.W...... 1.%+...... ^Y.<.[d..]...... |...... P.....gd..L&....v...6.....o-...... %.C.F.....<."b6..F.....9..,ED.M...H...i.....]..{.>W../o.n3...~.}..u).>. .t.5w.....Pa.7z.1(Q..a&`...q..f0p.F.....br..0..$p7...=.,]..A..OLA..*..0.../.?x...I.k...W...... N..I.:...H...b.0.|.Q.YomfPHC.U....~..z..5X..^Wg.n..@...... xMU...... *5.7y.N1.w_..yj'{d YW.R....i..X...v[f^KV5.I...H[\...+..t...... :...... o>.O..4c.s..rc...PH....h[:fL..m.`...Fy;Z..n....L7,.....n...#......

C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_file_location_size.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 701 x 453, 8-bit/color RGB, non-interlaced Size (bytes): 107740 Entropy (8bit): 7.983429748256032 Encrypted: false MD5: CC1C5E91DE14DAEE1B4E1AC8E654E431 SHA1: 493275034EFED4E33639A427F66E528295684BEE SHA-256: 945D639111D493729607DD99DE10D7B4100111964079A9D535F397D63E1B403A SHA-512: 9AE39D78330638A56EFDB4659C1955D6CA9B17CC9D92301419995A7E56CA5697BF0A95F93459F327B776ED474B47C87A22A0EDFD9A23E0FC8F288D006D68981A

Malicious: false Reputation: low

Copyright Joe Security LLC 2019 Page 18 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_file_location_size.png Preview: .PNG...... IHDR...... p...... IDATx...... [email protected]%3k.....P666...w...... >assskkk{..o....W.u).<{...... Hn(.....nmK...B-.j[{ .qmK..F.m.m[Z.%y.y/sI...V...... 0u..$w...%..'JA....W..%...+{....K.8.x....R...{.....].'.D.....".xkB...7w..1.Oy.?).-...... %PY.r.e...T.p.\.5.nP..$.....V.JY...... cF!.....j...I.>....]....=O$...z .P...c*.2eN.G...?@..,..#...A..u...#.\...... F.#...... (.%..r...... <*.S....XGX.#...... P...Nu...n.#./..._..\[email protected].#.v..(..~...>[`..?.....>...../....3...;)NT....8.)C..|..A.a..pAc{. ..[....5 [email protected]"g.Z.....u.e]_.#..{..YA.)#.d,.d..:../..L...}....,...... c*s.9{*....R\Z..]jr..h..LLb..l^w..|...... P.Y_.~...c*e...P...`..E.AR..t].v..J...m..._~m....t.1

C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_hard_disk.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 610 x 374, 8-bit/color RGB, non-interlaced Size (bytes): 71260 Entropy (8bit): 7.971486383629346 Encrypted: false MD5: C09278E811E27D5C99F168EE681005F0 SHA1: 78F275FB353E07CAB451197240571E16D0302CF2 SHA-256: 963B6D09254CCB0789759F7C52D320A5F9C5B0AAF26A8E1870759407D9DC1646 SHA-512: 79FECAAF52B928372DCF3496917842AB3054D50FE71443A283201991A5054805710EE89E4B9159757580F2E971A20B4A37F528638A3B5556C1C549C3BB830665

Malicious: false Reputation: low Preview: .PNG...... IHDR...b...v.....B.c....#IDATx...... 0.@A._.IPD8...... ;[email protected]&.P.R..R4..L.@J).\/....W.i.I.:.(c..I..4F2.L. ..&.Y&. .x.I..I..N&.s.JN.a...`}.x.`....M.Bu. <..8lp.4Rx8..(L!.8..:.c.R0..wC...wp.`..p.9...5.%....6..K...m..\.....f....,....}.....v/.._..~...Q...@&...H\.m.zLjEq.K...... hCr..j...... L.[A&...... w....R..f2.Z...... Y}...8.d.@&%#m.. v..y...q....Vt7.6.....5/..G"...I.\Le..?..E.,Y..L..hC....p,.....x4y..7`M.".#....>..3I.f...... 3....d2.s.$.I...enY...6?..... #...I.|%.=]..i...L~8..iNB...~5...^A2.4.2...... Lv.%.. .._&...... ~..(r{*Tir..L r....G\.*...... ,.^...v#.;.)...Jnx1!...... N.cU...... z.L.iZ.%d....4..e..{..l,.1k3..t.;51.,..p&....!.,...L~..../+..;~.f....N/...7.d..$.L.ZDH.EH.K72..G....dRs..j^..x....i.i...I.....$$2.83...e...... =A&) .$.I...Q...... 3.$..*.RR.T...... ,...KS0.j.?}o2.KR.Ql..I...LV...2..{ d.a..M.../O:3Y..EsoR..tdi.].&C.9g*&..E.n...... O.U.O##..R]D....d..L..2Y^....,..!9...H....M.

C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_hard_disk_file_type.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 697 x 451, 8-bit/color RGB, non-interlaced Size (bytes): 103294 Entropy (8bit): 7.967596667714403 Encrypted: false MD5: 60D2F8ACBA1439724846DF683B605073 SHA1: 36AABCC133C8C8461D55C489F55EE09A36EBE5BA SHA-256: 525D890C2A965890CD4E9F52161024EE9342B995C2DB1A503207E97C3B2B7400 SHA-512: 162D30B8CDA2DD1E82706B30BCE58932544E896DA9722E51A06D918C2A5C2F0020F5E98C4144372C549053802A43AE0C9269BF183F8D21B0C7962C9A3D1D1E1F

Malicious: false Reputation: low Preview: .PNG...... IHDR...... m.....EIDATx.....0..Q.....Zb..^.'.9.o~..A..q...... s...`..b~....:.AB...... }(.....a..z.^.f0...... Y...Ng'.-Q.....QU[...P...... l.. "...... }n+....O...... v+.6.J+..p.*j..x .|.eo..V\...... U.I.,G.I.`*qEj...... B.*..k;..$.M>...... T...;..X.DT....I.a.`.....FAFAG.....[....R.ZI$...$M...I.i..+n.....yx'R...M..a.....f....f..k..;g!.lX.$..-...p.....GN.!.y...... 3.R...d~.v...0W...... %19LkX..j..,4...J%...&..vU.y.=/\Mk8b...9z:.(...H..yp.ie..(.....z.....[.Z.x8)....5.....p.T2.<0..!yI%...... G..t.....2.. rJ..S...... y.q..._.....|.N#..W.#..W.?...wU,.y...]eF....w...... U..G:.f.. ...T{....Db.M.:.F+.`....+...4..3.3.....q.....p.|..BSW...... BQw. )U..H)...... 1.]..F...QW0.-tU..y.K.WP....}..._...B..T...... Vwr]...... o)A)aW..[.+....$7...G../|n...... <.Q...... M....:.$..<..FJA\ ..+....S....L..!..b...... ed..T.u8..7..x.i.W}1..#n...w....i8/)K...J.:).....k..T.{.-C7....\...|`.c..hkk;.D.g?..alF.`..<..5.6[...... [email protected].....)..p .

C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_memsize.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 631 x 366, 8-bit colormap, non-interlaced Size (bytes): 22082 Entropy (8bit): 7.902886351017695 Encrypted: false MD5: 6F35DBDE43656EA32CACD87FFF1D1C39 SHA1: 9FB88902A311165BBFEFB7B92A462ADF076A4107 SHA-256: A48174B29012DBF59D9970C096CC5DC329442C95F563E218C62C4FCB9FE20187 SHA-512: 6B734CE82F5D25B741AAB471D601707988054BEC57ED41EACA946AE24E2AEDB9136EDB862CE23781E2142E8D625174770D4A3DA5E97E6886348D0938C887A383

Malicious: false Reputation: low Preview: .PNG...... IHDR...w...n...... %.....PLTE...... d^ik...... >...... @....D...... _..*}...+.L...... }1...|kT..?n....PCN4OvO....a/...... q.}Q...... b.....N..9..,....m..c../h...... l...P...] ...... -.....0b...... >y...... v.(...... e...... T..5...... $...... Z....u...... K{...... }.l...... q.w...... >.?...... -.6...... z.}...... [..L..h..b..S..9.....Z..- ...... D...... e..!...... ~..`.B.....S.IDATx...... 2...... y.wx....x...;.>$.n.g.JrDQ..3..K=.zm.....#m...}U.-.Wrx.^....M...`.....B.n...F.a....D...Z... .8.q.O$..{..R...... D.v...... F..A>.,.K". T.R..x.u...A.,r4.

C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_storage_physical_hard_disk.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 696 x 449, 8-bit/color RGB, non-interlaced Size (bytes): 109193 Entropy (8bit): 7.9800869049861705 Encrypted: false MD5: A99C11F074AACE4DF50B03663E5DD592

Copyright Joe Security LLC 2019 Page 19 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\create_vm_storage_physical_hard_disk.png SHA1: 7BBC992F3AB11ACBD649C20FB46FCB6CDEBC392F SHA-256: E8D609800EB3923B59D4604EDC6B85E9C33E99B64E9A0A45F38049ED6CD8659A SHA-512: 906739A2BD7C56BFEA79468441AA8E6390CA5128BDEDE2FA42CF0A031E0BBB7FAC65D621A5F897995A06E4B41D65BA9CC11A6CF5B91451C2F2AA3829EF7A1F 5B Malicious: false Reputation: low Preview: .PNG...... IHDR...... g_....PIDATx.....@...... p.s.v...... @.q[..dY.....dY...N..O...... \..u.TU....LR.J...V8.(.*...... ;.LS.....8.0..8.&..D.i.9..\oH6l...PT.8...4..O...... S..a...... S..U.p...... TG...U.*.;....oQ.u.....TE&.AF.....$I.$.}.L...... T...1..^....NKE.k|c.n.q]...|`*.pBDXN..IX6..Wo6[[email protected]..$..jo>>5C.0dJ.tzu^..qv:2c...9.]*\...... :.|.|4h.....*J]....1....C...j...].w:.....m.m....SS[F;U...... ZSm...:...... !I.z..%..-&.)]...D.U..j ...f.~.2..+[..(.@`^.Q ...|PQH...... m...... (@.)..D..C.,'h.%..(*:=....af...;5.....u0.?.O..E3.X:...... P...L..a ..w|}.uC~|...cs/..H..E.Y.....r....._..G...... o.?..I.V...~..q

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_10_configure_clock.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3178 Entropy (8bit): 7.655740731210519 Encrypted: false MD5: 46959EE98972FC43927D167D1B2BEC12 SHA1: 3856399846C6287498EE832C48561F78218DE2C3 SHA-256: 5BEF418CC1D5E3F5C5960C3F37B9F029065E7A8CD28E5B5CA46644EB74B63D46 SHA-512: 713C997EC748E7140EA517A479BDF416F859E3861735D345372014EB05AF42DD740EFFB683D3DC6D146F61B91FDDB7DA8D744169F8D7FD1885D2696644D1A081

Malicious: false Reputation: low Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... f.NL#...... o...D.\hAY.s...... Z.*....>.{..... 1..E..]z.HA..t..2..D. 2gZ.R....G <.. .R@...... J..$.!...... [...... }\...... X`a.6z.;..=.....A`.a.a.A.... (.A.k.?.. dXh`....0.....=.^...r.. t.x...... '...&...c..d..i~A..:9..?W....P.....^A....i.)H+HAZA...R.V.V.. . .i.)H;8....WB ....d..#. . f.x.....R.L4.u^..!H...;...}...... d...o..Jp4^.....15...+N....\.r.. T....,... YR....uY.55....z.Zu.. ..Y@..(.5..<7....E.UB.....u|.c....k...... /h<.....2^.]T.}I.;.<..B;.. ..M.p_...xe..}0.e[.p...... 58.X.2...z...IK.\...{....WV..u.v].B,H.e!H...:.)...D..g.-...l...... o..j.t...... PKA.<[email protected]...... AF..y].wg...... <.k-....S.d..+...... J..C.@_.D+A.. ../...... YpH1"^.D....Y...v. ..Y....N-.<.....y...... ks...... 1@.}..]...... 1..|...h...c..N.....k.....q..i.Tr....K..;....Z.....Uu:.>v...m....S>.|......

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_11_partition_disks.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3968 Entropy (8bit): 7.705290382981444 Encrypted: false MD5: 7D807FFA42A9E2956E508BDAF615C78E SHA1: B4CC6C799F0C10A0C26E1701EDEFCA7BB9AE5A7F SHA-256: F169A4912E825627B98BB5951C374999B6452ABECADC6CA156970AD17C492B73 SHA-512: B9B6B77E796F700F6856AFD64B878579D0F1B57881B5156AFEA879F6FFEC509EAEFA99956872FDC76A5596039E4AC60AB9CDC6679C5A00B1CABD2FAEE8AF8D 8C Malicious: false Reputation: low Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %....,IDATx...... f.^0$..0....W..A...mFt.CG..K...**.O.bfffff...jc][email protected] .."H1'.L3..v... .@q..'..z.A.I.tCj....}...q..A.S..G....s...X.+..N../@8@8@H .}d...... BC..e .....I..?@..~.B.9..x...... Y.".]....kf7.....OA..:.C7...... N.AL.AL.AL.AL.A...... 2..%.Bp...... ^..Z....q...... n.G.^Mx=.~..5...... w...R....#."...... o..X..@8....^...H..^...... ~.....v..B 4`'...s>@`....%...XB...6..LLr.w)>.y&?..Z..ZZCu`.i..7...... f/..c}..A.Y...Y...v.j../..n...... j.Y._.1..A .A....g..?...... i...F...Rk...... uGb...... `.ll.H,...... @.oz...... X.bk...3.....@...@...<...u...:...h..~..`.qxd.{v6.Z ..4v.w p-..

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_12_choose_disk.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 2569 Entropy (8bit): 7.533931249874395 Encrypted: false MD5: 8D4D542F6076B41F20B06E13573874DA SHA1: 623262A583309C57D1542B6D1B693C4DC2DCCACB SHA-256: 6F5860A07E949C6937739ADE4EC7204649DD4BC6E00C6249296291FBC3B8639C SHA-512: 16DADC875A9929638234A7E42E64441C69432C764D64A418E8511C59BE42657010BD8679EA42F76412A9252B06FFCF09D5030761E56B87091EA5FCC07F0BB050

Malicious: false Reputation: low Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... `....Q...g.s...... k.'..y3...;..+..-..j.#[email protected]@..../..B..X..D@. H.`..|..@...... ,.V..K.....z..l.K....j.4.Z...... @.LK[.%.~.[s...... (..a...... t...... L..H..l...... @@...C...t...}...!.w yQ..g....,(^.\Oh...~.s.V@...... m...... D@$....@[email protected]...... [email protected]... ..7.s.~...o....`..=..E&d,f.#A.][email protected]..$7.".6 ...... d....0vv c4[.j.eC..C...p.....>..9.4C.....9.,.'_..9..c.H.@..?...f..<.K...X..1>1..E?'.0.Xj.k..`.f{.*.tUf.4>.1...... $.Z]&....y>...... O...(.P...... l..2...Vf...., .c"c...1....0.X..1..k.7. .q...... j..a c...Y..17.y.....3.h...... 0.. .?....@..*...y.m...... @f.]@.....[.b..|..Z..s.}...'...V.a_..W.d.OXCx...y3...... H,3.Z....>R..:.G{&g>.7.g.. q...... G...m/...q...gY.%C..x.8F{..5...^[email protected]..) .j v..5.-..m.bA@.;...... a.c..#)....$b./.`{X.1..J"^.y...... g....y.....{$..

Copyright Joe Security LLC 2019 Page 20 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_14_finish.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 4715 Entropy (8bit): 7.776456292249335 Encrypted: false MD5: 5AC279BAB9C9A9689633047ECCD96444 SHA1: F2B1D165C693B813DACBAD3ED2A768498A1C0871 SHA-256: B2A7A061042CDE60974B0D75657CCB132233B9749478764DB30CAD8B7627BA1A SHA-512: C0D7101536F7E6AA9D033476373DA640C435EA40500151EED6725320B1CABDAAE3C117CC30D5853D6F34687896B00B6AB8783021640C9D26E862D71609D1B22F

Malicious: false Reputation: low Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... [email protected]...... F...... =..A...C...... #.R...}5.$. ...m..7r.a,.A..+.0....5...... M.y.u...... 9.^z .XkQ.fA..r...l.....u_.X.f+..Y..Ynt.T.. #..n.%.>_t.... .O.....Z...d...... @..K@x9jqUo<..bZS..5..#O\...t.F...... &.U'....Ru..O$fc...... J.RK.g@Z?o..D...... D..!.._....$z.Dy...!...|...1M..~>C.....>t'..*[email protected].. UZ...g...,....<>.....U....s.<...W...... M..k...... ?....8... .@..!.7~N....,..?.6.a.^.D8...X?..e .....>P...... !q..-/..@jY....~{.=.D...... ;mm...... s .n.x%....

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_15_write_changes.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3405 Entropy (8bit): 7.6458287960756826 Encrypted: false MD5: 132A60E4E81504FAC94C9AB48254DF6E SHA1: 9F9B1FE5BB83DAB636D6F9952342386C2946E3F7 SHA-256: 53E1CC97810DEE9C56015D1362AEBD79B212BD8AFB3D3DD712C2739D99DBEF6D SHA-512: 7453F44594C8B5FB3DB859885AF88690E0D1F631CB9016924CD7DA0A8BB48765C2A95F9799880A3AC9876D4E536ABD24940B48E25FFE3F685CF5BBB4EF0F683E

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... g.s...k....OV.DD.I.C..*.y....-.<...e ...H.8...... +L.c.k{ .....F.st... );.iqt.{%#z.....A.A....-..z..7.V.s.,GA.'b...... h...!.....Y...6 8...... <...... [email protected])....W p.V...... H....Hr..u....-...... 7...y..Wn.+:c .Z 8Bh...2u..dnb...... D.V ...... 1.....9....9y...... Q...... $....m..U...moN.uN.ml..... q....U...o{.7....o.-?o.n ..W.'vf}.x..._...... /[email protected].|...... r...1.r.?...~; ..W..o.$..d .>C...D.[[email protected].!.D.[/a./...{Q...,.

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_16_choose_a_mirror.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 4718 Entropy (8bit): 7.710878591171939 Encrypted: false MD5: 8DF4E40C22C8E17370C9B7407AAA3B41 SHA1: F84FEC668725D961F25BBED85387BD25E1ECE900 SHA-256: 27266EA8AA185802BED40535EFA699E2D2922B5D4DD6F1AC68C3201E3A43A3F4 SHA-512: 3A9A3DE24FA59A7510777E9327210F083DC05DD10B10B3F0765F3F46EA75D4C316BA5CA1BAAD156746365D72EF002742B8455C5F9BC5CD8FBADEF000DBA7B30 E Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...q.0.C.....8.[..#]...^.M.T...... !...ty... ..2"I...!):e@...... l2...g...... g.D..X.@.=.a.4.K....r.t...... ng].F.... .2Q..cH.,..t.Z.....O.+.Oc....mp...{.. S.:...... ]s-[...... G...... 2.}.K...... y...... F....d-.][email protected].*:.D....9...SA.~..by{.v..t...... o]....._..k{...... O..Y...... ztc.....3@. W...... @.!@.!@.!@[email protected]`I..0...... [email protected]~n.wq....y7.V..8.rQl...._J....Z>H...... Q .p...... &.M ..+.a.U..KBy,_U#N.<3./..t.c.O...p=.]RCKE^.EY..X..&.o.....9.k... .%x...... I...... )`.At..)..'.}.Y+D.z...E.w....1.^.\.h-..@.@[email protected] ...v,[email protected] ].1.q.q...... A=..j...... v....\...... {.Hz]....ck...... A=...! ...... V..J (K^..^...w...1...... @.}..... V..._.<..../m:..~.0..<.R.%.8.....@..>...... g....W....7h..4....[.$....5....mxA!.Wy..\..y..:....F./....&.>..b.O.pp...... ~....E}.~...... G....6.....H...... /

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_18_proxy_settings.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3005 Entropy (8bit): 7.616596951865707 Encrypted: false MD5: 6E64E7EF563335137B9DFC9F5A871EE2 SHA1: DEAC9F541E5726F5C5D2932B9F05C6DB9CA23B46 SHA-256: 72047D54AA6155221F56A05E56451825A41C854381BC30ACD952D7E8CD1D6841 SHA-512: D668995E7B93EF098A0FAD5ADEF66433F47FAF1F4F154F8BAEA731A9B2DDD1FE9D063DDD7807FA7438075699831142631FD679CDDCB69AC6A6BDBD31A2979A4 5 Malicious: false

Copyright Joe Security LLC 2019 Page 21 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_18_proxy_settings.png Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %....iIDATx...... `....q...g.....L...... 4...... K3....&,...|<|[email protected].`l8.Gq...~ ....b.dX.%...u.H..,([email protected] .16....9..GMO.G..:.8.3.C.JS.S....B(cb....5`.....~...9.{...._.q|6.@H...... s...... [[email protected]>....35./.i .j.%.L..1..[.HzR;[email protected]_.L\....D.db...... 21. ..._U..Dzj. .D...... s.Pg.|...._..d-..r.N..".b.Zk XG>5K .u...t8"".H..h ....4....h [email protected] 2t.J ...... 7.n...o.r.Q.7.D....^Y.".8n.|V.@[email protected].._.D.E....*...... gM...g..D{=.. 7....|f...c...... P]k...{.9...xw.E...... b...... e..Z.%..k?.z...K.zNm...x.4..:L..g85.r..QW.?.x..h(__`.P=.@*.n8...... U@[email protected]?...... Q.A.....'./...D.#.. .@"[email protected] x....4/.8.\..y....P.. ..~..<.....@[email protected]^.q..}.....@...... h.%...... 1.z..V/.#@.....Ez...... /u...w....=/..} ....O\....S....b.y...... gO!.s.t.'<....!4?;..Y. .& .~|...... a(..p.fn

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_19_software_selection.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3627 Entropy (8bit): 7.634691242083469 Encrypted: false MD5: 8AC24EA86D7C7EA9FC8FDDF8DC731B3D SHA1: 2AC220247998DFC06FF1668CB0F25D1B47D67B02 SHA-256: 361A74BBD6C41961D5A476F3C5E21464225AA55D54EFD35C49BEBA3E58DC1BA1 SHA-512: A6CB3306ACA4ED56B21B676B349C80C689DDD99B04F33440BBBAE6B82FA6B7EABF134F7F353A9709DBD2C640DA268A3B7F84D4F1FEA63D13CE2919A8F6B5C9 AA Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... `v....(.....M....?...... _x=...Z.1.|.u...... mI..QZ....beW..VR.]Oy....$....1.....R.Y. \..\..to{.y%>...k.:@..`.i..|.r .u... X...... %...... @...a..W....c...{@.Cqu.wc..}...... "G...... ^..`.`...... 0&`0+...."..+ ...... ~...... n.4...E..@*...... G%..."[email protected]...... j#@`.P.=Tnv...... N...H..o.u..W..X...E ....2....[...c.?.}....a.a.....|N{?...... M.o...... A.m:...?...... }....X..>..K.d ....@...... v.._..4.|...... |..{...... O!...... M..9..-..j...... : .B?...62.}.x.w...<.

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_1_boot_menu.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 640 x 480, 8-bit/color RGB, non-interlaced Size (bytes): 73908 Entropy (8bit): 7.928333764680265 Encrypted: false MD5: 37A4452D3020BB471EBE022F0A8079D7 SHA1: 949D429E46E34DB09829D8401CE3F98850C94C42 SHA-256: 691A99AF22F4841028B2C11379C6743ECC462032634604D116498C79560CAAD8 SHA-512: B62F3F33428CEE1EE4B26950BF452E0A2C91845AFE13A853250E9CFF138489BE9AF5DAFEB448FA0E3A66A890115530C06753B740711FDD582293CB36A6B60BD0

Malicious: false Preview: .PNG...... IHDR...... K... {IDATx....ea...Y.o.m.m...>w.M.....7..n.....1...@..'.}.@C?....4..4([email protected]..^`J.....i f.3fp&vpV..9..;F...Q,..cX.qI._...4..3...LcUfV SdMf%.s.ni..f...Xt..Xr,o#.X.1.;Y...f...... 9n...... e.0....H>v...q...... g(..9>/>.(>...O/K..+...Z...... V.q...... w...... Q..T..T.<=.../."./....[..;.Q.....h...... L...o.x2...U...>I..*q.}y....nE? ._...X...E\ =.&..L.A.$..Bf.F..|`.0..8.c....r6...@7.:.X.K..[...6...... IQ.J.f..U..J2....1....,B.$.x...q..3.s..2$1C...6.SQ@.&#...L.0:+.e,.K..9j:FC;F.]B.C.Lp.i.`...@4...... /.A.Q.^...... n.1>. ]?.B'L.xI.T....h..G...... K;...... J.~.Q....T.J.:j...F.A.M'..] .0.0b.Ai.`..&....*.t...eh.....z0...2.jL...w..m.A....

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_20_install_grub.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 4056 Entropy (8bit): 7.735245817134238 Encrypted: false MD5: DD1C1BE66CDDFF04540607B996D26CD9 SHA1: AEFCD6E15CCDF1EA5A8722F9810DB72DDBBB082C SHA-256: 88AF147AB7A212E43D9AF6501905804A8A8FA61885C9D386AF9A6A6617240E3D SHA-512: 85250CA96FC43E63B13F965563F914DC88C7DC43F797773E8CD26C3607C9C493DB327E7485186FB9DD90A5392F92F6A0C23E46BBB2B927105E8812A0E6F3FDF8

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... =3.....h...... {.oYO..d...... sh...<"M~..z.....a..V4...u.~..&...t....6.....*.i|.....r..~..>gt9f..=)..8...l.!VH...f.4...7G...... 6.u...... ym]..t...|O\...~....9...... Lg ...6...BB....Y.....&....s._.T..z..D.([email protected]... qu..B]...p6w-.."}...... = d...... K...... D.W.,.$.%.....?...Y.Q.9..H..>..0..;@..ar...9.....\G,..."..@.{..^...... R...^.C...R..y.d5F....z...C

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_21_install_grub_bootloader.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3695 Entropy (8bit): 7.751434285432848 Encrypted: false MD5: 4949C56F9186C42CB878BEB7B78C483E SHA1: AFD73813F40B28CC74007862A24B1BD66FE841C4 SHA-256: C52F2611B6E56361665C608FE377B6E2FF70207813671BDD9F068A65DE9A80E6

Copyright Joe Security LLC 2019 Page 22 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_21_install_grub_bootloader.png SHA-512: 92498A9E71E4D5176F6ABA0FA110D1B443B637E192090F5197E28471E68B00014BA33B429D30699DEF7B00A6929688CBD7034F0EB5A7996EF0938E6C78B26770

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... 2@...... E..N.^.4..-..4...)v..9...n 7...... i.O.-.....#.25 L%.p...O|.(2....[..E.xmu.)..hb...... D$..;.@"..7..yyX...D.....p....._...I....Kx....so.....T=...~.z8....GX..g....7...... l.a....j..}e...'.`@H\.....X!.!.L.93..o.K...... 5...n..4.&...x.@[email protected]..@.!A... oH.G=.+....m .G=.....d...5.n...j.._..(_.$G...V...{W..>.?)..:...... [email protected]...... <.A.r....#D.B.. D.B. D.B. .!B.".!B...VQ.$ .k...... \.....v.^....>Gf.....Gs.-4.O.....x.SpAa..a..z...}.....<.,r.h....~. .]L..o...... |....F.....a..' r...:..{.u...... C.L.v{...... |.-9...i.W.z...... 94y!.S...>...{..3.:...u....G....'...... u..c...E[...>/.....a_.~!...... E..+....e&.D.M...}.X.>1....?...... Tog.<.....^.*....}{..V.CT..../. 1f.Q.4...ue.1..Ck;F...... d.2....k..oa..yj=. .E...... >?.....x.B...... t.Y.A...... )..!....'.,...... w$.=...u.

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_22_finish_installation.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 2684 Entropy (8bit): 7.558455872038185 Encrypted: false MD5: 5877EE2F6647F3BB912EE68B95825AD3 SHA1: 08201567415D27276359BE6F6CB2E4839C815B5F SHA-256: ECF4E42682927C77C7945C9219BABEBB8D4C78A8F2960516E9287638D99A2FF6 SHA-512: 775A51855D28A2027D31A50D20E7CCFA681DF76C1856F17B1D4A7AC441EAC2DD8AE9F6B9FC97375BC5F3020F2357C2F6E920BC7590DB8A8CB371EBE4B4F597A 5 Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %....(IDATx...... T.a.....<...n`t...b..us ...cEVR.....|..~lF ...A|fg8wf.} ..5.....2..H...... O...... %..2T.Y{.9.2&.p..w...... q.....x..vS. .q.....5...^..g....e.~#...... ?C...;..A..sJ...... _!o...... 3.'.k...... s,....N... .K...9.W....!.2...@...;/.=.q.a.=.9..|.;3j...... "..^. @[email protected] [email protected][email protected]..@...$...... (.i..,f...{.bo.Rf.r8..${./....@z7...#A..Y.."...../..G.4..(...${Y...... Y....G.....F...... ) 0.....^..r...... oY...... c.6...Z.\QG...... <.....t<=.....a. "..d.:{....e.*!...347H...... Y.....d.L....U6...D.mb.m...... i/..w?...F....m .i.o...}...... :.n....-P>.. ...j\g?t.. .i^.._..u.....75d?.k3.EGf....?.8.. ..f.0.^Z=.i...... s...u._V...... }...y/...k..5.I.-.?...... 2 .....-..M<...... X..5.k7 .{..2".k.s...... %...@[email protected]...(Iq..k..D..!C..s...... j...Z.q..5.....@.{I.

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_2_select_a_language.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 5555 Entropy (8bit): 7.744939111048646 Encrypted: false MD5: A42F3F9C664A8F8E4BDD51F73A987668 SHA1: 72F5D16B8CA5FDD8677892F2713EAEAC8A891D73 SHA-256: CB2417B0CA0B00C352DAB0E6CDF1E40366B976D99172C2F30274382CF94CE0FB SHA-512: E23093A0031282E6A968A515E0FD4AF34100B408DD9B4552C94A3837823466BE51270BB91B0860AD1FCE79FC164F5862D2B1F05292D258514BBA771591D8C3AA

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %[email protected][.SA.....M7yl.BDe.6...d.9...E..KDDDDDDDDDDD.L.:...... @...M..H.'..d.n...... i.....;.u.d<.t.&.'.z.x.... .g...$.m.>..]...... ].}.}}.{..Z.@..

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_3_select_location.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 4661 Entropy (8bit): 7.684645909084633 Encrypted: false MD5: 792F846031D770231B2CB7145E54851C SHA1: F7A057B4E869ABDAC8D1F98ADDD358199DA8947D SHA-256: D709FB766FFC66BDDA4FDFC0215AFC8FFB1B588ECF7BF48B203AA2D69C4F3D13 SHA-512: 28402BDEBD5330336F7B8DB1830E820678088EB64F67C95FB1EF0FF7C181EFD7C5A11AB33B3DCEF34FC4538A67F1FA6A846A1FD1A3D9D5D08CA4A8C54A1D780 6 Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... `v....(....9..6....a..^...... !..L.`{..r.@...... K..<.R...|.h..$j4...1....b.:{y.{{..6b..|.....7.L? [email protected]... .e....y%m...j..9.S ....9..Q....m..y.|+...W .9...... `...... x..2.us.D....[..uE..8..= .?.....FF..R.^ru.<...... d....2...@. ..@.!..B....@. ..@.!..B..dFm..F..@...... B....a.&...... X.....].v)..o..Pr.O.=. D...w.^b..h.N...iu..|Zg[..)[email protected]...... uU.86..[...!.......}C.xz....%D.3k9:.|....Y25..F...... [email protected] [email protected]@.W ...... nHb.@j...... Ft.|Cc.7....2.; ...)..._.x.....m.v@...... F.hl..mf....'uo.R.= .C ...... X....G]..{\.>.%...... Z....D..G...Q_..n.v..).../..U4.y..u.:...=...... Z...D. .t..n.wzx.Qf...... (Gn...g.n@...... 4.n!}..+}.80+...... Z. c?k.}l...z.].....u...... :.].._.>o...@<[email protected].|.H;.7.Q|..9...J:B...[Q#Q..".B......

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_4_configure_keyboard.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 4166 Entropy (8bit): 7.555343250719274 Encrypted: false MD5: 4B1C75F69C8F08ABA917982A565F9E70

Copyright Joe Security LLC 2019 Page 23 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_4_configure_keyboard.png SHA1: FC784E679D47BCE5E36D9F253092A5B62C6D5C84 SHA-256: 037E47E844D2F325F34AF44FE87DF8B4B27499AB3B2084BA56BB84C9DCF327EA SHA-512: 1E233F06A3449BF376627368658627D3E9E482D7FFA2331E3F5EA851C4F61C737860776B833C94219556712FFAF8AA78DB071687D50EC44493AF134FF04B346C

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... ;@m....|.g...... P4..d.n.{.P..`...... '.T...... 4W.}...Q..u..B..G.d 8..hW... ..Yd. .1...(`...... \.d..|..ft.B..#.... (T.'.Z.4...Rc&.\...... A:*...... g-YOs..w.A...1.@...... 5..B....<.$.w.. ..(..(.A.qy3.w...... Gyx.@.'....3.".A. f.J.=b&....[?.' ....v.....9.A...{f.2.|Wt..A.... .!.A..-A.... .!.A.B.... .!.A.B.... .!H{&.n. !H.W....c.Ni.u...... vR./.!HC`....lF/A.!.J.>. .#.....d...... #f..+..W...... 9H.V....A.....Po.9...... =..@]{...U/.!HE-./xuB.1@..._... .!.A.B.... .!.A.B.... .!.A.B...... y{.. bg.3... *. .H.... .v.:i...... A....#v.`Y...sH..d.5.6.@... ..O...y.."[email protected]@[email protected].!.X.d...... @t-.A.....J...... |.u.p..A..{g.+5...3xn`...HD.d!|.j. ^Pi..H...l3.x...B@...... ud... (.....H*"....-..."..Y..@.../2.../[email protected].|[email protected] [email protected] ..9. U9>[email protected].....`[email protected].....?..d..t...... 4. .B&.NC.C4V`7@......

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_5_configure_the_network.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3054 Entropy (8bit): 7.60641596498852 Encrypted: false MD5: 20524A2A316249760E8B67F4CFB6B9D9 SHA1: CFEFB9037FBDB29986A81019077C75DCD442A050 SHA-256: 7824EC670B174C46A6E3A61B18E22E20932301BF4473B849F3D463D43D3266BB SHA-512: 17713CF9C08ACE7FA5DCF4BA8D43F9BD19DCFEAD4C4AEDEFF932609450301D3908ED8F6C0822EC51780C39CA4EEA492E892A8187B21DB357D67A0B081139D0 C0 Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... }.Am....|..N .`...... C.%.S7.i=...?.a...B.7..-.&...z.A...... '.....AP.s=...... 9..5.A0p..C [email protected].|...... HU.t..\_.{8...(_j...E.:ax..#...P.....$.G .Q.".E .Q.".E [email protected][email protected] 6.....U.b...... >.=...... W..G ...X.f..d...X/W...... >...a.;.,...5.^d..Yp..`.qX.i.G=....a...Cx(}..1....1k[.a...A.Nq....4Hf`..uc..u...... t...9.`.A....O.A..J..0.....A...... Zd....q..q....=....a.x.n.;.._.F.8..;.c.[.....@F.._C..;.y.c.c.E.&{..z....c>.n o...E ..."...D [email protected] [email protected] ..."..(..."..(/I..9.....9...a...... x.C...... L5.6.Z?.;.I..#W.r?..`...... j.WZ...a [email protected] ._>>t.9.BpqZ%.3 |[email protected]...... {=..q.G,.s..;.. cG\)|)[email protected]...... -..Z.6@27...... b..X.>.c.~..cB..K..R..e...*5...... X...:.y...x....z.=.8_..

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_6_domain_name.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 2947 Entropy (8bit): 7.592382101063409 Encrypted: false MD5: F019A2CC17E13C6AFDBE951809127882 SHA1: B37977CE901D958DC39B7498F12EC66B0E1BA29B SHA-256: 03B902E9797EF880E1868B035B8158F87673685822229FF33E1CD84334675325 SHA-512: B8CDD76C7A2719D7CB4E6FA1A77194154BC79D12260BB10141679A640DCC8D66A5381B80E5E60F811E22742E01BDF518E82A9A37B983A236EA74F8BA41D2D7D 0 Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %..../IDATx...... 3.u0...... C.3...6..".o..}_..U...... B ..M...:.MV.G.!.6..O7. 4l.....@,.`....!.w1.Q....:j..7<..9.`...... /....X...e..a.u..4.....=....w.".7..6..5...... G.w..s.....' [email protected].%...... @...!.(....x]....@...... S. ..CP7....C...... f..'..pC...... @y.W.@.}A.B .....!..@..".. ...@(.!..!..@.@(.!..@.."...... 2...... bf.`.}...... j-K.....k.d...... +...... /.).x Py ..v=...Q.j)G.U.j:.../{PO#.Z..QC...... B%....'...GD..s..I...+.s..#U..H..!0."W)..../{.|...._`...5...?.....ED.}3@u. .b..47...... [email protected]..].|.y*..+.....8..A..NJ...0..O.`..k..8....~.}[email protected]@2.y`a...... M.jW.!.....^.r.CVax.G.x.. ~O.#[email protected]>.}|..p...... u..a.....#@.I=. q?..'[email protected]@O....4 ..|...G....g/..k^..2....VD...... M.{.3.M...CO6...... G..).oY./.#..?...... j.o..w....p+...].7xd.<".o.2.

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_6a_set_up_root_password.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 5234 Entropy (8bit): 7.855937968068758 Encrypted: false MD5: D0379BE66C6DC83008AF3CF37FE723A0 SHA1: 8107529FEE77A8059C64EC61129688399BD2B902 SHA-256: 3906D016A6C9B89EF61C9839F3CD9F33E63FB632A388D29115467F44C712178B SHA-512: 0B071EB986C2EDF8767AE682A1184C018171DAC716B54006AC16933A0D4D2D1D86E54CAAC97DC2A5B39E2E1B6A5948244DDB364959F59ED923A82B59CA5475A 1 Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...1...... g^...... v... ..p..*.;...... 9...... 1.A*.D.{D^...1H...I...... b...3.#..4.}U..3....j;U. ..}[email protected]...... @6o...... C..z..B..!..@...... U..\..L..av6.A.e...... @...1...I...(.....A.~..CBO...... O..:.}.\..P..JeF,g...;cd{..2.k...N..q.A..G...\...... a..8.b..A..0.A.b..A..0.A..1...... :.D.@.. {..%9.k...:.*1...... H..&M..Q..=...... } u.g.|.c....h E.T.p.})...... yk0.g...g.D'.MY._.....[..V.w....k..bw...y..%]..;.!.{M0b..'..U..Wv.).kb..^~...V.g.R./.N}.....7d.....].._$8X..Y.k ...W.v.d.b.(...... +.~+.8v...... e.c.X.K?.z.Q..7Dr...osc.E.e...... *.>a3.`.Hv.?...4."..3...^..axw.....J..y$p..6._xbL[.6...\H...... 8...&....4..k=).Q..}..k1^....$..}..Y..'\.a.v[..s.>..C.R..j..E. cO.5.%%..:U..j.G...... ;..p.! ....l.b.|8...X6b...k!.k;...-..N...... h.U5..}.s.PG5...N.....h.}.D....S.^..m.W...... @..".%.#...... |B.?..yH.eM..Y^.

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_7_set_up_user_fullname.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 3533 Entropy (8bit): 7.677700184845283

Copyright Joe Security LLC 2019 Page 24 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_7_set_up_user_fullname.png Encrypted: false MD5: E5E329A3C1B303BB066C7796758C0419 SHA1: D5A0687E757D74AF98EF38A75F947CA6F74C20BC SHA-256: E12DF4EE338D4989E13A5A5C78F4A126CCCE46D0F8E15FA9AE71F08CC9FE8C1F SHA-512: BCC829867A3D2050F6FF295646409F12D7F563DE9CCFCB34923D4C615385B54196DDC4CF7ADEB39F1607EF0428DABAB2118E33B12C4767C292B236D7BAE48E11

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %....yIDATx...... 3.T.a...!...... o3.q(.....#..~Vm.hB...Dr...u|([email protected]'.^.n..\Mz...W]aTd ._...h...H..\...... rR.4J...f.P.[[email protected]...... ]#q....:t_5R...}.$...2."... ..i.V.....Y..."...+..S~...N=...... @[email protected]....`..|..1.R.R..r.-.!k=....%..ub....r...T....&.RK...k/..ug...r..X.. [email protected][email protected] [email protected] [email protected] ....I.M.;Ol...d{..8..w..QJj>oZ<...... y.7...d...3x...D.X...".GU.\.g...$...... Qo9.%...Yo.D.j%...^.k}..6..hz.G..V.(o=.X.3...... 9...... _...... ^}....H..-....~~p.{...>.2...... {<...... z.}..=Q..({.D2....BLI~...... ^.@.... r.....5..<[email protected]...... Q.`|!..CZB..?.PgT&.c.$2.y[...b}[email protected]>..C3...|(...... _{5 iy.}-.N ^....Wyj%A.....Z..oY...I.mi -.....4.d`<(..l..4. ..=.4..i ...{Rg.\.H...$3.H..4rw`w...>...i.'.$.$Gw .|..8.[.....\...... /~.+.....s...d&..;...... J.(...9{.W...L.....

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_8_set_up_username.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 2735 Entropy (8bit): 7.580547643019568 Encrypted: false MD5: 841FAD826276700028F278533BCDDEF3 SHA1: 13CA329822D41DEFDABB38B6BEBA6E19FE6892F9 SHA-256: F5BFE92C0F446116C1CEC498453FF953D3B430AE0F55EC165588DB9ED1013511 SHA-512: DD5331C9498A492CBBD617E9F3933E333255FC3C9A32CFBE1BA7B9A9108DD647116DA4BFD3DF33F8BB6170F2E574C22BA57F913DCDAFAEF0E700CBCB109D90 5C Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %....[IDATx...... q ..(Z...$.X..o7^..L..[...... oL/..4./..A..P.AZ.6.#..D.\g`./...... | 7.AZ..'uD.UV.W...... ;.,_.GA*s.(....Y...c...3cs....Y..g..2<..0D.{s.`@..e}.."..A...y....q.....fg...3. H.1....=v+.@...... $.\3...... -.r]G...... K..P.7...... 1.`...... VFr...\...Vc./.... .sA.=. ...D.C.A.A...... b.".!. . ..".!...... E.0...._d%grD.pH...$....b.O.#..].6i..~s.+...:s}.$..?.$.)..'7..z.HJ..$...... A.. }...... R\C..[^...c/'.....5.,...+.Y.=.h.NV...... gz'f...... +.....k....).N.(.C.9}.}. .l].j..W..P....|.1..|.E.....b?.4f.....>Ys.. .h3 ....^g=...... h.^....$.)=.J.....*.v.zl^[email protected].'=.@.{..~.Mlp.3 .z..F [email protected]."....HL..zS..H..$j.$..H...... ib.....{.. $....pN..?..a/.M.Oo...x...... ?.q.....c/.....9=g..i.2..:.^.=..q/....M.1..|....3...g...... Q...Vk..M.g.=./..EU3.c.;t....f..

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_install_9_user_password.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 800 x 600, 4-bit colormap, non-interlaced Size (bytes): 2404 Entropy (8bit): 7.497867733234007 Encrypted: false MD5: B9FF2E5D4D65293B8AFA8C26B5CB5FF1 SHA1: 95B83E42BCA52D67B880F623CBA90A1946F3C7CB SHA-256: 4ECE83DA6A277ED11A9AE0AE42C960F2091FA68ABCAB228CCEC70BA17A5E082D SHA-512: 616AD0B2CD6E407330647706589C695AE474B1607B951EB27DE80F27E9F61EDE85FCC0A033076EF018A60A7021CF126033DC55DF5EFD453AFC77F882D8374AFA

Malicious: false Preview: .PNG...... IHDR...... X.....hX.C....PLTE...... %.....IDATx...... [email protected]!.fE...... c]../[email protected] ;.. .d...i ..4 ..8...... 6sg~..)....r..[...... v.`[..z6l..\.}+..}h.3 [email protected][email protected] 8?.n...... w.^...rO.i y....>.>.Id...3..P.0..<..C ...}.d...... Pg.....C.z.D...... 6...... c...... 7..W'b5j..@. oD.i..HDD.i [email protected][email protected]^[email protected]..\.`_.S....bF.4a79[.b.. .1.@...... j{...... b...7@...'..9 x%.pG.2<'5....y5yr..I?}.6....,..q.-...[..$.dp~y.^.en6z...//[email protected]. 9...... )04.....{...... X.@...... :..a....U.p...Z..2...... >2..q..1-..k....f....4....q...... 7....r.@"[email protected].._k..M.F [email protected]..@"F ...... j..*.q.x....H.\>.=..Q~..~d..I.1...@[email protected] .9..{... .$..P7..F.z.be.cm.U..3D..w...... l.2..@..:n.{.....<.S...... w..|9...... 0" o.Kx...... ~....:....c.W.~.._.{.B..}..+....+._.....i}!.V.i ......

C:\Program Files\GridcoinResearch\doc\gitian-building\debian_root_login.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 720 x 400, 1-bit colormap, non-interlaced Size (bytes): 3047 Entropy (8bit): 7.891042915013135 Encrypted: false MD5: 714AA938E1D2156EDA2B0840403BED15 SHA1: 38974D9D72B8BBF076243A6BC75D0705C80138F5 SHA-256: B46692714564CA3D626FC2DCBA81316E8CB325CC9C8543E31293E6C13DFDFFA1 SHA-512: D4BD435DBD135C8A8BCAB1EC4EFAC6D0AFB9DF7A2434C107C2F75542F40115F336747906933D5AF6FD8BD952856102F082964A4DDA2F990144E53DCF7EB0604 B Malicious: false Preview: .PNG...... IHDR...... )...... PLTE...... ,....IDATx...... k.....~g.....w.{.{.=S!..Y.L..[...7...b)...wv.*.E..{!....o.^!q.p%.... .nw..s.9_;....k..D:?.2.<0...... "XH.2.yBq...... C..H.1...B...2 P...... ^..!.p.^..^V..[/.p~w..K...96m.m....9..].z'..Wdb....fFjI.'...*.ND./#...d.{..}X...=..`....0/=..CNIN..:.5rh...'g.wo..Ogz.n.{..7...m.w^qVF.JVYZZZZZ...... O.4(..[:>...f.b..;)\.Z..T...... i.....q*...6m..,.....9t....Brzb'..t...... &...N.33....q.uf...h...}..+...#.;...... O.RE..;e..t..S...... l..3.3."..+.Y.]....W~.6...bI..:#. kl.....qu..*...T....^.5....*[email protected]..:.K;.w..V.67.]@9...0.0..>.h..>. %.5k+.~G.Ih...O....\..l...... .d...... 0%q)..r,..~W.....#D..4.B...... m....7....P."...G..S..h.fc..y....BI.. $#.U.W^.}...^3.#X...... {t..AY....9.#.l&....<..(.=".#'.-$...ow..r..~.#\}f5..4. ..Y....L...t...RhjW.^]M..Eo.%...].s...... 6..]...... p.B.,......

C:\Program Files\GridcoinResearch\doc\gitian-building\network_settings.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 656 x 485, 8-bit/color RGB, non-interlaced

Copyright Joe Security LLC 2019 Page 25 of 109 C:\Program Files\GridcoinResearch\doc\gitian-building\network_settings.png Size (bytes): 39816 Entropy (8bit): 7.9753707598516295 Encrypted: false MD5: 3009EAEA0D3E8E28652CDC9335A9C551 SHA1: 8004088B1916632FE494104E24EA99E634DDA954 SHA-256: 9309D6D57B77DCBB2551EA88B77AC7636317D4AE110857CD0F1A815A34D41D7D SHA-512: BE15F2E11707CA435F5DDED01A6B86A481F11AF62247BA42EDF537BD15478A57E4952E46040FBF30EF38CE9C2F0DDB026186A41E7709B00DDBB6B9526ACB8EF 3 Malicious: false Preview: .PNG...... IHDR...... [....OIDATx.....A...1.?.....,|. @X..!.X.5`]....Q...... {.....y...... TrH.<.R.z'%..}.....(j.Z.a~7o...... _.is...... ~..H...... 1.N.a(..3...... B.....Kp).X.O).j]..z...=o .....6.?...m:[.7..I....H2.....I3..1.-..}....pC..G...... 'Nu.....6A..y...,.n..8.;.[.i.r.p\[email protected]./`.|y7

C:\Program Files\GridcoinResearch\doc\gitian-building\port_forwarding_rules.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 628 x 321, 8-bit/color RGB, non-interlaced Size (bytes): 20070 Entropy (8bit): 7.958838819167526 Encrypted: false MD5: 6EA2A322BAE9D1A2C1583694807344F0 SHA1: F0BA007EB43E4C0C974524FCBC0EF8458BC4E34A SHA-256: 8B618DCF560ABDDAB449A80881661996389B7F59B7A98E75F869567626514BD3 SHA-512: 7622F2DDAC06A8F2E146F43B93349997B2C6FD7CA79ED9F902D92E47D2EC5560CE54E0C8733119FB99FC35C3B9387DBA396A687657A60B640ACD6608548DBF28

Malicious: false Preview: .PNG...... IHDR...t...A.....qT....N-IDATx...A...... g5.J..A.R..U..l...r.....r.....r=...... w.w`...=.;...... D.d{..&...A.W.5j....?.W..la\.C..d...q%M.me\.Ckw. .+a\.Wf..+a\.....Zq./.b8;. uQ.'..f.j...... T.E.J.W.5w.8....R.1.>..f.3.B{...7.K/."...k.q.....e=#..>....5.J.W.5.l.....no.{..>...$"vf..w...F!.$|...... !o..5N.Gy...eW..{e..0.C...(.I:p..s..'f.m...... W..".....s.....1Wb.zd ...H.DIT.G`.....1.8..p....SZr.

C:\Program Files\GridcoinResearch\doc\gitian-building\select_startup_disk.png Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PNG image data, 563 x 293, 8-bit/color RGB, non-interlaced Size (bytes): 71414 Entropy (8bit): 7.977531598223683 Encrypted: false MD5: 29C32572FCDD4C847D7E79129D5B3026 SHA1: 623B5AB880F2FA2196AB26ADA73D43D2DF32C75B SHA-256: 6F5B31B6C1256AC1F2FFFA96A388DFC37C1DB41C22E8FB22997C0F622185CC43 SHA-512: 62D571E0753254C72F52FABBCBAFA8D21AF5A8E938D041EF19667EFC42AD574DBEDA2FFAF5B67E8E6830793DA06D8FEA93D04FDBC655F381480D190F8D69279 F Malicious: false Preview: .PNG...... IHDR...3...%...... [email protected].$.c.....oqV...N(qw...Yp....9...C.'.....%6FL..S3.#f.9@...... I)..-....D.4.I2..3.'J=.....&."..)..e.ddT...3...... Oe..B .8.I)...... h.....O. Z.....u...UO-\...... :>.|r..RJ..?S.....Kc...LgL...}[email protected]..!....P.$+*....[..t.Q.P..`.l..|...X LJ...... L..*6hz...+.R..>.{...3../^.t.....DJ).8.O..2.SLXa.|E.zo7...... {...nq.5../.a...W.=..R....i...I).O._ )Y.....*.~.2..0..A.m.....{..>}.....U....};..z..c....O...}.LJ./.eJ..%.dU...d.}.Rt-...... Mz... .%R....s..7..

C:\Program Files\GridcoinResearch\doc\gridcoinresearch.1 Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: troff or preprocessor input, ASCII text Size (bytes): 917 Entropy (8bit): 4.92073734913171 Encrypted: false MD5: 7CDD18E0447573118FF767CBDD4A8270 SHA1: 12173FD68EC1DD8D3FCB5BBDADCB3BBBD947E028 SHA-256: 9BDB2C46D5F270E7735B18A049BD6EC2547DAEBC8DF55F0F1E256825164D517D SHA-512: 497898DC1228CC37E1A22B883EF1970E3C545CC6068E2A005B21FC144FEFBD45B82DD4A536E25325E318B5521DFBBC363BB837D7836BE236CEBBD6B59910F6C 2 Malicious: false Preview: .\" Manpage for gridcoinresearch...\" Contact [email protected] to correct errors or typos...TH man 1 "25 September 2016" "1.0" "gridcoinresearch man page"..SH NAME.gridcoinresearch \- graphical (qt4) gridcoin wallet..SH SYNOPSIS.gridcoinresearch..SH DESCRIPTION.Gridcoin is a peer-to-peer cryptocurrency that uses distributed computing .(BOINC) to benefit humanity by advancing the progress of medicine, biology, .climatology, mathematics, astrophysics, and more...The aim of th e Gridcoin project is to shift the computational power primarily .to BOINC projects whilst the POW mining calculations become a second priority .- so as the mining network scales up, the network's BOINC contribution is .scaled up in tandem...SH OPTIONS.gridcoinresearch is usually started without any options..SH SEE ALSO.gridcoin researchd(1)..SH BUGS.No known bugs...SH AUTHOR.Richard Leckinger .

Copyright Joe Security LLC 2019 Page 26 of 109 C:\Program Files\GridcoinResearch\doc\gridcoinresearchd.1 Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: troff or preprocessor input, ASCII text Size (bytes): 922 Entropy (8bit): 4.900004037350161 Encrypted: false MD5: 591B0D255332014922520C182249E88E SHA1: 54C4B50C7BC456570CB6F81DCACD62FBC6787136 SHA-256: 4DA0009154A9B53EE99BB1DFF4E44C5C6E5340376E5BBC5ECDF56C43721625B3 SHA-512: B5B4D74CACE5368BEE4B79136052F09F3B6C5E92A5921AC4FB06A56D74C1D5B47860551F43BB12DDA425EBF1AAA34BFFC08F47980754B12437EC2D7B076D58D 1 Malicious: false Preview: .\" Manpage for gridcoinresearchd...\" Contact [email protected] to correct errors or typos...TH man 1 "25 September 2016" "1.0" "gridcoinresearchd man page"..SH NAME.gridcoinresearchd \- command line gridcoin wallet..SH SYNOPSIS.gridcoinresearchd..SH DESCRIPTION.Gridcoin is a peer-to-peer cryptocurrency that uses distributed computing .(BOINC) to benefit humanity by advancing the progress of medicine, biology, .climatology, mathematics, astrophysics, and more...The aim of t he Gridcoin project is to shift the computational power primarily .to BOINC projects whilst the POW mining calculations become a second priority .- so as the mining netwo rk scales up, the network's BOINC contribution is .scaled up in tandem...SH OPTIONS.The gridcoinresearchd is usually started without any options..SH SEE ALSO.gr idcoinresearch(1)..SH BUGS.No known bugs...SH AUTHOR.Richard Leckinger .

C:\Program Files\GridcoinResearch\doc\readme-qt.rst Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 5882 Entropy (8bit): 4.831624749226975 Encrypted: false MD5: 7AC1E2B867DE1FE5115961F62259262C SHA1: 166CD6A6DCB9024C743B9A24DA17F0604A839870 SHA-256: 94E8578056C0BA32BA012713B9CC45E3D2FB45819862F24696A8B63342F23C91 SHA-512: 05D0463EC20D5811506AF6A348732CC4E08182FC966810F35FE957B250CA9EFB808A3696E5E0C7800AEEB7E5845522E808F3E9BCD8D003E2167C50D3C97F1A43

Malicious: false Preview: Gridcoin-qt: Qt5 GUI for Gridcoin.======..Build instructions.======..Debian.------..First, make sure that the required pa ckages for Qt5 development of your.distribution are installed, for Debian and Ubuntu these are:..::.. apt-get install qt5-default qt5-qmake qtbase5-dev-tools qttools5-dev- tools \. build-essential libboost-dev libboost-system-dev \. libboost-filesystem-dev libboost-program-options-dev libboost-thread-dev \. libssl-dev libdb++-dev libminiupnpc-dev libzip-dev..then execute the following:..::.. qmake. make..Alternatively, install Qt Creator and open the `gridcoin-qt.pro` file...An executable named ` gridcoinresearch` will be built....Windows.------..Windows build instructions:..- Download the `QT Windows SDK`_ and install it. You don't need the Symbian stuff, just the desktop Qt...- Compile openssl, boost and dbcxx...- Open the .pro file in QT creator and build as normal (ctrl-B).... _`QT Windows SDK`:

C:\Program Files\GridcoinResearch\doc\release-process.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 10650 Entropy (8bit): 5.0093732917239056 Encrypted: false MD5: 64A7E9B456FFC9F5B59CB7B90D6CDF23 SHA1: 95D84180D85B8C9FD0809B39BD9EE042F9C7F5A3 SHA-256: C8CEBC5450E41553D85D47AEC50E6C3B2B372457DCC31CA23045C7139B6116FB SHA-512: 07FF0E9187B6E1BABA6218D3B674A3994A81467F4B391CE8F1F14C5F26C1371BBEE031293C5DABA6AEAA8144326D449C081A666E7EABCF13D63E27B56F0A4D0 0 Malicious: false Preview: Release Process.======..Before every release candidate:..* Update version in `configure.ac` (don't forget to set `CLIENT_VERSION_IS_RELEASE` to `true`).* Write release notes to changelog..Before every major release:..* Update hardcoded, see [this pull request](https://github.com/gridcoin/Gridcoin-Research/pull/783) for an example..* Update version of `contrib/gitian-descriptors/*.yml`: usually one'd want to do this on master after branching off the release - but be sure to at least do it bef ore a new major release..### First time / New builders..If you're using the automated script (found in [contrib/gitian-build.sh](/contrib/gitian-build.sh)), then at this point you should run it with the "--setup" command. Otherwise ignore this...Check out the source code in the following directory hierarchy... cd /path/to/your/toplevel/build. git clone https://github.com/gridcoin-community/gitian.sigs.git. git clone https://github.com/bitcoin-core/bitcoin-detached-sigs.git.

C:\Program Files\GridcoinResearch\doc\running.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: exported SGML document, ASCII text Size (bytes): 1300 Entropy (8bit): 4.792204369957113 Encrypted: false MD5: 841BD8D55D0DDA995A9B1E00058A0F6B SHA1: 223A93093B079096EE0AA22CD12D9E05EEF1F475 SHA-256: 3BE4D0311F6EAC24455F4E2EA0E1F0F31C0A890B3369551E237059D074BFDBEF SHA-512: D25B5CCFF6CD725D1B7BA146DF15F8A352B1C9234F9DF306B69E984E469693039F1C1871EBA30988CAA65A1A4C8D783FEDA995953A2708E084FE2691521C9296

Malicious: false

Copyright Joe Security LLC 2019 Page 27 of 109 C:\Program Files\GridcoinResearch\doc\running.md Preview: - 02-21-2015 R. Halford --->..Running Gridcoin in Secure Environment.======..This describes the process to run Gridcoin in a secure environment. Please look at the build docs to generate the binaries first...```bash.$su root.$cd Gridcoin-Research/src.$adduser grcuser && usermod -g users grcuser && delgroup grcuser && chmod 0701 /home/grcuser.$mkdir /home/grcuser/bin.$cp gridcoinresearchd /home/grcuser/bin/gridcoinresearchd.$chown -R grcuser :users /home/grcuser/bin.$cd && rm -rf grcuser.```..Then start Gridcoin Research (From User Environment):..```bash.$su grcuser.$cd && bin/gridcoinresearchd.```..After running the first time you will receive an error instructing you to create a config file called gridcoinresearch.conf:...$nano ~/.GridcoinResearch/gridcoinresearch.conf && c hmod 0600 ~/.GridcoinResearch/gridcoinresearch.conf..Add the following to your config file, changing the username and password to something secure:..```.daemon= 1.server=1.email=.

C:\Program Files\GridcoinResearch\doc\stake-miner.txt Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 5567 Entropy (8bit): 4.683016348099095 Encrypted: false MD5: 1DA7BDA48184F66D9A7DF0349F54F55A SHA1: 8708EE49F5F0E3AC72E25A5C18A658311B3F15F0 SHA-256: C5997E96007F02CDE0C8AA979124E62F1721AE856885BBA000B17EF6BDF8B59D SHA-512: F36C26BAE6F5A684F2B7B34A1F2D4DD1A0C5D23E248C5B653688D72CB2ED84C686801B1114D210F300D660FAE5A24C3B1DE77239C9822ABF7F194CC5B348E92 7 Malicious: false Preview: Stake Miner.======..Job of the StakeMiner is to search for valid kernel and create new blocks..It received considerable development attention lately, lot was changed to a.point you may notice a difference in behavior. Let me describe how it works...## Stake weight..In ~dev~ ~staging~ master branch, the stake weight is repor ted in two places on.the overview screen...The "DPOR Weight:" is calculated somewhere in gui code as balance+magnitude and.**may not reflect real staking weight **...Second is in "Client message:" is calculated in stake miner as sum of weights.of all mature UTXOs and reflects the **real weight**. It is **not in coin**.units...* For version 7 blocks, 1 GRC and 0 Mag equals to 800 of weight..* For version **8** blocks 1 GRC equals to 80 of weight...## Command getmininginfo..RPC command (also in debug console) can be used to obtain additional.information from StakeMiner...* `stakeweight.combined`; no unit natural;. Sum of stake weights of all your mature UTXOs.. T

C:\Program Files\GridcoinResearch\doc\travis-ci.md Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: ASCII text Size (bytes): 1971 Entropy (8bit): 4.467853362730822 Encrypted: false MD5: E0E7E9463A53BEFACDCF003E6ECF3E59 SHA1: 314615F161EE9833913B96F418E4632B0FCBA555 SHA-256: E4F0D196D0FF4F4651903BAAA20E420D998CFAF57AE835F6BBFCAEE3A1E4881E SHA-512: 4011001F1173544CF464EDCC5F660260A79EE3A0098C59CD5769DF6D0C285C7FA05E2C5282939471CD2613CE7F1D8D46010869BD323C60F1714EDC272147D696

Malicious: false Preview: Travis CI.======..Support for using travis-ci has been added in order to automate pull-testing..See [travis-ci.org](https://travis-ci.org/) for more info...Because there is no ability to login to the.builders to install packages (tools, dependencies, etc), the entire build.procedure must instead be controlled by a declarative script `.travis.yml `..This script declares each build configuration, creates virtual machines as.necessary, builds, then discards the virtual machines...A build matrix is constructed to test a wide range of configurations, rather.than a single pass/fail. This helps to catch build failures and logic errors.that present on platforms other than the ones the author has t ested. This.matrix is defined in the build script and can be changed at any time...All builders use the dependency-generator in the [depends dir](/depends), rather than.u sing apt-get to install build dependencies, except for the Linux 64bit build. .This guarantees that the tester is using the same v

C:\Program Files\GridcoinResearch\gridcoinresearch.exe

Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows Size (bytes): 28627984 Entropy (8bit): 6.506353794054847 Encrypted: false MD5: 78E48A7A001B99EBDF855A4D9CD65167 SHA1: DACEF5258763D788839DA9DBC993C863AAD81FBC SHA-256: 54E8FCF0B74538F372EDCBFFFC1D0975E4A5C965B0525ADF92C81367A98389B7 SHA-512: 7D2FB8859DA30C1232D8489DB16D9B2270E24B990E9BAA27B6B9A51CA2DCE756FEE630C0E555EB2ACE52A2415C8FD295A994E77280FC1831480E3B067984C09 7 Malicious: false Antivirus: Antivirus: virustotal, Detection: 1%, Browse Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..d...... /...... 0...... @...... `...... P..@q...... $...... (...... j..x...... text...x.0...... 0...... `.p`.data...... 0...... 0...... @.`..rd ata....g...1...g...1...... @.`@/4...... \...... @.`@.pdata..$...... `...... @[email protected]...!...... "...F...... @.@@.bss...... `..idata..@q... P...r...h...... @.0..CRT....x...... @[email protected]...... @.`..rsrc...... @.0......

C:\Program Files\GridcoinResearch\uninstall.exe

Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive Size (bytes): 88894 Entropy (8bit): 6.7304310358364425

Encrypted: false MD5: 9807116F50D1EF82B1DB0D04E839CC94 SHA1: 545B545FCA3BF45787C6AE4D2AE20DC001147439 SHA-256: 26312FC355B4CBA6E07EF9FB0176D4F14BD2AF736343AB0A0F42FBAFC620ADE8 SHA-512: 5B209B90D6AAB5F546E262BD83501DBDB52F8650F6EC7C3797890363C434737DC761AA2F545BF06EE1BBCA41818D2A7BF69DB1C061F14D934BB499A8F3A36899

Malicious: false Antivirus: Antivirus: virustotal, Detection: 3%, Browse Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..L..... W...... uC...... @...... `...... |[email protected]...... text...$...... 0`.data...... @.`..rdata..8j...... l...... @.`@.bss...... `..idata..|...... @.0..ndata...P...... @.`..rsrc...8....@...... @.0......

C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll

Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows Size (bytes): 9728 Entropy (8bit): 5.1428487804332725 Encrypted: false MD5: C01DF0EF605F284813F15DA8779D79FF SHA1: D44D9AD01584053D857E033DC14F4E5886BB412E SHA-256: C6388B3742BC1591415DC789959C0ED7141CB3A5826E2DE0C9F4C964B21CE64A SHA-512: B7DB647C307FB507E453CBCA252D67A9F9E9C3FD42B1684D6E9F5F7826AE7C677C0A81F2301A9187D07084C5980BA4EA7491BF6C2B1AE3B161AF3E197FA42B7 0 Malicious: false Antivirus: Antivirus: virustotal, Detection: 0%, Browse Antivirus: metadefender, Detection: 0%, Browse Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..L..... W...... #...... $m...... 6...... `..e....p...... (...... 4q...... text...H...... 0`.rdata..(....0...... @[email protected]. ...p....@...... `..edata..e....`...... @[email protected]...... p...... @.0..rsrc...(...... "...... @.0..reloc...... $...... @.0B......

C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\System.dll

Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows Size (bytes): 24064 Entropy (8bit): 5.931807565128868 Encrypted: false MD5: 8643641707FF1E4A3E1DFDA207B2DB72 SHA1: F6D766CAA9CAFA533A04DD00E34741D276325E13 SHA-256: D1B94797529C414B9D058C17DBD10C989EEF59B1FA14EEA7F61790D7CFA7FD25 SHA-512: CC8E07395419027914A6D4B3842AC7D4F14E3EC8BE319BFE5C81F70BCF757F8C35F0AAEB985C240B6ECC71FC3E71B9F697CCDA6E71F84AC4930ADF5EAC8011 81 Malicious: false Antivirus: Antivirus: virustotal, Detection: 0%, Browse Antivirus: metadefender, Detection: 0%, Browse Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..L..... W...... #.....<...Z...... 3...... P....\n...... P...... 4...... <...... text....:...... <...... `.P`.data...4....P...... @...... @.0..rdata...... ` ...... B...... @[email protected]...... p...... `..edata...... J...... @[email protected]...... L...... @.0..CRT....,...... T...... @.0..tls...... V...... @.0..reloc...... X...... @.0B......

C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern-header.bmp Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PC bitmap, Windows 3.x format, 571 x 65 x 24 Size (bytes): 111594 Entropy (8bit): 2.1747956977414957 Encrypted: false MD5: C9CAC58A63B47D7CC568B7DDAB6EF9D4 SHA1: 279A3D36FFDD99290E4DBD40911684ED65CBC6EA SHA-256: 9AC1F5D52BBF8FE592E92375AA639888EB915E36A8976F04A92BF91D765A8722 SHA-512: E0EF90C814360901D8CB94D8D21C6E7515275D1DCEB790BCAFBC1715CC4615CAA35464A330767B8437DA6222B22ECF43B68479315AB24C99CD1655C1911C643A

Malicious: false Preview: BM...... 6...(...;...A...... #...#......

Copyright Joe Security LLC 2019 Page 29 of 109 C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern-wizard.bmp Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PC bitmap, Windows 3.x format, 164 x 314 x 4 Size (bytes): 52988 Entropy (8bit): 1.9568109962493656 Encrypted: false MD5: E39731A71ED38499AC6B8E51E8E58E34 SHA1: F2820C783906CD4F06040B6850856D426519CE15 SHA-256: A94EF9A36E53192F26D5118F0232B6D7F70943B3CF5A7DF6340A139A226D207B SHA-512: F807ED5BE0297462777A82B79D1AAC35CB4FF5FA54DE4D446050A8BB08677488072685A982BFF5A900823C5727196C05EF29B3EEB6ABCD17171C0EF7C3765270

Malicious: false Preview: BM~g...... v...(...... :...... g...... DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD...... DDDDDDDDDD....DDDDDDDDD...... DD@@ @@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D.. DD....DDDDDDD...... DDDDDDDDDD....DDDDDDDDDD...... D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD...... DDDDDDDDD.....DDDDDDDDD...... DDD ..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@ DDDD...... DDDDDD...... DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD...... DDDDDD...... DDDDDDDDD....DDDDDD DDDD...... DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll

Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows Size (bytes): 11264 Entropy (8bit): 5.4910696778053065 Encrypted: false MD5: 79A0BDE19E949A8D90DF271CA6E79CD2 SHA1: 946AD18A59C57A11356DD9841BEC29903247BB98 SHA-256: 8353F495064AAF30B32B02F5D935C21F86758F5A99D8EE5E8BF8077B907FAD90 SHA-512: 2A65A48F5DD453723146BABCA8D047E112AB023A589C57FCF5441962F2846A262C2AD25A2985DBA4F2246CDC21D973CBF5E426D4B75DD49A083635400F908A3E

Malicious: false Antivirus: Antivirus: virustotal, Detection: 0%, Browse Antivirus: metadefender, Detection: 0%, Browse Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... PE..L..... W...... #...... l"...... L....n...... k...... `..k....p...... xq...... text...... 0`.rdata..<....0...... @[email protected] ....0....@...... `..edata..k....`...... @[email protected]...... p...... @.0..rsrc...... (...... @.0..reloc...... *...... @.0B......

C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: data Size (bytes): 38179793 Entropy (8bit): 6.525194281912377 Encrypted: false MD5: A626ED316A6D01E0B7AB42621DDC18FD SHA1: 619A9F3A451705347D224BAFBCDC98309AE7A180 SHA-256: 119EA97E1F5BDC9237525F48FAA1B6EF44C1CB642B2717ED5328AE50ED5F055D SHA-512: 6011F3DEBB99001BB4647D50E77E82A1E9DACD0D3C250C138567FBA58B3469FA12663E5FC26942ABA0AF120F72ADFB1E15ABFDC3669874EF353EEF8908DA68D B Malicious: false Preview: .a...... ,...... K....K...... 7`...... ua...... >...... (...... g...... B...... B...... j...... B...... B...... <......

C:\Users\user\AppData\Roaming\GridcoinResearch\__db.80000001.17ce4c07 Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: Berkeley DB (Btree, version 9, native byte-order) Size (bytes): 16384 Entropy (8bit): 0.03122189365246408 Encrypted: false MD5: FA1D1784F594B419E144B5BD33F455A8 SHA1: 18D357FAB6112426FF3ABE01995FBF0BE22B5A6A SHA-256: DE72D0FEAC6F6883E5F706EAEDA6080CF0E217C6D4EFD70CAE6FE77CCD274027 SHA-512: 9106AD36E391BED5B674E841F49EAFB9CA754EB1188DA835B9CEB2633D15EE9B09A91E592C3949CDEE3034F55DD61BB516C6ED13111AB9F6AC7CD51E91DF0F D2 Malicious: false

Copyright Joe Security LLC 2019 Page 30 of 109 C:\Users\user\AppData\Roaming\GridcoinResearch\__db.80000001.17ce4c07 Preview: ...... b1...... MZ......

C:\Users\user\AppData\Roaming\GridcoinResearch\blk0001.dat Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: data Size (bytes): 228 Entropy (8bit): 4.37108070718506 Encrypted: false MD5: 7E268DAA48DE28DCBB47CA3F9244C9FD SHA1: F709511682613D23E551629E22430405317CAE17 SHA-256: 67078E739B7F2D626A4BE93B04C4DCDD6A5679A308FB2C406C26E83C31C45881 SHA-512: E93D496425FEF56271B0844F5781907C9C3A51F2F42804AF248A08D874EF6FFDB770FC1A0F6FD49BF2CFF67DD352128200547AF283820B7AA42584DB0AB9C09B

Malicious: false Preview: p5"...... ].6,c&...>...v..&*x..Q1/9T...... 1/9T...... I..*E10/11/14 Andrea Rossi Industrial Heat vindicated with LENR validat ion......

C:\Users\user\AppData\Roaming\GridcoinResearch\database\log.0000000001 Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: data Size (bytes): 206503 Entropy (8bit): 4.952962499852147 Encrypted: false MD5: 72804299FE2194D0BF898967D3C6109C SHA1: 904C315C7014240B83D4854AC51A9317BCA9A598 SHA-256: 1AA9A876E2D58C9B5CFB3D949D21AE25B4A5BAA1FD977484371F4B50D19FFFB4 SHA-512: AC3256C82C9381ADD330F8848267C09D91A3F3F2C87C54BF881709BFFF3781E7A06CEED52BD27F509CE545332EEB2E0C6373BAC45DBE30E3FF134A12837CFD0 5 Malicious: false Preview: ......

C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: ASCII text, with very long lines, with CRLF line terminators Size (bytes): 4353 Entropy (8bit): 5.230688320821735 Encrypted: false MD5: 387690FB264E19894FE6347B0C08F582 SHA1: 71CFAD7076FFE68B434842BAFAA2A429F73B496B SHA-256: 5E7E574374DC427B492F6C11C760087C9FC4D1C3820A883B8798E9C7EDC87202 SHA-512: 4F3150FABBEF8ED3D9EBC215B1B2F12487385570FFE9F05E71648175FBD4DD4E980259FED0AED666AF6FC2BD8BBA10FB0FA25EC69CC28B93BA09F7056CC701 E2 Malicious: false Preview: Starting Gridcoin..Initializing GUI.....Boost Version: Using Boost 1.65.1....INFO: NN::CreateNeuralNet(): Native C++ neural network is active...Using specific arg default ..06/01/19 04:01:01 Using the 'sse4(1way+4way),avx2(8way)' SHA256 implementation....06/01/19 04:01:01 ...... 06/01/19 04:01:01 Gridcoin version v4.0.4.0-g4a64ab854 (2019-05-16 20:18:50 +0200)..06/01/19 04:01:01 Using OpenSSL version OpenSSL 1.0.1k 8 Jan 2015..06/01/19 04:01:01 Default data directory C:\Users\user\AppData\Roaming\GridcoinResearch..06/01/19 04:01:01 Used data directory C:\Users\user\AppData\Roaming\GridcoinResearch..06/01/19 04:01:01 dbenv.open LogDir=C:\Users\user\AppData\Roaming\GridcoinResearch\database ErrorFile=C:\Users\user\AppData\Roaming\GridcoinResearch\db.log..06/01/19 04:01:02 Loading block index.....06/01/19 04:01:02 Mode=Prod..06/01/19 04:01:02 Opening LevelDB in C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb

C:\Users\user\AppData\Roaming\GridcoinResearch\peers.dat.ecdd Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: data Size (bytes): 1106 Entropy (8bit): 0.71564436278148 Encrypted: false MD5: 62346934237057CB156927BD0682606B SHA1: 8F3FAC8DF3354582FEEA6AD31DB338EC98482DF1 SHA-256: 2A65F880AC67E9F429F64C89644A9A2F4CF70CC51C5A1CCDD2B493BA731EC460 SHA-512: 5DF85DD5E17FD17F0FB2A39E8A07570F220B655430BC74A6C99FDEF4930E346C9467A8E9EC6FE7274E4B12351FFC49268BF8B7084D3BB3A79A43818C4259BA32

Malicious: false

Copyright Joe Security LLC 2019 Page 31 of 109 C:\Users\user\AppData\Roaming\GridcoinResearch\peers.dat.ecdd Preview: p5".. ..H.....7.'.Z.....5.....n......

C:\Users\user\AppData\Roaming\GridcoinResearch\scraper.log Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 204 Entropy (8bit): 4.833188054508333 Encrypted: false MD5: AF2AAF227BD0EFBA57B2660E2C4CDBA1 SHA1: 61D3F5D3D0150872E2F4A40C372669F12E40EDC7 SHA-256: 752408D84C47A5E6C2F23D70906687B882F198496AB839929241ECFCE8757963 SHA-512: F9A2D2927754BD9429170C04F72BDC22076FB6135437E225E3CF3E349F234F3D712FC02B29B3F65512107FABEEDDFD43AE37257884A196EB0BB44F8B2A280E77

Malicious: false Preview: 06/01/19 04:01:09 [INFO] : Starting Neural Network housekeeping thread (new C++ implementation). ..Note that this does NOT mean the NN is active. This simply does housekeeping functions...

C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat Process: C:\Program Files\GridcoinResearch\gridcoinresearch.exe File Type: Berkeley DB (Btree, version 9, native byte-order) Size (bytes): 1949696 Entropy (8bit): 6.140984708871739 Encrypted: false MD5: 215206639C8457F375ADFDE56EAAF52E SHA1: A21A1C4E58A94A5D3EFFA17057933595C5BC1011 SHA-256: E559387628FCA470B3B8D5D59A6A8438D7BBE83DB4A45079A32CC37C79DF8C55 SHA-512: B4100935FE7CBE3FFF50C06EBEB4D895297C5A61D8292EEFE2CBF3B22D5FB8D5214A7DE174514FF8EC78DF688FB3BEEAD8609A2515B0FB92A78923AE1B6C2F 24 Malicious: false Preview: .....b...... b1...... MZ......

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gridcoin\Gridcoin (64-bit).lnk Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu May 16 20:16:02 2019, mtime=Sat Jun 1 03:00:38 2019, atime=Thu May 16 20:16:02 2019, length=28627984, window=hide Size (bytes): 985 Entropy (8bit): 4.406096351583545 Encrypted: false MD5: 47A620101EA51C7FADCDA9E2B57104F5 SHA1: 515EED838E53F5C1E616F934D16AF6B002C00989 SHA-256: 2F7AE4C7E91A1A93C42BB8EBF8BB980DE1CD6047447E62099AFA1C08362B4E35 SHA-512: 0441273D426B1497C38F3C34D9697BF10C3EBB71455CCE368FE9E51D8DDD3E9530161983BA877BC480AD620CAAA44C3A73AAEB66FCAE0C132E092AC4ADE433 36 Malicious: false Preview: L...... F...... ,....v...... ,...... P.O. .:i.....+00.../C:\...... 1...... N. ..PROGRA~1..t...... L..N. ....<...... J...... D.P.r.o.g.r.a.m. [email protected] .h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1...... N. ..GRIDCO~1..R...... N. .N...... R...... c.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.....v.2.....N.. .GRIDCO~1.EXE..Z...... N...N...... R...... g.r.i.d.c.o.i.n.r.e.s.e.a.r.c.h...e.x.e...... e...... -...... d...... N<.....C:\Program Files\GridcoinResearch\gridcoinresearch.exe..N.....\.....\.....\.....\.....\.....\.....\..... \.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.\.g.r.i.d.c.o.i.n.r.e.s.e.a.r.c.h...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.`...... X...... 320946 ...... x..C..Z.;...... }...... `....x..C..Z.;...... }...... `.E...... 9...1SPS..mD..pH.H@..=x.....h....H....X/:...... `"......

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gridcoin\Gridcoin (testnet, 64-bit).lnk Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ct ime=Thu May 16 20:16:02 2019, mtime=Sat Jun 1 03:00:38 2019, atime=Thu May 16 20:16:02 2019, length=28627984, window=hide Size (bytes): 1901 Entropy (8bit): 3.3001973563852 Encrypted: false MD5: 703B970AEC15F22BED55C3717F35A0D2 SHA1: 617B6429C5EFC629E5DAB1BC5975250ACF0941C7 SHA-256: 47E182EBE139DBC40809BD466B051A02E17D429657E7704A8C1CD0F3C6174247 SHA-512: 6779700BA57F478E650D3539CAD4D904E2BE0EB3880BB298788011051F9EEC64068463462C0CB6D637B893D8F5F8898EFCA84493C18FA872377D2251313D172D

Malicious: false

Copyright Joe Security LLC 2019 Page 32 of 109 C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gridcoin\Gridcoin (testnet, 64-bit).lnk Preview: L...... F.@...... ,....v...... ,...... P.O. .:i.....+00.../C:\...... 1...... N. ..PROGRA~1..t...... L..N. ....<...... J...... D.P.r.o.g.r.a.m. [email protected] .h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1...... N. ..GRIDCO~1..R...... N. .N...... R...... 0..G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.....v.2.....N.. .GRIDCO~1.EXE..Z...... N...N...... R...... g.r.i.d.c.o.i.n.r.e.s.e.a.r.c.h...e.x.e...... e...... -...... d...... N<.....C:\Program Files\GridcoinResearch\gridcoinresearch.exe..N.....\.....\.....\.....\.....\.....\.....\..... \.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.\.g.r.i.d.c.o.i.n.r.e.s.e.a.r.c.h...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h...-.t.e.s.t.n.e.t.6.C. :.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.\.g.r.i.d.c.o.i.n.r.e.s.e.a.r.c.h...e.x.e...... %SystemDrive%\Program Files\GridcoinResearch\gri

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gridcoin\Uninstall Gridcoin (64-bit).lnk Process: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe File Type: MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sat Jun 1 03:00:42 2019, mtime=Sat Jun 1 03:00:42 2019, atime=Sat Jun 1 03:00:42 2019, length=88894, window=hide Size (bytes): 950 Entropy (8bit): 4.457265784680942 Encrypted: false MD5: 60042FF5B8C6F38ED2D2E4EA5AA3B99D SHA1: A9EF2FDC1EEC2655C82EE31FDF1678BEB0B4ECB0 SHA-256: 671831C3A0FB6208BDB2CDADE2DB6E1983DC3BB683ECB0DC4F2C0FC5250FEBD0 SHA-512: 1E6EDF3A3FAB80C7C90AF46F5CD3613DC0CDC9E196270611852BE54CE4B1996B7AEB73E7C718076CC9445BC7A91CABF42007603197845745B6BDF7B1C523A9D 4 Malicious: false Preview: L...... F...... Pf.....Pf.....>[...... P.O. .:i.....+00.../C:\...... 1...... N. ..PROGRA~1..t...... L..N. ....<...... J...... D.P.r.o.g.r.a.m. [email protected] .e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1...... N. ..GRIDCO~1..R...... N. .N...... R...... 0..G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.....h.2.>[...N. .UNINST~1.EXE..L...... N. .N. ....dX...... u.n.i.n.s.t.a.l.l...e.x.e...... ^...... -...... ]...... N<.....C:\Program Files\GridcoinResearch\uninstall.exe..G.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e .s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.\.u.n.i.n.s.t.a.l.l...e.x.e.!.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.r.i.d.c.o.i.n.R.e.s.e.a.r.c.h.`...... X...... 320946...... x..C..Z.;..1...}...... `....x..C..Z.;..1. ..}...... `.E...... 9...1SPS..mD..pH.H@..=x.....h....H....X/:...... `"......

Domains and IPs

Contacted Domains

Name IP Active Malicious Antivirus Detection Reputation sonic.crypto.fans 173.212.235.53 true true 0%, virustotal, Browse unknown node.grcpool.com 206.221.190.250 true false high seeds.gridcoin.ifoggz-network.xyz 23.111.69.149 true true unknown nuad.de 82.165.75.52 true true 0%, virustotal, Browse low london.grcnode.co.uk 104.238.174.180 true true 0%, virustotal, Browse low node.gridcoin.us unknown unknown false high gridcoin.crypto.fans unknown unknown false unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation checkip.dyndns.org/ false high

URLs from Memory and Binaries

Name Source Malicious Antivirus Detection Reputation forum.bitcoin.org/?topic=1756.0 gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://bitcointalk.org/index.php?topic=32273.0 gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://bugs.launchpad.net/ubuntu/ gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, readme- qt.rst.0.dr webchat.freenode.net?channels=gridcoin) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp docs.travis-ci.com/user/build-configuration/ gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.694485109.000000 0000412000.00000004.sdmp, travis- ci.md.0.dr winscp.net/eng/index.php). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp

Copyright Joe Security LLC 2019 Page 33 of 109 Name Source Malicious Antivirus Detection Reputation www.macports.org/install.php gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, readme- qt.rst.0.dr https://www.gridcoin.us#GridcoinWallet gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://grcinvite.herokuapp.com/) gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe low 0000.00000002.697261830.000000 0002F76000.00000004.sdmp web.resource.org/cc/ gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://www.debian.org/C gridcoin-4.0.4-win64-setup (1).exe false high https://en.bitcoin.it/wiki/Main_Page) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://www.debian.org/CD/verify) gridcoin-4.0.4-win64-setup (1).exe, grid false high coin-4.0.4-win64-setup (1).exe, 00000000.00000002.694485109. 0000000000412000.00000004.sdmp bugreports.qt.io/ gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp findicons.com/icon/17102/reload?id=17102 gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp fukuchi.org/works/qrencode/index.html.en gridcoin-4.0.4-win64-setup (1).exe, 0000 false 0%, virustotal, Browse low 0000.00000002.697261830.000000 Avira URL Cloud: safe 0002F76000.00000004.sdmp, readme- qt.rst.0.dr www.opensource.org/licenses/mit-license.php.X gridcoinresearch.exe, 00000009 false high .00000000.692994175.0000000001 F45000.00000008.sdmp www.openssl.org/). gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp docs.travis-ci.com/user/encryption-keys/ gridcoin-4.0.4-win64-setup (1).exe, grid false high coin-4.0.4-win64-setup (1).exe, 00000000.00000002.694485109. 0000000000412000.00000004.sdmp, travis-ci.md.0.dr www.opensource.org/licenses/mit-license.php.T gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp gridcoin-4.0.4-win64-setup (1).exe, 0000 false high https://gridcoin.us/DisplayIconUninstallStringNoModifyNoRepa 0000.00000003.693480164.000000 irgridcoinURL 0000857000.00000004.sdmp www.tiro.comMicrosoft gridcoinresearch.exe, 00000009 false Avira URL Cloud: safe unknown .00000002.1584133778.000000000 40E1000.00000004.sdmp gridcoin-4.0.4-win64-setup (1).exe, 0000 false high downloads.sourceforge.net/project/osslsigncode/osslsigncode/ 0000.00000002.697261830.000000 osslsigncode-1.7.1.tar.gz 0002F76000.00000004.sdmp download.oracle.com/berkeley-db/db-4.8.30.NC.tar.gz gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, build- openbsd.md.0.dr https://github.com/gridcoin/Gridcoin- gridcoin-4.0.4-win64-setup (1).exe, 0000 false high Research/releases/new) 0000.00000002.697261830.000000 0002F76000.00000004.sdmp archive.ubuntu.com/ubuntu gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp www.linux-kvm.org/page/Main_Page) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp www.phreedom.org/md5) gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp https://github.com/theuni/libdmg-hfsplus). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, READ ME_osx.md.0.dr https://www.openssl.org/). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp

Copyright Joe Security LLC 2019 Page 34 of 109 Name Source Malicious Antivirus Detection Reputation https://bitcoincore.org/cfields/osslsigncode-Backports-to- gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 1.7.1.patch 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://launchpad.net/~bitcoin/ gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp schemas.xmlsoap.org/soap/encoding/ gridcoinresearch.exe, 00000009 false high .00000002.1582401479.000000000 1C6E000.00000002.sdmp nsis.sf.net/NSIS_ErrorError gridcoin-4.0.4-win64-setup (1).exe false high https://www.debian.org/CD/netinst/)). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.694485109.000000 0000412000.00000004.sdmp www.msys2.org/). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp miniupnp.tuxfamily.org/files/. gridcoin-4.0.4-win64-setup (1).exe, 0000 false 3%, virustotal, Browse unknown 0000.00000002.697261830.000000 Avira URL Cloud: safe 0002F76000.00000004.sdmp, readme- qt.rst.0.dr wiki.gridcoin.us/OS_X_Guide#Using_Testnet). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp nsis.sf.net/NSIS_Error gridcoin-4.0.4-win64-setup (1).exe false high https://www.visualstudio.com). gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe low 0000.00000002.697261830.000000 0002F76000.00000004.sdmp bugs.debian.org/cgi-bin/bugreport.cgi?bug=621425 gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, readme- qt.rst.0.dr sodipodi.sourceforge.net/DTD/sodipodi-0.dtd gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr gridcoin-4.0.4-win64-setup (1).exe, 0000 false high heanet.dl.sourceforge.net/project/boost/boost/1.61.0/boost_1_ 0000.00000002.697261830.000000 61_0.tar.bz2 0002F76000.00000004.sdmp, build- openbsd.md.0.dr www.opensource.org/licenses/mit-license.php. gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp https://github.com/bitcoin-core/gitian.sigs.git gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp gridcoin-4.0.4-win64-setup (1).exe, 0000 false high https://github.com/gdm85/tenku/tree/master/docker/gitian- 0000.00000002.697261830.000000 bitcoin-host/README.md). 0002F76000.00000004.sdmp https://raw.githubusercontent.com/theuni/osx-cross- gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe unknown depends/master/patches/cdrtools/genisoimage.diff) 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, READ ME_osx.md.0.dr https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD? gridcoin-4.0.4-win64-setup (1).exe, 0000 false high h=gridcoinresearch). 0000.00000002.697261830.000000 0002F76000.00000004.sdmp www.cygwin.com/) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/bitcoin/bitcoin gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp www.inkscape.org/namespaces/inkscape gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://api.github.com/repos/gridcoin- gridcoinresearch.exe, 00000009 false high community/Gridcoin-Research/releases/latestFailed .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr www.phreedom.org/md5)08:27 gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp openbsd-archive.7691.n7.nabble.com/UPDATE- gridcoin-4.0.4-win64-setup (1).exe, 0000 false high cppcheck-1-65-td248900.html 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, build- openbsd.md.0.dr https://brew.sh). gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe low 0000.00000002.697261830.000000 0002F76000.00000004.sdmp

Copyright Joe Security LLC 2019 Page 35 of 109 Name Source Malicious Antivirus Detection Reputation https://github.com/gridcoin-community/Gridcoin- gridcoin-4.0.4-win64-setup (1).exe, 0000 false high Tasks/issues/194 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00001.701025021.000000000171B0 00.00000002.sdmp, gridcoinrese arch.exe.0.dr schemas.xmlsoap.org/soap/envelope/ gridcoinresearch.exe, 00000009 false high .00000002.1582401479.000000000 1C6E000.00000002.sdmp findicons.com/icon/93743/blocks_gnome_netstatus_0 gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://api.github.com/repos/gridcoin- gridcoinresearch.exe, 00000009 false high community/Gridcoin-Research/releases/latest .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://curl.haxx.se/docs/http-cookies.html gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00002.1582401479.0000000001C6E 000.00000002.sdmp https://github.com/bitcoin-core/bitcoin-detached-sigs). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, READ ME_osx.md.0.dr www.icon-king.com/projects/nuvola/ gridcoin-4.0.4-win64-setup (1).exe, 0000 false 0%, virustotal, Browse low 0000.00000002.697261830.000000 Avira URL Cloud: safe 0002F76000.00000004.sdmp gridcoin-4.0.4-win64-setup (1).exe, grid false high cdimage.debian.org/mirror/cdimage/archive/8.5.0/amd64/iso- coin-4.0.4-win64-setup (1).exe, cd/debian-8.5.0-amd64-netinst.iso) 00000000.00000002.694485109. 0000000000412000.00000004.sdmp www.openssl.org/support/faq.html gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00002.1582401479.0000000001C6E 000.00000002.sdmp https://github.com/mingwandroid/toolchain4). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, READ ME_osx.md.0.dr https://gridcoin.us). gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe low 0000.00000002.697261830.000000 0002F76000.00000004.sdmp gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe low www.chiark.greenend.org.uk/~sgtatham/putty/download.html) 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://wiki.freebsd.org/GdbRetirement). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp www.everaldo.com gridcoin-4.0.4-win64-setup (1).exe, 0000 false 0%, virustotal, Browse low 0000.00000002.697261830.000000 Avira URL Cloud: safe 0002F76000.00000004.sdmp https://www.virtualbox.org/) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/gridcoin/Gridcoin-Research gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/bitcoin-core/bitcoin-detached-sigs) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/laanwj/bitcoin.git gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://gridcoin.us/exchange.htm#GridcoinWallet gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://opensource.org/licenses/mit-license.php. gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp qt-project.org/downloads readme-qt.rst.0.dr false high

Copyright Joe Security LLC 2019 Page 36 of 109 Name Source Malicious Antivirus Detection Reputation https://www.worldcommunitygrid.org/ gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00001.701025021.000000000171B0 00.00000002.sdmp, gridcoinrese arch.exe.0.dr https://cryptocurrencytalk.com/forum/464-gridcoin-grc/ gridcoinresearch.exe.0.dr false high https://github.com/gridcoin-community/Gridcoin- gridcoinresearch.exe, 00000009 false high Tasks/issues/194You .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://www.openssl.org/) gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp https://github.com/gridcoin-community/gitian.sigs.git gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/gridcoin-community/Gridcoin- gridcoinresearch.exe.0.dr false high Tasks/issues/48 https://gridcoin.us/ gridcoin-4.0.4-win64-setup (1).exe false high https://gridcoin.us/contact.htm#GridcoinWallet gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://mingw-w64.org/doku.php) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://en.bitcoin.it/wiki/OpenSSL_and_EC_Libraries gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00001.701025021.000000000171B0 00.00000002.sdmp, gridcoinrese arch.exe.0.dr gridcoin-4.0.4-win64-setup (1).exe, 0000 false Avira URL Cloud: safe unknown https://gist.githubusercontent.com/laanwj/bf359281dc319b8ff2 0000.00000002.697261830.000000 e1/raw/92250de8404b97bb99d72ab898f4a8cb3 0002F76000.00000004.sdmp, build- openbsd.md.0.dr https://github.com/bitcoin-core/bitcoin-detached-sigs.git gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/bitcoin-core/gitian.sigs/) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp https://github.com/bitcoin/bitcoin/issues/6658). gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, build- openbsd.md.0.dr https://en.bitcoin.it/wiki/OpenSSL_and_EC_Librariesl gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://boincstats.com/en/stats/- gridcoinresearch.exe, 00000009 false high 1/team/detail/118094994/overview .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr creativecommons.org/ns# gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr https://boinc.berkeley.edu gridcoinresearch.exe, 00000009 false high .00000001.701025021.0000000001 71B000.00000002.sdmp, gridcoin research.exe.0.dr gridcoin-4.0.4-win64-setup (1).exe, 0000 false high https://www.worldcommunitygrid.org/basic_string::appendstats 0000.00000002.697261830.000000 /.gzbasic_string::append: 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00001.701025021.000000000171B0 00.00000002.sdmp, gridcoinrese arch.exe.0.dr archive.ubuntu.com/ubuntu/pool/universe/v/vm- gridcoin-4.0.4-win64-setup (1).exe, 0000 false high builder/vm-builder_0.12.4 0000.00000002.697261830.000000 0002F76000.00000004.sdmp www.openssl.org/support/faq.htmlRAND gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp, grid coinresearch.exe, 00000009.000 00002.1582401479.0000000001C6E 000.00000002.sdmp Copyright Joe Security LLC 2019 Page 37 of 109 Name Source Malicious Antivirus Detection Reputation https://linuxcontainers.org/) gridcoin-4.0.4-win64-setup (1).exe, 0000 false high 0000.00000002.697261830.000000 0002F76000.00000004.sdmp gridcoinresearch.exe, 00000009 false high https://www.gridcoinstats.eu/block#pk_campaign=GridcoinWal .00000001.701025021.0000000001 let&pk_kwd= 71B000.00000002.sdmp, gridcoin research.exe.0.dr

Contacted IPs

No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs

Public

IP Country Flag ASN ASN Name Malicious 23.111.74.106 Canada 54643 unknown true 82.165.75.52 Germany 8560 unknown true 91.198.22.70 United Kingdom 33517 unknown false 206.221.190.250 United States 20473 unknown false 23.111.69.149 Canada 54643 unknown true 173.212.235.53 Germany 51167 unknown true 104.238.174.180 United States 20473 unknown true

Static File Info

General File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive Entropy (8bit): 7.9996927589901 TrID: Win32 Executable (generic) a (10002005/4) 99.94% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Java Script embedded in Visual Basic Script (1500/0) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00% File name: gridcoin-4.0.4-win64-setup (1).exe

Copyright Joe Security LLC 2019 Page 38 of 109 General File size: 13488249 MD5: 3c890f51d3a68ab8142d477022811b8a SHA1: ad8cedc4428a58c9c68d6494e645fb7526a04543 SHA256: e4389d05ba0c0071d6a3e6502bde76eeb397f7661b2268 6ac17b9e9e89c183ef SHA512: 9f47085c16c4f189de108ee8635f7c436d5aee2da428edb 0dc35a0a1cfb222112a8b09fecdf46014905a083ea9df7d a928093a125d517f0bb31e8a700488ce48 SSDEEP: 393216:MiHGki5lN3TWnJhUhx3xRfw5Yxe2LBndTj6tIQ q:TqdTOJhU8Qe+ROOQq File Content Preview: MZ...... @...... !..L.!Th is program cannot be run in DOS mode....$...... PE..L..... W...... uC...... @...... `......

File Icon

Icon Hash: 70f0e8c4e4e8f830

Static PE Info

General Entrypoint: 0x404375 Entrypoint Section: .text Digitally signed: false Imagebase: 0x400000 Subsystem: windows gui Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED DLL Characteristics: TERMINAL_SERVER_AWARE Time Stamp: 0x57201593 [Wed Apr 27 01:27:47 2016 UTC] TLS Callbacks: CLR (.Net) Version: OS Version Major: 4 OS Version Minor: 0 File Version Major: 4 File Version Minor: 0 Subsystem Version Major: 4 Subsystem Version Minor: 0 Import Hash: 187b3ae62ff818788b8c779ef7bc3d1c

Entrypoint Preview

Instruction push ebp mov ebp, esp push edi push esi push ebx sub esp, 000001ACh mov dword ptr [esp], 00008001h call dword ptr [0042D434h] push ecx call dword ptr [0042D3FCh] cmp ax, 0006h je 00007F1338C9257Dh mov dword ptr [esp], 00000000h call 00007F1338C96457h test eax, eax push edx je 00007F1338C9256Ch mov dword ptr [esp], 00000C00h call eax push edi Copyright Joe Security LLC 2019 Page 39 of 109 Instruction mov ebx, 0040B360h cmp byte ptr [ebx], 00000000h je 00007F1338C9257Bh mov dword ptr [esp], ebx call 00007F1338C963ABh push ecx mov dword ptr [esp], ebx call dword ptr [0042D464h] lea ebx, dword ptr [ebx+eax+01h] push esi jmp 00007F1338C92544h mov dword ptr [esp], 0000000Dh call 00007F1338C96419h push ebx mov dword ptr [esp], 0000000Bh call 00007F1338C9640Ch push esi mov dword ptr [0042BCA0h], eax call dword ptr [0042D354h] mov dword ptr [esp], 00000000h call dword ptr [0042D474h] mov dword ptr [0042BC18h], eax push edi lea eax, dword ptr [ebp-00000178h] mov dword ptr [esp+10h], 00000000h mov dword ptr [esp+0Ch], 00000160h mov dword ptr [esp+08h], eax mov dword ptr [esp+04h], 00000000h mov dword ptr [esp], 0040B31Dh call dword ptr [00000088h]

Data Directories

Name Virtual Address Virtual Size Is in Section IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_IMPORT 0x2d000 0x127c .idata IMAGE_DIRECTORY_ENTRY_RESOURCE 0x44000 0x1f38 .rsrc IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0 IMAGE_DIRECTORY_ENTRY_SECURITY 0x0 0x0 IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0 IMAGE_DIRECTORY_ENTRY_DEBUG 0x0 0x0 IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0 IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_IAT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0 IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0

Sections

Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics .text 0x1000 0x8b24 0x8c00 False 0.535072544643 data 5.94493117254 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ Copyright Joe Security LLC 2019 Page 40 of 109 Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics .data 0xa000 0xe0 0x200 False 0.203125 data 1.6245412671 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .rdata 0xb000 0x6a38 0x6c00 False 0.710141782407 data 7.22225407966 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .bss 0x12000 0x1ad00 0x0 False 0 empty 0.0 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_CNT_UNINITIALIZED_ DATA, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .idata 0x2d000 0x127c 0x1400 False 0.370703125 data 5.15437118286 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ .ndata 0x2f000 0x15000 0x400 False 0.0166015625 data 0.0 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

Copyright Joe Security LLC 2019 Page 41 of 109 Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics .rsrc 0x44000 0x1f38 0x2000 False 0.369384765625 data 4.53820686249 IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_CNT_INITIALIZED_DA TA, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_MEM_READ

Resources

Name RVA Size Type Language Country RT_ICON 0x44238 0x10a8 data English United States RT_DIALOG 0x452e0 0x144 data English United States RT_DIALOG 0x45428 0x246 data English United States RT_DIALOG 0x45670 0x104 data English United States RT_DIALOG 0x45778 0xa0 data English United States RT_DIALOG 0x45818 0xee data English United States RT_GROUP_ICON 0x45908 0x14 data English United States RT_VERSION 0x45920 0x254 data RT_MANIFEST 0x45b78 0x3bc XML 1.0 document, ASCII text, with very long lines, English United States with no line terminators

Imports

DLL Import ADVAPI32.dll RegCloseKey, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA COMCTL32.DLL ImageList_AddMasked, ImageList_Create, ImageList_Destroy, InitCommonControls GDI32.dll CreateBrushIndirect, CreateFontIndirectA, DeleteObject, GetDeviceCaps, SelectObject, SetBkColor, SetBkMode, SetTextColor KERNEL32.dll CloseHandle, CompareFileTime, CopyFileA, CreateDirectoryA, CreateFileA, CreateProcessA, CreateThread, DeleteFileA, ExitProcess, ExpandEnvironmentStringsA, FindClose, FindFirstFileA, FindNextFileA, FreeLibrary, GetCommandLineA, GetCurrentProcess, GetDiskFreeSpaceA, GetExitCodeProcess, GetFileAttributesA, GetFileSize, GetFullPathNameA, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetPrivateProfileStringA, GetProcAddress, GetShortPathNameA, GetSystemDirectoryA, GetTempFileNameA, GetTempPathA, GetTickCount, GetVersion, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, LoadLibraryExA, MoveFileA, MulDiv, MultiByteToWideChar, ReadFile, RemoveDirectoryA, SearchPathA, SetCurrentDirectoryA, SetErrorMode, SetFileAttributesA, SetFilePointer, SetFileTime, Sleep, WaitForSingleObject, WriteFile, WritePrivateProfileStringA, lstrcatA, lstrcmpA, lstrcmpiA, lstrcpynA, lstrlenA ole32.dll CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize SHELL32.dll SHBrowseForFolderA, SHFileOperationA, SHGetFileInfoA, SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteA USER32.dll AppendMenuA, BeginPaint, CallWindowProcA, CharNextA, CharPrevA, CheckDlgButton, CloseClipboard, CreateDialogParamA, CreatePopupMenu, CreateWindowExA, DefWindowProcA, DestroyWindow, DialogBoxParamA, DispatchMessageA, DrawTextA, EmptyClipboard, EnableMenuItem, EnableWindow, EndDialog, EndPaint, ExitWindowsEx, FillRect, FindWindowExA, GetClassInfoA, GetClientRect, GetDC, GetDlgItem, GetDlgItemTextA, GetMessagePos, GetSysColor, GetSystemMenu, GetSystemMetrics, GetWindowLongA, GetWindowRect, InvalidateRect, IsWindow, IsWindowEnabled, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadImageA, MessageBoxIndirectA, OpenClipboard, PeekMessageA, PostQuitMessage, RegisterClassA, ScreenToClient, SendMessageA, SendMessageTimeoutA, SetClassLongA, SetClipboardData, SetCursor, SetDlgItemTextA, SetForegroundWindow, SetTimer, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, SystemParametersInfoA, TrackPopupMenu, wsprintfA

Version Infos

Description Data LegalCopyright FileVersion 4.0.4 CompanyName Gridcoin project ProductName Gridcoin ProductVersion 4.0.4 FileDescription CompanyWebsite https://gridcoin.us/ Translation 0x0000 0x0000

Possible Origin

English United States

Static AutoIT Info

General Code:

Network Behavior

Network Port Distribution

Total Packets: 95 • 53 (DNS) • 32749 undefined • 80 (HTTP)

TCP Packets

Timestamp Source Port Dest Port Source IP Dest IP May 31, 2019 21:01:09.209732056 CEST 49714 80 192.168.2.6 91.198.22.70 May 31, 2019 21:01:09.241240025 CEST 80 49714 91.198.22.70 192.168.2.6 May 31, 2019 21:01:09.241528988 CEST 49714 80 192.168.2.6 91.198.22.70 May 31, 2019 21:01:09.245996952 CEST 49714 80 192.168.2.6 91.198.22.70 May 31, 2019 21:01:09.277256012 CEST 80 49714 91.198.22.70 192.168.2.6 May 31, 2019 21:01:09.277468920 CEST 80 49714 91.198.22.70 192.168.2.6 May 31, 2019 21:01:09.277518034 CEST 80 49714 91.198.22.70 192.168.2.6 May 31, 2019 21:01:09.277648926 CEST 49714 80 192.168.2.6 91.198.22.70 May 31, 2019 21:01:09.405786991 CEST 49714 80 192.168.2.6 91.198.22.70 May 31, 2019 21:01:10.183186054 CEST 49715 32749 192.168.2.6 173.212.235.53 May 31, 2019 21:01:10.211039066 CEST 32749 49715 173.212.235.53 192.168.2.6 May 31, 2019 21:01:10.217972040 CEST 49715 32749 192.168.2.6 173.212.235.53 May 31, 2019 21:01:10.218244076 CEST 49715 32749 192.168.2.6 173.212.235.53 May 31, 2019 21:01:10.245892048 CEST 32749 49715 173.212.235.53 192.168.2.6 May 31, 2019 21:01:10.247950077 CEST 32749 49715 173.212.235.53 192.168.2.6 May 31, 2019 21:01:10.729414940 CEST 49716 32749 192.168.2.6 104.238.174.180 May 31, 2019 21:01:10.761847973 CEST 32749 49716 104.238.174.180 192.168.2.6 May 31, 2019 21:01:10.762317896 CEST 49716 32749 192.168.2.6 104.238.174.180 May 31, 2019 21:01:10.778115034 CEST 49716 32749 192.168.2.6 104.238.174.180 May 31, 2019 21:01:10.810470104 CEST 32749 49716 104.238.174.180 192.168.2.6 May 31, 2019 21:01:10.931063890 CEST 32749 49716 104.238.174.180 192.168.2.6 May 31, 2019 21:01:10.932270050 CEST 49716 32749 192.168.2.6 104.238.174.180 May 31, 2019 21:01:10.947119951 CEST 49716 32749 192.168.2.6 104.238.174.180

Copyright Joe Security LLC 2019 Page 43 of 109 Timestamp Source Port Dest Port Source IP Dest IP May 31, 2019 21:01:10.978907108 CEST 32749 49716 104.238.174.180 192.168.2.6 May 31, 2019 21:01:11.284194946 CEST 49717 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:01:14.289588928 CEST 49717 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:01:16.795151949 CEST 49718 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:19.802746058 CEST 49718 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:22.315728903 CEST 49719 32749 192.168.2.6 206.221.190.250 May 31, 2019 21:01:22.418144941 CEST 32749 49719 206.221.190.250 192.168.2.6 May 31, 2019 21:01:22.418370962 CEST 49719 32749 192.168.2.6 206.221.190.250 May 31, 2019 21:01:22.426572084 CEST 49719 32749 192.168.2.6 206.221.190.250 May 31, 2019 21:01:22.521015882 CEST 32749 49719 206.221.190.250 192.168.2.6 May 31, 2019 21:01:22.521275043 CEST 49719 32749 192.168.2.6 206.221.190.250 May 31, 2019 21:01:22.526216984 CEST 49719 32749 192.168.2.6 206.221.190.250 May 31, 2019 21:01:22.623913050 CEST 32749 49719 206.221.190.250 192.168.2.6 May 31, 2019 21:01:22.628520966 CEST 32749 49719 206.221.190.250 192.168.2.6 May 31, 2019 21:01:22.939502001 CEST 49720 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:25.939747095 CEST 49720 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:28.446953058 CEST 49721 32749 192.168.2.6 82.165.75.52 May 31, 2019 21:01:28.469806910 CEST 32749 49721 82.165.75.52 192.168.2.6 May 31, 2019 21:01:28.470041037 CEST 49721 32749 192.168.2.6 82.165.75.52 May 31, 2019 21:01:28.477091074 CEST 49721 32749 192.168.2.6 82.165.75.52 May 31, 2019 21:01:28.500010014 CEST 32749 49721 82.165.75.52 192.168.2.6 May 31, 2019 21:01:28.980323076 CEST 49722 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:31.989279032 CEST 49722 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:34.488612890 CEST 49723 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:37.502944946 CEST 49723 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:40.002039909 CEST 49724 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:43.006571054 CEST 49724 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:45.506953955 CEST 49725 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:48.524003029 CEST 49725 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:51.019857883 CEST 49726 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:52.956722021 CEST 49721 32749 192.168.2.6 82.165.75.52 May 31, 2019 21:01:52.988657951 CEST 32749 49721 82.165.75.52 192.168.2.6 May 31, 2019 21:01:52.989012957 CEST 49721 32749 192.168.2.6 82.165.75.52 May 31, 2019 21:01:54.030020952 CEST 49726 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:01:56.535902977 CEST 49727 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:01:59.535933971 CEST 49727 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:02.054791927 CEST 49728 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:05.063050985 CEST 49728 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:07.580440044 CEST 49729 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:10.580528975 CEST 49729 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:13.098563910 CEST 49730 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:16.111459970 CEST 49730 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:18.619477987 CEST 49733 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:21.631881952 CEST 49733 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:24.146405935 CEST 49734 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:27.158518076 CEST 49734 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:29.659826994 CEST 49735 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:32.672715902 CEST 49735 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:35.178982019 CEST 49736 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:38.180069923 CEST 49736 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:02:40.696717978 CEST 49737 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:43.710655928 CEST 49737 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:46.227339983 CEST 49738 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:49.222964048 CEST 49738 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:51.747997999 CEST 49739 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:54.752342939 CEST 49739 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:02:57.268703938 CEST 49740 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:00.278131008 CEST 49740 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:02.794964075 CEST 49741 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:05.800731897 CEST 49741 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:08.315418959 CEST 49742 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:11.330327988 CEST 49742 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:13.843576908 CEST 49743 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:16.849212885 CEST 49743 32749 192.168.2.6 23.111.74.106

Copyright Joe Security LLC 2019 Page 44 of 109 Timestamp Source Port Dest Port Source IP Dest IP May 31, 2019 21:03:19.354094028 CEST 49744 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:22.356524944 CEST 49744 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:24.877691984 CEST 49745 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:27.882467031 CEST 49745 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:30.400067091 CEST 49746 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:33.415313959 CEST 49746 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:35.910842896 CEST 49747 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:38.919786930 CEST 49747 32749 192.168.2.6 23.111.74.106 May 31, 2019 21:03:41.427916050 CEST 49748 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:44.437511921 CEST 49748 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:46.932404995 CEST 49749 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:49.943837881 CEST 49749 32749 192.168.2.6 23.111.69.149 May 31, 2019 21:03:52.444560051 CEST 49750 32749 192.168.2.6 23.111.69.149

UDP Packets

Timestamp Source Port Dest Port Source IP Dest IP May 31, 2019 21:01:09.492942095 CEST 49754 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:09.530013084 CEST 53 49754 8.8.8.8 192.168.2.6 May 31, 2019 21:01:09.537545919 CEST 57085 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:09.575628996 CEST 53 57085 8.8.8.8 192.168.2.6 May 31, 2019 21:01:09.582456112 CEST 64275 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:09.738209009 CEST 53 64275 8.8.8.8 192.168.2.6 May 31, 2019 21:01:09.747978926 CEST 65250 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:09.786499023 CEST 53 65250 8.8.8.8 192.168.2.6 May 31, 2019 21:01:09.796451092 CEST 57895 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:09.833600044 CEST 53 57895 8.8.8.8 192.168.2.6 May 31, 2019 21:01:09.839948893 CEST 51715 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:09.875833035 CEST 53 51715 8.8.8.8 192.168.2.6 May 31, 2019 21:01:09.882496119 CEST 57374 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:10.880069017 CEST 57374 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:10.894911051 CEST 53 57374 8.8.8.8 192.168.2.6 May 31, 2019 21:01:10.911346912 CEST 53500 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:10.956875086 CEST 53 53500 8.8.8.8 192.168.2.6 May 31, 2019 21:01:10.973256111 CEST 60263 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:11.007915974 CEST 53 60263 8.8.8.8 192.168.2.6 May 31, 2019 21:01:11.021019936 CEST 57268 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:11.054512978 CEST 53 57268 8.8.8.8 192.168.2.6 May 31, 2019 21:01:11.066190004 CEST 51783 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:11.081259966 CEST 53 51783 8.8.8.8 192.168.2.6 May 31, 2019 21:01:11.092286110 CEST 52569 53 192.168.2.6 8.8.8.8 May 31, 2019 21:01:11.107112885 CEST 53 52569 8.8.8.8 192.168.2.6

DNS Queries

Timestamp Source IP Dest IP Trans ID OP Code Name Type Class May 31, 2019 21:01:09.492942095 CEST 192.168.2.6 8.8.8.8 0x3863 Standard query node.gridcoin.us A (IP address) IN (0x0001) (0) May 31, 2019 21:01:09.537545919 CEST 192.168.2.6 8.8.8.8 0x304 Standard query node.gridcoin.us A (IP address) IN (0x0001) (0) May 31, 2019 21:01:09.582456112 CEST 192.168.2.6 8.8.8.8 0x8cea Standard query london.grc A (IP address) IN (0x0001) (0) node.co.uk May 31, 2019 21:01:09.747978926 CEST 192.168.2.6 8.8.8.8 0x7f07 Standard query london.grc A (IP address) IN (0x0001) (0) node.co.uk May 31, 2019 21:01:09.796451092 CEST 192.168.2.6 8.8.8.8 0xb7fe Standard query gridcoin.c A (IP address) IN (0x0001) (0) rypto.fans May 31, 2019 21:01:09.839948893 CEST 192.168.2.6 8.8.8.8 0xba84 Standard query gridcoin.c A (IP address) IN (0x0001) (0) rypto.fans May 31, 2019 21:01:09.882496119 CEST 192.168.2.6 8.8.8.8 0xa3d9 Standard query node.grcpool.com A (IP address) IN (0x0001) (0) May 31, 2019 21:01:10.880069017 CEST 192.168.2.6 8.8.8.8 0xa3d9 Standard query node.grcpool.com A (IP address) IN (0x0001) (0) May 31, 2019 21:01:10.911346912 CEST 192.168.2.6 8.8.8.8 0x19d8 Standard query node.grcpool.com A (IP address) IN (0x0001) (0) May 31, 2019 21:01:10.973256111 CEST 192.168.2.6 8.8.8.8 0x3488 Standard query nuad.de A (IP address) IN (0x0001) (0)

Copyright Joe Security LLC 2019 Page 45 of 109 Timestamp Source IP Dest IP Trans ID OP Code Name Type Class May 31, 2019 21:01:11.021019936 CEST 192.168.2.6 8.8.8.8 0x1140 Standard query nuad.de A (IP address) IN (0x0001) (0) May 31, 2019 21:01:11.066190004 CEST 192.168.2.6 8.8.8.8 0x81f4 Standard query seeds.grid A (IP address) IN (0x0001) (0) coin.ifoggz- network.xyz May 31, 2019 21:01:11.092286110 CEST 192.168.2.6 8.8.8.8 0x7802 Standard query seeds.grid A (IP address) IN (0x0001) (0) coin.ifoggz- network.xyz

DNS Answers

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class May 31, 2019 8.8.8.8 192.168.2.6 0x8cea No error (0) london.grc 104.238.174.180 A (IP address) IN (0x0001) 21:01:09.738209009 node.co.uk CEST May 31, 2019 8.8.8.8 192.168.2.6 0x7f07 No error (0) london.grc 104.238.174.180 A (IP address) IN (0x0001) 21:01:09.786499023 node.co.uk CEST May 31, 2019 8.8.8.8 192.168.2.6 0xb7fe No error (0) gridcoin.c sonic.crypto.fans CNAME IN (0x0001) 21:01:09.833600044 rypto.fans (Canonical name) CEST May 31, 2019 8.8.8.8 192.168.2.6 0xb7fe No error (0) sonic.crypto.fans 173.212.235.53 A (IP address) IN (0x0001) 21:01:09.833600044 CEST May 31, 2019 8.8.8.8 192.168.2.6 0xba84 No error (0) gridcoin.c sonic.crypto.fans CNAME IN (0x0001) 21:01:09.875833035 rypto.fans (Canonical name) CEST May 31, 2019 8.8.8.8 192.168.2.6 0xba84 No error (0) sonic.crypto.fans 173.212.235.53 A (IP address) IN (0x0001) 21:01:09.875833035 CEST May 31, 2019 8.8.8.8 192.168.2.6 0xa3d9 No error (0) node.grcpo 206.221.190.250 A (IP address) IN (0x0001) 21:01:10.894911051 ol.com CEST May 31, 2019 8.8.8.8 192.168.2.6 0x19d8 No error (0) node.grcpo 206.221.190.250 A (IP address) IN (0x0001) 21:01:10.956875086 ol.com CEST May 31, 2019 8.8.8.8 192.168.2.6 0x3488 No error (0) nuad.de 82.165.75.52 A (IP address) IN (0x0001) 21:01:11.007915974 CEST May 31, 2019 8.8.8.8 192.168.2.6 0x1140 No error (0) nuad.de 82.165.75.52 A (IP address) IN (0x0001) 21:01:11.054512978 CEST May 31, 2019 8.8.8.8 192.168.2.6 0x81f4 No error (0) seeds.grid 23.111.69.149 A (IP address) IN (0x0001) 21:01:11.081259966 coin.ifoggz- CEST network.xyz May 31, 2019 8.8.8.8 192.168.2.6 0x81f4 No error (0) seeds.grid 23.111.74.106 A (IP address) IN (0x0001) 21:01:11.081259966 coin.ifoggz- CEST network.xyz May 31, 2019 8.8.8.8 192.168.2.6 0x7802 No error (0) seeds.grid 23.111.69.149 A (IP address) IN (0x0001) 21:01:11.107112885 coin.ifoggz- CEST network.xyz May 31, 2019 8.8.8.8 192.168.2.6 0x7802 No error (0) seeds.grid 23.111.74.106 A (IP address) IN (0x0001) 21:01:11.107112885 coin.ifoggz- CEST network.xyz

HTTP Request Dependency Graph

checkip.dyndns.org

HTTP Packets

Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.6 49714 91.198.22.70 80 C:\Program Files\GridcoinResearch\gridcoinresearch.exe

kBytes Timestamp transferred Direction Data May 31, 2019 1 OUT GET / HTTP/1.1 21:01:09.245996952 CEST Host: checkip.dyndns.org User-Agent: Gridcoin Connection: close

Copyright Joe Security LLC 2019 Page 46 of 109 kBytes Timestamp transferred Direction Data May 31, 2019 1 IN HTTP/1.1 200 OK 21:01:09.277468920 CEST Content-Type: text/html Server: DynDNS-CheckIP/1.0 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 106 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 38 35 2e 33 32 2e 32 32 32 2e 31 31 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: Current IP CheckCurrent IP Address: 185.32.222.118< /html>

Code Manipulations

Statistics

Behavior

• gridcoin-4.0.4-win64-setup (1).exe • gridcoinresearch.exe

Click to jump to process

System Behavior

Analysis Process: gridcoin-4.0.4-win64-setup (1).exe PID: 2292 Parent PID: 3592

General

Start time: 21:00:11 Start date: 31/05/2019 Path: C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe Wow64 process (32bit): true Commandline: 'C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe' Imagebase: 0x400000 File size: 13488249 bytes MD5 hash: 3C890F51D3A68AB8142D477022811B8A Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low

Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user~1\AppData\Local\Temp\ read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData\Local\Temp\nse6C5C.tmp read attributes | normal synchronous io success or wait 1 407B20 GetTempFileNameA synchronize | non alert | non generic read directory file C:\Users\user~1\AppData\Local\Temp\nsp6C9C.tmp read attributes | normal synchronous io success or wait 1 407B20 GetTempFileNameA synchronize | non alert | non generic read directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp read attributes | normal synchronous io success or wait 1 407B20 GetTempFileNameA synchronize | non alert | non generic read directory file C:\Users read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1 read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData\Local read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData\Local\Temp read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp read data or list normal directory file | success or wait 1 40770A CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\System.dll read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\System.dll read attributes | archive synchronous io object name collision 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\modern-header.bmp read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\modern-wizard.bmp read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll read attributes | archive synchronous io object name collision 5 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\System.dll read attributes | archive synchronous io object name collision 6 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file

Copyright Joe Security LLC 2019 Page 48 of 109 Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll read attributes | archive synchronous io object name collision 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files read data or list normal directory file | object name collision 7 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch read data or list normal directory file | success or wait 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch\gridcoinresearch.exe read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\COPYING.txt read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch read data or list normal directory file | object name collision 6 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch\daemon read data or list normal directory file | success or wait 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch\daemon\gridcoinresearchd.exe read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc read data or list normal directory file | success or wait 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch\doc\.gitignore read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\README.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\README_osx.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\assets-attribution.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\build-macos.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\build-openbsd.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\build-unix.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\build-windows.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\coding.txt read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gridcoinresearch.1 read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gridcoinresearchd.1 read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file

Copyright Joe Security LLC 2019 Page 49 of 109 Source File Path Access Attributes Options Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\readme-qt.rst read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\release-process.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\running.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\stake-miner.txt read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\travis-ci.md read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc read data or list normal directory file | object name collision 2 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch\doc\gitian-building read data or list normal directory file | success or wait 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Program Files\GridcoinResearch\doc\gitian-building\all_fi read attributes | none synchronous io success or wait 1 407ACA CreateFileA les_in_one_partition.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\create read attributes | none synchronous io success or wait 1 407ACA CreateFileA _new_vm.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\create read attributes | none synchronous io success or wait 1 407ACA CreateFileA _vm_file_location_size.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\create read attributes | none synchronous io success or wait 1 407ACA CreateFileA _vm_hard_disk.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\create read attributes | none synchronous io success or wait 1 407ACA CreateFileA _vm_hard_disk_file_type.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\create read attributes | none synchronous io success or wait 1 407ACA CreateFileA _vm_memsize.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\create read attributes | none synchronous io success or wait 1 407ACA CreateFileA _vm_storage_physical_hard_disk.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_10_configure_clock.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_11_partition_disks.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_12_choose_disk.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_14_finish.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_15_write_changes.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_16_choose_a_mirror.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_18_proxy_settings.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_19_software_selection.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_1_boot_menu.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_20_install_grub.png synchronize | non alert | non generic write directory file

Copyright Joe Security LLC 2019 Page 50 of 109 Source File Path Access Attributes Options Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_21_install_grub_bootloader.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_22_finish_installation.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_2_select_a_language.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_3_select_location.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_4_configure_keyboard.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_5_configure_the_network.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_6_domain_name.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_6a_set_up_root_password.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_7_set_up_user_fullname.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_8_set_up_username.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _install_9_user_password.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\debian read attributes | none synchronous io success or wait 1 407ACA CreateFileA _root_login.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\networ read attributes | none synchronous io success or wait 1 407ACA CreateFileA k_settings.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\port_f read attributes | none synchronous io success or wait 1 407ACA CreateFileA orwarding_rules.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\doc\gitian-building\select read attributes | none synchronous io success or wait 1 407ACA CreateFileA _startup_disk.png synchronize | non alert | non generic write directory file C:\Program Files\GridcoinResearch\uninstall.exe read attributes | none synchronous io success or wait 1 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point

Copyright Joe Security LLC 2019 Page 51 of 109 Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Roaming\Microsoft\Windows read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs read data or list normal directory file | object name collision 1 407765 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\P read data or list normal directory file | success or wait 1 407765 CreateDirectoryA rograms\Gridcoin directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll read attributes | archive synchronous io object name collision 7 407ACA CreateFileA synchronize | non alert | non generic write directory file C:\Users\user~1\AppData\Local\Temp\nse6CAC.tmp\System.dll read attributes | archive synchronous io object name collision 7 407ACA CreateFileA synchronize | non alert | non generic write directory file

File Deleted

Source File Path Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nse6C5C.tmp success or wait 1 40458F DeleteFileA C:\Users\user\AppData\Local\Temp\nse6CAC.tmp success or wait 1 4085DF DeleteFileA C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern-header.bmp success or wait 1 408746 DeleteFileA C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern-wizard.bmp success or wait 1 408746 DeleteFileA C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll success or wait 1 408746 DeleteFileA C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll success or wait 1 408746 DeleteFileA C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\System.dll success or wait 1 408746 DeleteFileA

File Written

Source File Path Offset Length Value Ascii Completion Count Address Symbol

Copyright Joe Security LLC 2019 Page 52 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 32768 a5 61 00 00 81 00 00 .a...... ,...... K. success or wait 3 403CBE WriteFile 00 2c 01 00 00 06 00 ...K...... 7`...... ua...... 00 00 ac 02 00 00 02 ...... 00 00 00 dc 0a 00 00 ...... >...... (...... 4b 02 00 00 10 4b 00 ...... 00 00 00 00 00 37 60 ...... 00 00 01 00 00 00 75 ...... 61 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 00 00 01 00 00 80 c3 04 00 00 d5 04 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 3e 01 00 00 f1 ff ff ff 28 02 00 00 ff ff ff ff ff ff ff ff cd 01 00 00 b3 01 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 32768 e6 40 bb eb e0 8d 74 [email protected]&.U....(...s\n.....E..U success or wait 5 403CBE WriteFile 26 00 55 89 e5 83 ec ....s\n...... $...... p\n..p\n. 28 c7 05 00 73 5c 6e .s\n.E...p\n.(P\n.E..,P\n.E... 09 04 00 c0 8b 45 04 ..\n.....$dc\n....\n.....H.\n. 8d 55 04 c7 05 04 73 D$...... $....\n...... 5c 6e 01 00 00 00 c7 ...... D$$...t...t...... 04 24 00 00 00 00 89 ..t&..T$(.D$..D$ .T$...$...... 15 e4 70 5c 6e a3 d8 ...... '....S....=$ 70 5c 6e a3 0c 73 5c P\n..D$$t...$P\ 6e 8b 45 08 a3 cc 70 5c 6e a1 28 50 5c 6e 89 45 f0 a1 2c 50 5c 6e 89 45 f4 ff 15 88 91 5c 6e 83 ec 04 c7 04 24 64 63 5c 6e ff 15 98 91 5c 6e 83 ec 04 ff 15 48 91 5c 6e c7 44 24 04 09 04 00 c0 89 04 24 ff 15 90 91 5c 6e 83 ec 08 e8 f1 0e 00 00 90 90 90 90 90 90 90 90 90 83 ec 1c 8b 44 24 24 83 f8 03 74 14 85 c0 74 10 b8 01 00 00 00 83 c4 1c c2 0c 00 90 8d 74 26 00 8b 54 24 28 89 44 24 04 8b 44 24 20 89 54 24 08 89 04 24 e8 a8 06 00 00 b8 01 00 00 00 83 c4 1c c2 0c 00 8d b6 00 00 00 00 8d bc 27 00 00 00 00 53 83 ec 18 83 3d 24 50 5c 6e 02 8b 44 24 24 74 0a c7 05 24 50 5c

Copyright Joe Security LLC 2019 Page 53 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\System.dll unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 2 403E4A WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode....$...... PE..L..... 00 00 00 00 00 00 00 W...... #..... 00 00 00 00 00 00 00 <...Z...... 3...... P.. 00 00 00 00 00 00 00 ..\n...... 00 00 00 80 00 00 00 ...... P...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 a4 15 20 57 00 00 00 00 00 00 00 00 e0 00 0e 23 0b 01 02 1a 00 3c 00 00 00 5a 00 00 00 04 00 00 b8 33 00 00 00 10 00 00 00 50 00 00 00 00 5c 6e 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 d0 00 00 00 04 00 00 f5 50 01 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 80 00 00 a0 00 00 C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern- unknown 16384 42 4d ea b3 01 00 00 BM...... 6...(...;...A...... success or wait 7 403E4A WriteFile header.bmp 00 00 00 36 00 00 00 ...... #...#...... 28 00 00 00 3b 02 00 ...... 00 41 00 00 00 01 00 ...... 18 00 00 00 00 00 b4 ...... b3 01 00 23 2e 00 00 ...... 23 2e 00 00 00 00 00 ...... 00 00 00 00 00 ff ff ff ff ...... ff ff ff ff ff ff ff ff ff ff ff ff ...... ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Copyright Joe Security LLC 2019 Page 54 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern- unknown 16384 42 4d 7e 67 00 00 00 BM~g...... v...(...... :...... success or wait 2 403E4A WriteFile wizard.bmp 00 00 00 76 00 00 00 .....g...... 28 00 00 00 a4 00 00 ...... 00 3a 01 00 00 01 00 ...... DD 04 00 00 00 00 00 08 D@@@@DDDDDD@@@ 67 00 00 12 0b 00 00 @@@@@@@@@@@@ 12 0b 00 00 00 00 00 @@@@ 00 00 00 00 00 00 00 @@@@@@@@@@@@ 00 00 00 00 80 00 00 @@@@@@@@@DDDD 80 00 00 00 80 80 00 DDDDD 80 00 00 00 80 00 80 D@@@@DDDDDDDDD@ 00 80 80 00 00 80 80 @@@@@..DDD....D 80 00 c0 c0 c0 00 00 DDDDD...... 00 ff 00 00 ff 00 00 00 ...... ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 44 44 44 40 40 40 40 44 44 44 44 44 44 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 44 44 44 44 44 44 44 44 44 44 40 40 40 40 44 44 44 44 44 44 44 44 44 40 40 40 40 40 40 00 00 44 44 44 04 04 04 04 44 44 44 44 44 44 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\modern- unknown 16384 42 4d 7e 67 00 00 00 BM~g...... v...(...... :...... success or wait 2 403E4A WriteFile wizard.bmp 00 00 00 76 00 00 00 .....g...... 28 00 00 00 a4 00 00 ...... 00 3a 01 00 00 01 00 ...... DD 04 00 00 00 00 00 08 D@@@@DDDDDD@@@ 67 00 00 12 0b 00 00 @@@@@@@@@@@@ 12 0b 00 00 00 00 00 @@@@ 00 00 00 00 00 00 00 @@@@@@@@@@@@ 00 00 00 00 80 00 00 @@@@@@@@@DDDD 80 00 00 00 80 80 00 DDDDD 80 00 00 00 80 00 80 D@@@@DDDDDDDDD@ 00 80 80 00 00 80 80 @@@@@..DDD....D 80 00 c0 c0 c0 00 00 DDDDD...... 00 ff 00 00 ff 00 00 00 ...... ff ff 00 ff 00 00 00 ff 00 ff 00 ff ff 00 00 ff ff ff 00 44 44 44 40 40 40 40 44 44 44 44 44 44 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 44 44 44 44 44 44 44 44 44 44 40 40 40 40 44 44 44 44 44 44 44 44 44 40 40 40 40 40 40 00 00 44 44 44 04 04 04 04 44 44 44 44 44 44 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04 04

Copyright Joe Security LLC 2019 Page 55 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\nsDialogs.dll unknown 11264 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1 403E4A WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode....$...... PE..L..... 00 00 00 00 00 00 00 W...... 00 00 00 00 00 00 00 .#...... l"...... L. 00 00 00 00 00 00 00 ...n...... 00 00 00 80 00 00 00 ...... k...... 0e 1f ba 0e 00 b4 09 ...... `..k.. cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 a0 15 20 57 00 00 00 00 00 00 00 00 e0 00 0e 23 0b 01 02 1a 00 18 00 00 00 10 00 00 00 12 00 00 6c 22 00 00 00 10 00 00 00 00 4c 91 00 00 b4 6e 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 04 00 00 ab 6b 00 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 60 00 00 6b 01 00 C:\Users\user\AppData\Local\Temp\nse6CAC.tmp\StartMenu.dll unknown 9728 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1 403E4A WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode....$...... PE..L..... 00 00 00 00 00 00 00 W...... 00 00 00 00 00 00 00 .#...... 00 00 00 00 00 00 00 ..$m...... 00 00 00 80 00 00 00 ...... 6...... 0e 1f ba 0e 00 b4 09 ...... `..e.. cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 a4 15 20 57 00 00 00 00 00 00 00 00 e0 00 0e 23 0b 01 02 1a 00 14 00 00 00 0e 00 00 00 16 00 00 83 15 00 00 00 10 00 00 00 00 dc 92 00 00 24 6d 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 04 00 00 16 36 00 00 02 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 60 00 00 65 00 00

Copyright Joe Security LLC 2019 Page 56 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 32768 48 c7 84 24 e0 00 00 H..$...... H..$...... H..$.. success or wait 1643 403CBE WriteFile 00 00 00 00 00 48 c7 ..H.D$pH..$...... H..$....H.. 84 24 e8 00 00 00 00 $...... H..8.1.H.D$hH..$.... 00 00 00 48 89 84 24 H..$...... H..$...... H..$... f8 00 00 00 48 8d 44 .....H.D$`H..$....H..$...... 24 70 48 c7 84 24 d0 H..$...... H..$...... H.D$XH 00 00 00 00 00 00 00 ..$....H..$...... H..$...... 48 89 94 24 08 01 00 .H..$...... H.D$PH..$....H.. 00 48 c7 84 24 d8 00 $...... H.D$p.. 00 00 00 00 00 00 48 8d 15 38 97 31 01 48 89 44 24 68 48 8d 84 24 80 00 00 00 48 c7 84 24 c0 00 00 00 00 00 00 00 48 c7 84 24 c8 00 00 00 00 00 00 00 48 c7 84 24 b0 00 00 00 00 00 00 00 48 89 44 24 60 48 8d 84 24 90 00 00 00 48 c7 84 24 b8 00 00 00 00 00 00 00 48 c7 84 24 a0 00 00 00 00 00 00 00 48 c7 84 24 a8 00 00 00 00 00 00 00 48 89 44 24 58 48 8d 84 24 a0 00 00 00 48 c7 84 24 90 00 00 00 00 00 00 00 48 c7 84 24 98 00 00 00 00 00 00 00 48 c7 84 24 80 00 00 00 00 00 00 00 48 89 44 24 50 48 8d 84 24 b0 00 00 00 48 c7 84 24 88 00 00 00 00 00 00 00 48 c7 44 24 70 00 00 C:\Program Files\GridcoinResearch\gridcoinresearch.exe unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1748 403E4A WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... PE..d...... 00 00 00 00 00 00 00 /...... 0...... @. 00 00 00 00 00 00 00 ...... 00 00 00 80 00 00 00 ...... `...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 00 00 00 00 00 d4 b4 01 00 00 00 00 f0 00 2f 02 0b 02 02 1e 00 0e 30 01 00 d0 b4 01 00 9e 01 00 d0 14 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 f0 b6 01 00 04 00 00 f8 c0 b5 01 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00

Copyright Joe Security LLC 2019 Page 57 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\COPYING.txt unknown 1238 43 6f 70 79 72 69 67 Copyright (c) 2014 Black- success or wait 1 403E4A WriteFile 68 74 20 28 63 29 20 Coin Developers.Copyright 32 30 31 34 20 42 6c (c) 2013-2014 NovaCoin 61 63 6b 2d 43 6f 69 Developers.Copyright (c) 6e 20 44 65 76 65 6c 2011-2012 PPCoin Deve 6f 70 65 72 73 0a 43 6f lopers.Copyright (c) 2009- 70 79 72 69 67 68 74 2014 Bitcoin 20 28 63 29 20 32 30 Developers.Copyright (c) 31 33 2d 32 30 31 34 2014-2019 Gridcoin 20 4e 6f 76 61 43 6f 69 Developers..Permission is 6e 20 44 65 76 65 6c hereby granted, free of ch 6f 70 65 72 73 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 31 2d 32 30 31 32 20 50 50 43 6f 69 6e 20 44 65 76 65 6c 6f 70 65 72 73 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 30 39 2d 32 30 31 34 20 42 69 74 63 6f 69 6e 20 44 65 76 65 6c 6f 70 65 72 73 0a 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 34 2d 32 30 31 39 20 47 72 69 64 63 6f 69 6e 20 44 65 76 65 6c 6f 70 65 72 73 0a 0a 50 65 72 6d 69 73 73 69 6f 6e 20 69 73 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 2c 20 66 72 65 65 20 6f 66 20 63 68 C:\Program Files\GridcoinResearch\daemon\gridcoinresearchd.e unknown 16384 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 518 403E4A WriteFile xe 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... PE..d...... 00 00 00 00 00 00 00 /...... g..J...... @. 00 00 00 00 00 00 00 ...... P 00 00 00 80 00 00 00 ...... `...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2f 02 0b 02 02 1e 00 08 67 00 00 4a 81 00 00 ac 00 00 00 15 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 50 82 00 00 04 00 00 85 95 81 00 03 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 C:\Program Files\GridcoinResearch\doc\.gitignore unknown 9 44 6f 78 79 66 69 6c Doxyfile. success or wait 1 403E4A WriteFile 65 0a

Copyright Joe Security LLC 2019 Page 58 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\README.md unknown 2555 47 72 69 64 63 6f 69 Gridcoin.======. success or wait 1 403E4A WriteFile 6e 0a 3d 3d 3d 3d 3d .Setup.------3d 3d 3d 3d 3d 3d 3d .Gridcoin is a free open 3d 0a 0a 53 65 74 75 source project derived 70 0a 2d 2d 2d 2d 2d from Bitcoin, with.the goal 2d 2d 2d 2d 2d 2d 2d of providing a long-term 2d 2d 2d 2d 2d 2d 2d energy-efficient crypto-curr 2d 2d 0a 47 72 69 64 ency, rewarding BOINC 63 6f 69 6e 20 69 73 work..Built on the 20 61 20 66 72 65 65 foundation of Bitcoin, 20 6f 70 65 6e 20 73 6f PPCoin and 75 72 63 65 20 70 72 6f 6a 65 63 74 20 64 65 72 69 76 65 64 20 66 72 6f 6d 20 42 69 74 63 6f 69 6e 2c 20 77 69 74 68 0a 74 68 65 20 67 6f 61 6c 20 6f 66 20 70 72 6f 76 69 64 69 6e 67 20 61 20 6c 6f 6e 67 2d 74 65 72 6d 20 65 6e 65 72 67 79 2d 65 66 66 69 63 69 65 6e 74 20 63 72 79 70 74 6f 2d 63 75 72 72 65 6e 63 79 2c 20 72 65 77 61 72 64 69 6e 67 20 42 4f 49 4e 43 20 77 6f 72 6b 2e 0a 42 75 69 6c 74 20 6f 6e 20 74 68 65 20 66 6f 75 6e 64 61 74 69 6f 6e 20 6f 66 20 42 69 74 63 6f 69 6e 2c 20 50 50 43 6f 69 6e 20 61 6e 64 20 C:\Program Files\GridcoinResearch\doc\README_osx.md unknown 5796 43 72 6f 73 73 20 50 Cross Plattform and success or wait 1 403E4A WriteFile 6c 61 74 74 66 6f 72 Deterministic OS X Dmg 6d 20 61 6e 64 20 44 Notes..======65 74 65 72 6d 69 6e ======69 73 74 69 63 20 4f ======53 20 58 20 44 6d 67 ======..Working OS X 20 4e 6f 74 65 73 2e DMGs are created in Linux 0a 3d 3d 3d 3d 3d 3d by combining a recent 3d 3d 3d 3d 3d 3d 3d clang,.the Apple binutils 3d 3d 3d 3d 3d 3d 3d (ld, ar, etc) and DMG a 3d 3d 3d 3d 3d 3d 3d uthoring tools...Apple uses 3d 3d 3d 3d 3d 3d 3d clang extensively 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 0a 57 6f 72 6b 69 6e 67 20 4f 53 20 58 20 44 4d 47 73 20 61 72 65 20 63 72 65 61 74 65 64 20 69 6e 20 4c 69 6e 75 78 20 62 79 20 63 6f 6d 62 69 6e 69 6e 67 20 61 20 72 65 63 65 6e 74 20 63 6c 61 6e 67 2c 0a 74 68 65 20 41 70 70 6c 65 20 62 69 6e 75 74 69 6c 73 20 28 6c 64 2c 20 61 72 2c 20 65 74 63 29 20 61 6e 64 20 44 4d 47 20 61 75 74 68 6f 72 69 6e 67 20 74 6f 6f 6c 73 2e 0a 0a 41 70 70 6c 65 20 75 73 65 73 20 63 6c 61 6e 67 20 65 78 74 65 6e 73 69 76 65 6c 79

Copyright Joe Security LLC 2019 Page 59 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\assets-attribution.md unknown 2056 41 73 73 65 74 73 20 Assets success or wait 1 403E4A WriteFile 41 74 74 72 69 62 75 Attribution.======74 69 6f 6e 0a 3d 3d ======..Code: 3d 3d 3d 3d 3d 3d 3d src/strlcpy.h.Author: Todd 3d 3d 3d 3d 3d 3d 3d C. Miller .Lice 64 65 3a 20 73 72 63 nse: ISC..Icon: 2f 73 74 72 6c 63 70 src/qt/res/icons/clock*.png, 79 2e 68 0a 41 75 74 src/qt/res/icons/tx*.png,. 68 6f 72 3a 20 54 6f 64 src/qt/res/src/*.s 64 20 43 2e 20 4d 69 vg.Designer: Wladimir van 6c 6c 65 72 20 3c 54 der Laan.License: M 6f 64 64 2e 4d 69 6c 6c 65 72 40 63 6f 75 72 74 65 73 61 6e 2e 63 6f 6d 3e 0a 4c 69 63 65 6e 73 65 3a 20 49 53 43 0a 0a 49 63 6f 6e 3a 20 73 72 63 2f 71 74 2f 72 65 73 2f 69 63 6f 6e 73 2f 63 6c 6f 63 6b 2a 2e 70 6e 67 2c 20 73 72 63 2f 71 74 2f 72 65 73 2f 69 63 6f 6e 73 2f 74 78 2a 2e 70 6e 67 2c 0a 20 20 20 20 20 20 73 72 63 2f 71 74 2f 72 65 73 2f 73 72 63 2f 2a 2e 73 76 67 0a 44 65 73 69 67 6e 65 72 3a 20 57 6c 61 64 69 6d 69 72 20 76 61 6e 20 64 65 72 20 4c 61 61 6e 0a 4c 69 63 65 6e 73 65 3a 20 4d C:\Program Files\GridcoinResearch\doc\build-macos.md unknown 2040 4d 61 63 4f 53 20 42 MacOS Build and Run success or wait 1 403E4A WriteFile 75 69 6c 64 20 61 6e Instructio 64 20 52 75 6e 20 49 ns.======6e 73 74 72 75 63 74 ======.The 69 6f 6e 73 0a 3d 3d commands in this guide 3d 3d 3d 3d 3d 3d 3d should be executed in a 3d 3d 3d 3d 3d 3d 3d Terminal application..The 3d 3d 3d 3d 3d 3d 3d built-in one is located in 3d 3d 3d 3d 3d 3d 3d /Applicati 3d 3d 0a 54 68 65 20 ons/Utilities/Terminal.app.. 63 6f 6d 6d 61 6e 64 .Preparation.------.Install 73 20 69 6e 20 74 68 the OS X comma 69 73 20 67 75 69 64 65 20 73 68 6f 75 6c 64 20 62 65 20 65 78 65 63 75 74 65 64 20 69 6e 20 61 20 54 65 72 6d 69 6e 61 6c 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 0a 54 68 65 20 62 75 69 6c 74 2d 69 6e 20 6f 6e 65 20 69 73 20 6c 6f 63 61 74 65 64 20 69 6e 20 2f 41 70 70 6c 69 63 61 74 69 6f 6e 73 2f 55 74 69 6c 69 74 69 65 73 2f 54 65 72 6d 69 6e 61 6c 2e 61 70 70 2e 0a 0a 50 72 65 70 61 72 61 74 69 6f 6e 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 49 6e 73 74 61 6c 6c 20 74 68 65 20 4f 53 20 58 20 63 6f 6d 6d 61

Copyright Joe Security LLC 2019 Page 60 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\build-openbsd.md unknown 7049 4f 70 65 6e 42 53 44 OpenBSD build success or wait 1 403E4A WriteFile 20 62 75 69 6c 64 20 guide.======67 75 69 64 65 0a 3d ======.(updated 3d 3d 3d 3d 3d 3d 3d for OpenBSD 6.0)..This 3d 3d 3d 3d 3d 3d 3d guide describes how to 3d 3d 3d 3d 3d 3d 3d build gridcoinresearchd 0a 28 75 70 64 61 74 and command-line utilities 65 64 20 66 6f 72 20 4f on OpenBSD...As 70 65 6e 42 53 44 20 OpenBSD is most common 36 2e 30 29 0a 0a 54 as a server OS, we will not 68 69 73 20 67 75 69 bother with the GUI...Pr 64 65 20 64 65 73 63 eparation.----- 72 69 62 65 73 20 68 6f 77 20 74 6f 20 62 75 69 6c 64 20 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 63 68 64 20 61 6e 64 20 63 6f 6d 6d 61 6e 64 2d 6c 69 6e 65 20 75 74 69 6c 69 74 69 65 73 20 6f 6e 20 4f 70 65 6e 42 53 44 2e 0a 0a 41 73 20 4f 70 65 6e 42 53 44 20 69 73 20 6d 6f 73 74 20 63 6f 6d 6d 6f 6e 20 61 73 20 61 20 73 65 72 76 65 72 20 4f 53 2c 20 77 65 20 77 69 6c 6c 20 6e 6f 74 20 62 6f 74 68 65 72 20 77 69 74 68 20 74 68 65 20 47 55 49 2e 0a 0a 50 72 65 70 61 72 61 74 69 6f 6e 0a 2d 2d 2d 2d 2d C:\Program Files\GridcoinResearch\doc\build-unix.md unknown 10207 55 4e 49 58 20 42 55 UNIX BUILD success or wait 1 403E4A WriteFile 49 4c 44 20 4e 4f 54 NOTES.======45 53 0a 3d 3d 3d 3d ======.Some notes on 3d 3d 3d 3d 3d 3d 3d how to build Gridcoin in 3d 3d 3d 3d 3d 3d 3d Unix...(for OpenBSD 3d 3d 0a 53 6f 6d 65 specific instructions, see 20 6e 6f 74 65 73 20 6f [build-openbsd.md](build-o 6e 20 68 6f 77 20 74 6f penbsd.md))..Note.------20 62 75 69 6c 64 20 ------.Always use 47 72 69 64 63 6f 69 absolute paths to configure 6e 20 69 6e 20 55 6e and compile gridcoin and t 69 78 2e 0a 0a 28 66 6f 72 20 4f 70 65 6e 42 53 44 20 73 70 65 63 69 66 69 63 20 69 6e 73 74 72 75 63 74 69 6f 6e 73 2c 20 73 65 65 20 5b 62 75 69 6c 64 2d 6f 70 65 6e 62 73 64 2e 6d 64 5d 28 62 75 69 6c 64 2d 6f 70 65 6e 62 73 64 2e 6d 64 29 29 0a 0a 4e 6f 74 65 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 0a 41 6c 77 61 79 73 20 75 73 65 20 61 62 73 6f 6c 75 74 65 20 70 61 74 68 73 20 74 6f 20 63 6f 6e 66 69 67 75 72 65 20 61 6e 64 20 63 6f 6d 70 69 6c 65 20 67 72 69 64 63 6f 69 6e 20 61 6e 64 20 74

Copyright Joe Security LLC 2019 Page 61 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\build-windows.md unknown 6577 57 49 4e 44 4f 57 53 WINDOWS BUILD success or wait 1 403E4A WriteFile 20 42 55 49 4c 44 20 NOTES.======4e 4f 54 45 53 0a 3d ======..Below are 3d 3d 3d 3d 3d 3d 3d some notes on how to 3d 3d 3d 3d 3d 3d 3d build Gridcoin for 3d 3d 3d 3d 3d 0a 0a Windows...The options 42 65 6c 6f 77 20 61 known to work for building 72 65 20 73 6f 6d 65 on Windows are:..* On 20 6e 6f 74 65 73 20 6f Linux using the [Mingw- 6e 20 68 6f 77 20 74 6f w64](https://mingw-w64.o 20 62 75 69 6c 64 20 rg/doku.php) cross 47 72 69 64 63 6f 69 compiler tool chain. Ubunt 6e 20 66 6f 72 20 57 69 6e 64 6f 77 73 2e 0a 0a 54 68 65 20 6f 70 74 69 6f 6e 73 20 6b 6e 6f 77 6e 20 74 6f 20 77 6f 72 6b 20 66 6f 72 20 62 75 69 6c 64 69 6e 67 20 6f 6e 20 57 69 6e 64 6f 77 73 20 61 72 65 3a 0a 0a 2a 20 4f 6e 20 4c 69 6e 75 78 20 75 73 69 6e 67 20 74 68 65 20 5b 4d 69 6e 67 77 2d 77 36 34 5d 28 68 74 74 70 73 3a 2f 2f 6d 69 6e 67 77 2d 77 36 34 2e 6f 72 67 2f 64 6f 6b 75 2e 70 68 70 29 20 63 72 6f 73 73 20 63 6f 6d 70 69 6c 65 72 20 74 6f 6f 6c 20 63 68 61 69 6e 2e 20 55 62 75 6e 74 C:\Program Files\GridcoinResearch\doc\coding.txt unknown 3078 50 6c 65 61 73 65 20 Please be consistent with success or wait 1 403E4A WriteFile 62 65 20 63 6f 6e 73 the existing coding 69 73 74 65 6e 74 20 style...Block style:..bool 77 69 74 68 20 74 68 Function(char* psz, int n).{. 65 20 65 78 69 73 74 // Comment summarising 69 6e 67 20 63 6f 64 what this section of code 69 6e 67 20 73 74 79 does. for (int i = 0; i < n; 6c 65 2e 0a 0a 42 6c i++). {. // When 6f 63 6b 20 73 74 79 something fails, return ea 6c 65 3a 0a 0a 62 6f 6f rly. if 6c 20 46 75 6e 63 74 69 6f 6e 28 63 68 61 72 2a 20 70 73 7a 2c 20 69 6e 74 20 6e 29 0a 7b 0a 20 20 20 20 2f 2f 20 43 6f 6d 6d 65 6e 74 20 73 75 6d 6d 61 72 69 73 69 6e 67 20 77 68 61 74 20 74 68 69 73 20 73 65 63 74 69 6f 6e 20 6f 66 20 63 6f 64 65 20 64 6f 65 73 0a 20 20 20 20 66 6f 72 20 28 69 6e 74 20 69 20 3d 20 30 3b 20 69 20 3c 20 6e 3b 20 69 2b 2b 29 0a 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 2f 2f 20 57 68 65 6e 20 73 6f 6d 65 74 68 69 6e 67 20 66 61 69 6c 73 2c 20 72 65 74 75 72 6e 20 65 61 72 6c 79 0a 20 20 20 20 20 20 20 20 69 66 20

Copyright Joe Security LLC 2019 Page 62 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building.md unknown 16384 47 69 74 69 61 6e 20 Gitian success or wait 2 403E4A WriteFile 62 75 69 6c 64 69 6e building.======67 0a 3d 3d 3d 3d 3d ==..*Setup instructions for 3d 3d 3d 3d 3d 3d 3d a Gitian build of Bitcoin 3d 3d 3d 3d 0a 0a 2a Core using a Debian VM 53 65 74 75 70 20 69 or physical s 6e 73 74 72 75 63 74 ystem.*..Gitian is the 69 6f 6e 73 20 66 6f 72 deterministic build process 20 61 20 47 69 74 69 that is used to build the 61 6e 20 62 75 69 6c Bitcoin.Core executables. 64 20 6f 66 20 42 69 It provides a way to be 74 63 6f 69 6e 20 43 6f reasonab 72 65 20 75 73 69 6e 67 20 61 20 44 65 62 69 61 6e 20 56 4d 20 6f 72 20 70 68 79 73 69 63 61 6c 20 73 79 73 74 65 6d 2e 2a 0a 0a 47 69 74 69 61 6e 20 69 73 20 74 68 65 20 64 65 74 65 72 6d 69 6e 69 73 74 69 63 20 62 75 69 6c 64 20 70 72 6f 63 65 73 73 20 74 68 61 74 20 69 73 20 75 73 65 64 20 74 6f 20 62 75 69 6c 64 20 74 68 65 20 42 69 74 63 6f 69 6e 0a 43 6f 72 65 20 65 78 65 63 75 74 61 62 6c 65 73 2e 20 49 74 20 70 72 6f 76 69 64 65 73 20 61 20 77 61 79 20 74 6f 20 62 65 20 72 65 61 73 6f 6e 61 62 C:\Program Files\GridcoinResearch\doc\gridcoinresearch.1 unknown 917 2e 5c 22 20 4d 61 6e .\" Manpage for success or wait 1 403E4A WriteFile 70 61 67 65 20 66 6f gridcoinresearch...\" 72 20 67 72 69 64 63 Contact richard.leckin 6f 69 6e 72 65 73 65 [email protected] to correct 61 72 63 68 2e 0a 2e errors or typos...TH man 1 5c 22 20 43 6f 6e 74 "25 September 2016" "1.0" 61 63 74 20 72 69 63 "gridcoinresearch man 68 61 72 64 2e 6c 65 page"..SH NAME.grid 63 6b 69 6e 67 65 72 coinresearch \- graphical 40 72 69 73 65 75 70 (qt4) gridcoin wallet..SH 2e 6e 65 74 20 74 6f SYNOPSIS.gridcoinresear 20 63 6f 72 72 65 63 74 20 65 72 72 6f 72 73 20 6f 72 20 74 79 70 6f 73 2e 0a 2e 54 48 20 6d 61 6e 20 31 20 22 32 35 20 53 65 70 74 65 6d 62 65 72 20 32 30 31 36 22 20 22 31 2e 30 22 20 22 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 63 68 20 6d 61 6e 20 70 61 67 65 22 0a 2e 53 48 20 4e 41 4d 45 0a 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 63 68 20 5c 2d 20 67 72 61 70 68 69 63 61 6c 20 28 71 74 34 29 20 67 72 69 64 63 6f 69 6e 20 77 61 6c 6c 65 74 0a 2e 53 48 20 53 59 4e 4f 50 53 49 53 0a 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72

Copyright Joe Security LLC 2019 Page 63 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gridcoinresearchd.1 unknown 922 2e 5c 22 20 4d 61 6e .\" Manpage for success or wait 1 403E4A WriteFile 70 61 67 65 20 66 6f gridcoinresearchd...\" 72 20 67 72 69 64 63 Contact richard.lecki 6f 69 6e 72 65 73 65 [email protected] to correct 61 72 63 68 64 2e 0a errors or typos...TH man 1 2e 5c 22 20 43 6f 6e "25 September 2016" "1.0" 74 61 63 74 20 72 69 "gridcoinresearchd man 63 68 61 72 64 2e 6c page"..SH NAME.gr 65 63 6b 69 6e 67 65 idcoinresearchd \- 72 40 72 69 73 65 75 command line gridcoin 70 2e 6e 65 74 20 74 wallet..SH SYNOPSIS 6f 20 63 6f 72 72 65 .gridcoinresear 63 74 20 65 72 72 6f 72 73 20 6f 72 20 74 79 70 6f 73 2e 0a 2e 54 48 20 6d 61 6e 20 31 20 22 32 35 20 53 65 70 74 65 6d 62 65 72 20 32 30 31 36 22 20 22 31 2e 30 22 20 22 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 63 68 64 20 6d 61 6e 20 70 61 67 65 22 0a 2e 53 48 20 4e 41 4d 45 0a 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 63 68 64 20 5c 2d 20 63 6f 6d 6d 61 6e 64 20 6c 69 6e 65 20 67 72 69 64 63 6f 69 6e 20 77 61 6c 6c 65 74 0a 2e 53 48 20 53 59 4e 4f 50 53 49 53 0a 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 C:\Program Files\GridcoinResearch\doc\readme-qt.rst unknown 5882 47 72 69 64 63 6f 69 Gridcoin-qt: Qt5 GUI for success or wait 1 403E4A WriteFile 6e 2d 71 74 3a 20 51 Gridc 74 35 20 47 55 49 20 oin.======66 6f 72 20 47 72 69 ======64 63 6f 69 6e 0a 3d ======..Build 3d 3d 3d 3d 3d 3d 3d instructions.== 3d 3d 3d 3d 3d 3d 3d ======..Debi 3d 3d 3d 3d 3d 3d 3d an.------..First, make sure 3d 3d 3d 3d 3d 3d 3d that the required packages 3d 3d 3d 3d 0a 0a 42 for Qt5 development of 75 69 6c 64 20 69 6e your.distribution are 73 74 72 75 63 74 69 installed, for Debian and 6f 6e 73 0a 3d 3d 3d Ubuntu these are: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 0a 44 65 62 69 61 6e 0a 2d 2d 2d 2d 2d 2d 0a 0a 46 69 72 73 74 2c 20 6d 61 6b 65 20 73 75 72 65 20 74 68 61 74 20 74 68 65 20 72 65 71 75 69 72 65 64 20 70 61 63 6b 61 67 65 73 20 66 6f 72 20 51 74 35 20 64 65 76 65 6c 6f 70 6d 65 6e 74 20 6f 66 20 79 6f 75 72 0a 64 69 73 74 72 69 62 75 74 69 6f 6e 20 61 72 65 20 69 6e 73 74 61 6c 6c 65 64 2c 20 66 6f 72 20 44 65 62 69 61 6e 20 61 6e 64 20 55 62 75 6e 74 75 20 74 68 65 73 65 20 61 72 65 3a

Copyright Joe Security LLC 2019 Page 64 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\release-process.md unknown 10650 52 65 6c 65 61 73 65 Release success or wait 1 403E4A WriteFile 20 50 72 6f 63 65 73 Process.======73 0a 3d 3d 3d 3d 3d ======..Before every 3d 3d 3d 3d 3d 3d 3d release candidate:..* 3d 3d 3d 3d 3d 3d 3d Update version in 3d 0a 0a 42 65 66 6f `configure.ac` (don't forget 72 65 20 65 76 65 72 to set 79 20 72 65 6c 65 61 `CLIENT_VERSION_IS_R 73 65 20 63 61 6e 64 ELEASE` to `true`).* Write 69 64 61 74 65 3a 0a release notes to 0a 2a 20 55 70 64 61 changelog..Before every 74 65 20 76 65 72 73 major release:..* Update 69 6f 6e 20 69 6e 20 hardcoded, see 60 63 6f 6e 66 69 67 75 72 65 2e 61 63 60 20 28 64 6f 6e 27 74 20 66 6f 72 67 65 74 20 74 6f 20 73 65 74 20 60 43 4c 49 45 4e 54 5f 56 45 52 53 49 4f 4e 5f 49 53 5f 52 45 4c 45 41 53 45 60 20 74 6f 20 60 74 72 75 65 60 29 0a 2a 20 57 72 69 74 65 20 72 65 6c 65 61 73 65 20 6e 6f 74 65 73 20 74 6f 20 63 68 61 6e 67 65 6c 6f 67 0a 0a 42 65 66 6f 72 65 20 65 76 65 72 79 20 6d 61 6a 6f 72 20 72 65 6c 65 61 73 65 3a 0a 0a 2a 20 55 70 64 61 74 65 20 68 61 72 64 63 6f 64 65 64 2c 20 73 65 65 20 C:\Program Files\GridcoinResearch\doc\running.md unknown 1300 3c 21 2d 2d 2d 20 30 - 02-21-2015 R. Halford - success or wait 1 403E4A WriteFile 32 2d 32 31 2d 32 30 -->..Running Gridcoin in 31 35 20 20 52 2e 20 Secure 48 61 6c 66 6f 72 64 Environment.======20 2d 2d 2d 3e 0a 0a ======52 75 6e 6e 69 6e 67 ======. 20 47 72 69 64 63 6f .This describes the 69 6e 20 69 6e 20 53 process to run Gridcoin in 65 63 75 72 65 20 45 a secure environment. 6e 76 69 72 6f 6e 6d Please look at the build 65 6e 74 0a 3d 3d 3d docs to generate the 3d 3d 3d 3d 3d 3d 3d binaries first...```bash.$ 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 0a 54 68 69 73 20 64 65 73 63 72 69 62 65 73 20 20 74 68 65 20 70 72 6f 63 65 73 73 20 74 6f 20 72 75 6e 20 47 72 69 64 63 6f 69 6e 20 69 6e 20 61 20 73 65 63 75 72 65 20 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 20 50 6c 65 61 73 65 20 6c 6f 6f 6b 20 61 74 20 74 68 65 20 62 75 69 6c 64 20 64 6f 63 73 20 74 6f 20 67 65 6e 65 72 61 74 65 20 74 68 65 20 62 69 6e 61 72 69 65 73 20 66 69 72 73 74 2e 0a 0a 60 60 60 62 61 73 68 0a 24

Copyright Joe Security LLC 2019 Page 65 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\stake-miner.txt unknown 5567 53 74 61 6b 65 20 4d Stake success or wait 1 403E4A WriteFile 69 6e 65 72 0a 3d 3d Miner.======..Job 3d 3d 3d 3d 3d 3d 3d of the StakeMiner is to 3d 3d 0a 0a 4a 6f 62 search for valid kernel and 20 6f 66 20 74 68 65 create new blocks..It 20 53 74 61 6b 65 4d received considerable 69 6e 65 72 20 69 73 development attention lat 20 74 6f 20 73 65 61 ely, lot was changed to 72 63 68 20 66 6f 72 a.point you may notice a 20 76 61 6c 69 64 20 difference in behavior. Let 6b 65 72 6e 65 6c 20 me describe how it 61 6e 64 20 63 72 65 works...# 61 74 65 20 6e 65 77 20 62 6c 6f 63 6b 73 2e 0a 49 74 20 72 65 63 65 69 76 65 64 20 63 6f 6e 73 69 64 65 72 61 62 6c 65 20 64 65 76 65 6c 6f 70 6d 65 6e 74 20 61 74 74 65 6e 74 69 6f 6e 20 6c 61 74 65 6c 79 2c 20 6c 6f 74 20 77 61 73 20 63 68 61 6e 67 65 64 20 74 6f 20 61 0a 70 6f 69 6e 74 20 79 6f 75 20 6d 61 79 20 6e 6f 74 69 63 65 20 61 20 64 69 66 66 65 72 65 6e 63 65 20 69 6e 20 62 65 68 61 76 69 6f 72 2e 20 4c 65 74 20 6d 65 20 64 65 73 63 72 69 62 65 20 68 6f 77 20 69 74 20 77 6f 72 6b 73 2e 0a 0a 23 C:\Program Files\GridcoinResearch\doc\travis-ci.md unknown 1971 54 72 61 76 69 73 20 Travis success or wait 1 403E4A WriteFile 43 49 0a 3d 3d 3d 3d CI.======..Support for 3d 3d 3d 3d 3d 0a 0a using travis-ci has been ad 53 75 70 70 6f 72 74 ded in order to automate 20 66 6f 72 20 75 73 pull-testing..See [travis- 69 6e 67 20 74 72 61 ci.org](https://travis-ci.org/) 76 69 73 2d 63 69 20 for more info...Because 68 61 73 20 62 65 65 there is no ability to login 6e 20 61 64 64 65 64 to the.builders to install 20 69 6e 20 6f 72 64 packages (tools, 65 72 20 74 6f 20 61 dependencies, e 75 74 6f 6d 61 74 65 20 70 75 6c 6c 2d 74 65 73 74 69 6e 67 2e 0a 53 65 65 20 5b 74 72 61 76 69 73 2d 63 69 2e 6f 72 67 5d 28 68 74 74 70 73 3a 2f 2f 74 72 61 76 69 73 2d 63 69 2e 6f 72 67 2f 29 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 2e 0a 0a 42 65 63 61 75 73 65 20 74 68 65 72 65 20 69 73 20 6e 6f 20 61 62 69 6c 69 74 79 20 74 6f 20 6c 6f 67 69 6e 20 74 6f 20 74 68 65 0a 62 75 69 6c 64 65 72 73 20 74 6f 20 69 6e 73 74 61 6c 6c 20 70 61 63 6b 61 67 65 73 20 28 74 6f 6f 6c 73 2c 20 64 65 70 65 6e 64 65 6e 63 69 65 73 2c 20 65

Copyright Joe Security LLC 2019 Page 66 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\all_fi unknown 3333 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile les_in_one_partition.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... f..p..a(z.. 00 0f 50 4c 54 45 00 'pnPq...xb.,<...... W..;1..J... 00 a8 a8 a8 a8 00 00 .+y9..../.. .B .U~.\d...... 00 a8 00 00 f8 fc f8 cc ..."...L.!6..<...x.@`.@.. .r.. 25 ec b8 00 00 0c b1 .\...... ~..... 49 44 41 54 78 da ec c1 81 00 00 00 00 80 a0 fd a9 17 a9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 ef 0c 70 14 87 61 28 7a 06 bb 27 70 6e 50 71 ff bb ed 78 62 be 2c 3c 11 e9 b6 14 80 ff 57 91 13 3b 31 1d 9e 4a ba 0d a4 9f 2b 79 39 d9 9b e4 dd 2f 02 f9 20 20 04 42 20 97 55 7e b4 5c 64 a0 15 b6 06 d6 e3 81 10 c8 da cb 22 d2 c1 80 4c f7 21 36 06 b2 3c 10 08 81 78 03 40 60 8b 40 e8 04 20 04 72 b9 c8 b2 5c fa d9 b2 ac b0 e1 bf 7e d2 ad f0 c9 e2 C:\Program Files\GridcoinResearch\doc\gitian-building\create unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...a...v...... success or wait 5 403E4A WriteFile _new_vm.png 0a 00 00 00 0d 49 48 ...... IDATx...E..0...&...s.r. 44 52 00 00 02 61 00 ...oC..Y._.W...... 1.%+...... 00 01 76 08 02 00 00 ..^Y.<.[d..]...... |...... P... 00 a9 ac d8 a2 00 01 ..gd..L&.....v...6...... o-... 0d fd 49 44 41 54 78 ....%.C.F...... <."b6..F...... da ec d7 45 ba 84 30 9..,ED.M...H...i....

Copyright Joe Security LLC 2019 Page 67 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\create unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... p success or wait 7 403E4A WriteFile _vm_file_location_size.png 0a 00 00 00 0d 49 48 ...... IDATx...... [email protected] 44 52 00 00 02 bd 00 Q%3k.....P666...w...... >as 00 01 c5 08 02 00 00 sskkk{

Copyright Joe Security LLC 2019 Page 68 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\create unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... success or wait 7 403E4A WriteFile _vm_hard_disk_file_type.png 0a 00 00 00 0d 49 48 m.....EIDATx...... 0..Q.....Zb 44 52 00 00 02 b9 00 ..^.'.9..o~..A..q...... s...`.. 00 01 c3 08 02 00 00 b~....:.AB...... }(.....a..z. 00 af 6d 95 d9 00 01 ^.f0...... Y...Ng'..-Q.....QU[ 93 45 49 44 41 54 78 .....P...... l.. "...... } da ec d8 87 91 c3 30 n+....O...... v+.6.J+..p.*j..x 0c 05 51 a7 a6 dd eb .|.eo..V\...... U.I.,G.I.`*qEj. 05 5a 62 10 00 5e 0f ...... B.*. 27 d3 39 e7 bc 6f 7e 0f d8 41 e7 e7 71 be bf 7f be be be 9c 73 bf 00 00 60 af f6 62 7e b7 87 f3 11 3a f1 41 42 e1 bd 8f 00 00 e0 10 ef 7d 28 e2 dd f5 87 c3 61 ff ee 7a bd 5e 7f 66 30 18 f4 01 00 c0 a1 d3 59 2e e6 03 4e 67 27 df 9d 2d 51 d5 0c 00 00 0e 51 55 5b 92 ef a8 f3 80 50 b8 a4 15 00 00 a0 15 8a f7 6c 05 db 20 22 19 00 00 1c e2 8b b0 9b 99 7d 6e 2b 00 00 80 cd 4f fc df 92 10 82 88 bc 76 2b d8 36 aa 4a 2b 00 00 70 8c 2a 6a 9d f2 78 cd 7c 7f 65 6f d1 0a 56 5c d2 0a 00 00 d0 0a 55 b2 49 2e 2c 47 c3 49 ad 60 2a 71 45 6a 1a b1 87 b7 82 15 97 b6 02 00 00 b4 42 b4 2a b5 C:\Program Files\GridcoinResearch\doc\gitian-building\create unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...w...n...... success or wait 2 403E4A WriteFile _vm_memsize.png 0a 00 00 00 0d 49 48 %...... PLTE...... 44 52 00 00 02 77 00 ....d^ik...... >...... @.. 00 01 6e 08 03 00 00 ...D...... _..*}...+..L...... 00 d4 25 ce 9e 00 00 .....}1....|kT..? 02 fa 50 4c 54 45 e1 n.....PCN4OvO e1 e1 e6 e7 e7 ed ed .....a/...... q.}Q...... ed ed ef df c7 bc a8 9a .b...... N..9...,....m...c../h. a0 a3 bc d0 df b6 91 ...... l...P...]...... - 64 5e 69 6b a5 bf d5 .....0b..... ec ec ec a5 d0 e7 ed db b5 3e 00 00 00 00 00 00 40 97 e1 ef f2 96 44 00 82 c1 e8 ed e3 c3 5f 00 01 2a 7d bc 00 00 2b cc 96 4c e5 e5 e6 ea ea ea e9 e9 e9 eb ee ca 7d 31 01 e0 cf b3 7c 6b 54 00 01 3f 6e 9e c5 ef d4 a0 50 43 4e 34 4f 76 4f 00 00 d4 b8 90 61 2f 05 92 b7 cf 85 a7 ac ce a9 71 9f 7d 51 80 ac d4 c1 ad 90 a7 c7 dd 00 00 62 c7 e5 f3 e1 c7 8d 4e 92 c9 39 8c ca 90 2c 00 8c c7 e9 6d af df a7 63 00 00 2f 68 dc dc dc ae d8 ea ae b4 b9 9b 6c 2e 00 00 50 c2 e2 f3 5d 81 9b b0 d0 e3 b8 df ee d1 eb f3 cb e8 f3 2d 00 00 b8 b9 bb 30 62 93 cb d5 e0 e6

Copyright Joe Security LLC 2019 Page 69 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\create unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... success or wait 7 403E4A WriteFile _vm_storage_physical_hard_disk.png 0a 00 00 00 0d 49 48 g_....PIDATx...... @...... p.s. 44 52 00 00 02 b8 00 v...... @.q[...dY.....dY...N.. 00 01 c1 08 02 00 00 O...... \..u..TU....LR.J...V8.( 00 0d 67 5f ec 00 01 .*...... ;.LS...... 8.0..8.&. aa 50 49 44 41 54 78 .D.i.9..\oH6l...PT.8....4..O.. da ec da 85 b9 84 40 ....S..a...... S...U.p...... T 0c 00 e1 e0 d2 7f 89 G...U.*.;....oQ.u.....TE&.AF. 70 df 73 17 76 91 9c .....$I.$.}..L.. bb bb cd 8f d3 40 06 71 5b e7 90 f7 64 59 d6 02 00 00 eb 64 59 96 f7 b4 4e ce 0d 4f 2e 08 82 10 00 00 5c c3 0c 75 e5 b4 54 55 00 00 c0 95 4c 52 97 4a 00 00 80 56 38 7f 28 a8 2a dd 00 00 c0 0e ac b5 c6 18 3b c1 4c 53 d5 b3 84 02 00 00 38 bf 30 0c e3 38 8e 26 c4 13 44 a4 69 1a 39 0e ff 5c 6f 48 36 6c 1f 00 00 50 54 e2 38 d2 e5 c8 8c 34 b8 f2 4f 0f 04 01 00 00 fb 53 d1 de 61 b8 f6 0f db d0 a6 b6 53 ca aa aa 55 d6 70 af a4 12 00 00 a0 14 54 47 a9 a0 fd 55 b7 2a 05 3b c5 14 c5 ff 6f 51 ea 75 ff a3 00 00 00 54 45 26 03 41 46 eb 16 1c e9 f1 a2 24 49 93 24 0e 7d e9 a8 4c d5 e8 C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3178 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_10_configure_clock.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... f.NL#...... o...D. 00 0f 50 4c 54 45 00 \hAY.s...... Z.*....>.{..... 1 00 a8 a8 a8 a8 00 00 ..E..]z.HA..t..2..D. 2gZ.R.... 00 a8 00 00 f8 fc f8 cc .G <.. .R@...... J..$.!...... 25 ec b8 00 00 0c 16 [...... }\.. 49 44 41 54 78 da ec c1 81 00 00 00 00 80 a0 fd a9 17 a9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 c7 4e 4c 23 86 01 20 8a d6 f0 99 0a bc 1d 0c d3 7f 6f 09 87 89 44 ec 5c 68 41 59 e6 73 ca 20 8c f5 90 8d dc 5a fb 2a b6 e9 d8 fc 3e eb 7b 01 90 82 14 a4 20 31 80 c2 45 01 cc 5d 7a 06 48 41 0c 18 74 1a 0c 32 e2 1e 44 17 20 32 67 5a 03 52 10 c1 d5 aa fa 47 20 3c 07 a4 20 09 52 40 80 0c b1 05 96 02 09 00 4a 18 c7 24 80 21 81 04 a1 ff 02 f2 d8 a4 5b 10 04 96 b1 12 c0 08 7d 5c 03 03 20

Copyright Joe Security LLC 2019 Page 70 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3968 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_11_partition_disks.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ...,IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... f.^0$..0....W. 00 0f 50 4c 54 45 00 .A...mFt.CG..K...**.O.bfffff.. 00 a8 a8 a8 a8 00 00 .jc][email protected].."H1 00 a8 00 00 f8 fc f8 cc '.L3..v... .@q..'..z.A.I.tCj..... 25 ec b8 00 00 0f 2c ..}...q..A.S..G 49 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 c7 5e 30 24 86 82 30 0a af e1 f8 57 90 de 41 a9 fd ef 6d 46 74 0a 43 47 9b 99 4b d2 ce e1 2a 2a 80 4f 1e 62 66 66 66 66 66 9f 1b 97 6a 63 5d 1b 57 eb 43 40 04 11 44 90 2e 9e a5 79 51 cd 9c 66 51 ff 0b 22 48 31 27 07 4c 33 85 b9 76 06 92 85 20 82 40 71 94 99 27 b7 ce 7a 10 41 ba 49 9a 74 43 6a e6 b1 df eb aa d9 91 7d de 0c e4 71 a1 ce 41 f6 53 d4 cf 47 C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 2569 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_12_choose_disk.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 .`....Q...g.s...... k.'..y 00 a8 a8 a8 a8 00 00 3...;..+..-..j.#[email protected]@.... 00 a8 00 00 f8 fc f8 cc ./[email protected].`..|..@...... ,. 25 ec b8 00 00 09 b5 V..K.....z..l.K 49 44 41 54 78 da ec c1 81 00 00 00 00 80 a0 fd a9 17 a9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f6 ce 06 d7 51 18 06 c2 67 88 73 02 e7 06 a8 f7 bf db 12 cd 1b b9 6b e1 27 e8 7f 79 33 bb 91 13 3b 7f e5 2b 84 12 2d fb d9 6a 1f 23 ff c2 be 8f eb 64 40 04 44 40 04 e4 b2 d0 d3 2f ad d0 42 bb 11 58 1e 0b 44 40 96 48 9d 60 82 0c 7c 8c d5 40 fa 13 81 08 08 1c 2c d0 56 a7 ce 4b 80 08 c8 e5 d2 7a bf e0 6c e9 4b

Copyright Joe Security LLC 2019 Page 71 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 4715 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_14_finish.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... [email protected]...... 00 02 58 04 03 00 00 F...... =..A...C...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 ..#.R...}5.$. ....m..7r.a,..A. 00 a8 a8 a8 a8 00 00 ..+.0....5...... M.y.u...... 00 a8 00 00 f8 fc f8 cc ...9..^z.XkQ.fA..r...l.....u_. 25 ec b8 00 00 12 17 X.f+..Y..Ynt.T. 49 44 41 54 78 da ec d8 01 8a 83 30 10 40 d1 bd 42 98 13 d8 1b 0c b9 ff dd 16 46 cd 96 2e 95 b2 18 d0 e5 3d 90 a1 41 0a f4 13 43 fd 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 23 ed 52 96 a9 df 7d 35 ff 24 88 20 82 08 d2 b3 6d a2 b7 37 72 cc 61 2c e4 b9 41 04 c9 9f 2b f6 30 bd 0d b5 96 35 8f 82 c4 c4 20 82 d4 87 4d 8c 79 b0 75 e6 07 11 a4 f7 16 d1 d7 dd 12 39 e6 be 5e 7a e6 58 6b 51 f3 66 41 1e 17 72 1c a4 ae 6c f9 fa c8 1a eb 75 5f e4 58 db 66 2b 8f 8b 59 de 05 59 6e 74 86 54 94 C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3405 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_15_write_changes.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... g. 00 0f 50 4c 54 45 00 s...k....OV.DD.I.C..*.y....-.< 00 a8 a8 a8 a8 00 00 ....e ...H..8...... +L.c.k{ 00 a8 00 00 f8 fc f8 cc .....F..st....);.iqt.{%#z.. 25 ec b8 00 00 0c f9 ....A.A....-..z 49 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d9 b1 03 0c 86 a1 20 08 c3 67 18 73 82 f4 06 6b ef 7f b7 b2 4f 56 95 44 44 1e 49 fc 43 0c d3 2a fa 79 89 f6 fd d1 2d b2 3c e8 b3 cf e7 65 20 80 00 02 48 c6 ba 38 b5 91 e8 ee f4 10 d7 82 00 12 ea cb 2b 4c aa 63 f5 6b 7b 20 9e 08 02 c8 18 46 dc bd 73 74 e6 83 00 92 29 3b c7 69 71 74 af 7b 25 23 7a 93 ab 1f 0a f2 b9 41 f6 41 ea 0a c5 ff 2d ab f7 7a

Copyright Joe Security LLC 2019 Page 72 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 4718 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_16_choose_a_mirror.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx....q.0.C...... 8..[. 00 02 58 04 03 00 00 .#]...^.M.T...... ! 00 68 58 9f 43 00 00 ....ty... ..2"I...!):e@...... 00 0f 50 4c 54 45 00 l2...g...... g.D..X.@..=.a.4 00 a8 a8 a8 a8 00 00 .K....r.t...... ng].F..... 00 a8 00 00 f8 fc f8 cc 2Q..cH.,...t.Z.....O..+.Oc.... 25 ec b8 00 00 12 1a .mp...{.. S.:.. 49 44 41 54 78 da ec d8 87 71 1b 30 18 43 e1 ac 80 c3 04 f1 06 38 ee bf 5b 0a 85 23 5d e8 de fd 5e 8a 4d fd 54 fd d4 7f 11 11 11 11 11 11 11 11 11 11 11 11 fd 94 f4 21 fd d6 a9 9f 74 79 be 18 08 20 80 00 32 22 49 1e ba a3 21 29 3a 65 40 de e2 06 c8 fc e7 1a 6c 32 d6 19 c4 67 10 bf 1e 08 20 de 05 ac 96 67 82 44 e7 f2 58 10 40 c6 90 3d e6 61 8e 34 12 4b b1 87 fa 08 72 f7 74 dd df c7 90 e5 cb ef c9 da ef 9e 6e 67 5d 7f 46 90 ab 0f e8 04 32 51 1c c5 63 48 8a 2c af c3 a4 74 e3 5a f7 f7 fe 8b e6 4f cb 9d 2b de 4f 63 9d e6 9c 7f d0 6d 70 00 f9 90 7b c7 03 20 53 e2 3a 88 ae C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3005 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_18_proxy_settings.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ...iIDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 .`....q...g.....L...... 4..... 00 a8 a8 a8 a8 00 00 ...K3....&,...|<|[email protected] 00 a8 00 00 f8 fc f8 cc .`l8.Gq....~....b.dX.%...u.H.. 25 ec b8 00 00 0b 69 ,([email protected] .. 49 44 41 54 78 da ec c1 81 00 00 00 00 80 a0 fd a9 17 a9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 f6 cd 06 d5 71 18 06 c2 67 18 f9 04 d2 0d 4c ee 7f b7 a5 0c 83 d2 34 c2 1b f2 da f7 83 04 06 4b 33 b6 f5 fc 91 26 2c ec cf 0d 7c 3c 7c a1 ff fd 7e 7e 21 90 06 d2 40 1a c8 36 01 60 6c 38 89 47 71 a2 8a f1 8e 7e 1a c8 e4 18 62 90 64 58 9b 25 8d b1 02 75 1f 48 03 19 2c 28 51 cc 8b 40 ea 75 a5 56 03 69 20 db 86

Copyright Joe Security LLC 2019 Page 73 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3627 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_19_software_selection.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... `v.... 00 68 58 9f 43 00 00 (.....M....?...... 00 0f 50 4c 54 45 00 _x=...Z.1.|.u...... mI..QZ... 00 a8 a8 a8 a8 00 00 ..beW..VR.]Oy....$....1...... 00 a8 00 00 f8 fc f8 cc R.Y.\..\..to{.w.M...... 7..n.....1... 00 01 e0 08 02 00 00 @..'.}.@C?.....4..4(..P.Z.... 00 ba b3 4b b3 00 01 @.F..v.J.h..I....7....z0..^`J.. 20 7b 49 44 41 54 78 ...i f.3fp&vpV..9..;F...Q,..cX da a4 d4 03 ce 65 61 .qI._...4..3...LcUfVSdMf%.s 10 84 e1 59 c2 6f db .ni..f...Xt..Xr,o#.X.1.;Y...f.... b6 6d db b6 6d db d6 ....9n...... e.0 8a e7 ad 9b 3e 77 1c 4d f2 c4 87 d5 d5 df 37 bf ea 6e a9 e9 f6 af e9 31 b5 e8 0d 40 1d d0 27 f5 7d 81 40 43 3f 10 d4 88 01 d3 34 10 dc 34 28 cd c0 50 08 5a 1c ad c3 a1 40 1b 46 10 86 76 8c 4a c7 68 b8 8c 49 a7 89 e8 1a 37 dd 98 88 04 7a 30 89 a8 5e 60 4a fa a6 a2 81 fe 69 20 66 00 33 66 70 26 76 70 56 86 80 39 c4 0d 3b 46 e6 11 8f 51 2c 00 09 63 58 94 71 49 1c 5f 92 09 93 34 b9 0c 33 b5 92 0c 4c 63 55 66 56 53 64 4d 66 25 15 73 eb 6e 69 f3 1b 66 01 9b e9 58 74 db ca 58 72 2c 6f 23 13 58 d9 31 ab 3b 59 ab bb b2 66 b2 d7 f6 b2 d7 1d 1b fb 39 6e 9b 07 c8 c5 16 0e 65 fb 30

Copyright Joe Security LLC 2019 Page 74 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 4056 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_20_install_grub.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 ..=3.....h...... {.oYO...d.... 00 a8 a8 a8 a8 00 00 ...... sh...<"M~.

Copyright Joe Security LLC 2019 Page 75 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 2684 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_22_finish_installation.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %..... 44 52 00 00 03 20 00 (IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 ...... T.a.....<...n 00 a8 a8 a8 a8 00 00 `t...b..us ....cEVR...... |..~lF 00 a8 00 00 f8 fc f8 cc ....A|fg8wf.}..5...... 2..H.. 25 ec b8 00 00 0a 28 ...... O...... % 49 44 41 54 78 01 ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d9 b1 13 54 bd 61 18 08 c0 f2 0d 3c f8 04 7f 6e 60 74 ff bb b5 62 10 0f 75 73 20 cd c6 9b 01 63 45 56 52 f0 d7 fd 9c e0 b6 7c f0 fd 7e 6c 46 20 02 11 c8 8b 41 7c 66 67 38 77 66 96 7d 80 a9 35 cf d7 99 02 d9 0f 32 bf d6 48 18 9f 7f 05 19 ff 00 19 b9 4f 2e f6 0e 83 08 04 25 C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 5555 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_2_select_a_language.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 [email protected][.SA..... 00 02 58 04 03 00 00 M7 00 68 58 9f 43 00 00 yl.BDe.6...d.9...E...KDDDD 00 0f 50 4c 54 45 00 DDDDDDD.L.:.... 00 a8 a8 a8 a8 00 00 [email protected].'..d. 00 a8 00 00 f8 fc f8 cc n...... i.....;.u.d<.t.&.'.z.x 25 ec b8 00 00 15 5f .....g...$.m.>..]...... ].}.}}. 49 44 41 54 78 da ec {..Z.@..

Copyright Joe Security LLC 2019 Page 76 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 4661 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_3_select_location.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... `v....(....9..6.... 00 68 58 9f 43 00 00 a..^...... !..L.`{..r.@...... 00 0f 50 4c 54 45 00 ...... K..<.R....|.h..$j4...1.. 00 a8 a8 a8 a8 00 00 ..b.:{y.{{..6b..|...... 7.L? g@ 00 a8 00 00 f8 fc f8 cc .U....e....y%m...j..9.S ....9. 25 ec b8 00 00 11 e1 .Q.....m..y.|+. 49 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 76 ec c2 0a a1 28 86 c1 f0 0c 39 9d 00 36 e8 c9 fe bb 61 97 e2 5e fc 0f 9e e7 f7 c3 bf 21 fa 88 4c be 60 7b fd f9 72 10 40 00 01 c4 a9 91 b0 1a 93 f7 81 00 92 9b 4b ac 8d 3c 84 52 95 d0 a9 d4 7c 95 68 05 01 24 6a 34 af 04 d1 31 10 b5 82 00 62 af 3a 7b 79 09 7b 7b da f2 36 62 d5 d5 7c db f3 c6 aa 8b f0 37 80 4c 3f 20 67 40 ea 55 92 cb db c5 65 1b ab 2e b9 79 25 6d f7 8a ea 6a 9e 0f 39 e6 53 20 93 0f ff 0c 39 00 d1 51 10 1d 80 d4 83 6d a4 cf 79 85 7c 2b 88 C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 4166 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_4_configure_keyboard.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 .;@m....|.g...... P4..d.n.{ 00 68 58 9f 43 00 00 .P..`...... '.T...... 4W.. 00 0f 50 4c 54 45 00 }...Q..u..B..G..d 8..hW... ..Y 00 a8 a8 a8 a8 00 00 d.. .1....(`...... \.d..|..ft.B..#.... 00 a8 00 00 f8 fc f8 cc (T..'.Z.4...Rc&..\..... 25 ec b8 00 00 0f f2 49 .A:*...... g-Y 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 98 bd 3b 40 6d 1e 86 a1 00 7c 86 67 9d c0 be 81 d0 fd ef f6 ff 95 50 34 13 d2 64 a5 6e 0a 7b 82 50 c9 d2 60 ec c3 b5 09 c0 d6 05 a6 e8 b8 27 fa 54 11 84 20 bf 0a 82 10 c4 34 57 c4 80 7d 18 00 c5 51 c8 f5 75 bd 04 42 10 ad 47 d2 a0 64 20 38 06 91 68 57 b9 04 84 20 12 0b 59 64 e8 9d 20 04 31 83 88 c5 9a 28 60 aa 02 a8 af 99 c5 5c ce 64 0d f1 7c 9a db 66 74 0f 42 90 f1 23 9e 81 04 8a 28 54 cc bc 27 90 5a 03 34 07 b3 8e 52 63 26 e7 a6 5c 14 1e d3 ef f0 d7 41 3a 2a 2e 80 84 c4 0c 82 19 e4 67 2d 59

Copyright Joe Security LLC 2019 Page 77 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3054 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_5_configure_the_network.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 ..}.Am....|..N .`...... C.%.S7. 00 a8 a8 a8 a8 00 00 i=...?.a...B.7.

Copyright Joe Security LLC 2019 Page 78 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 5234 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_6a_set_up_root_password.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...1...... g^...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 v...... p..*.;...... 00 0f 50 4c 54 45 00 ...... 9...... 1.A*.D. 00 a8 a8 a8 a8 00 00 {D^...1H...I...... b...3. 00 a8 00 00 f8 fc f8 cc #..4.}U..3.....j;U...}A..Q&.@ 25 ec b8 00 00 14 1e r....9.S.jfKf... 49 44 41 54 78 da ec c0 31 01 00 00 00 c2 20 0f fb 67 5e 11 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 76 ec c3 c4 81 20 86 c2 70 0d 83 2a b0 3b 10 ea bf b7 1b 1e fc ec c9 eb 9c c3 13 88 1b 85 bd f4 39 9f 88 f1 92 d8 9c 98 7f f7 ef f1 a1 20 06 31 88 41 2a e9 44 8d 7b 44 5e b0 b3 06 31 48 2e 19 18 49 86 fa d5 20 06 09 15 ef 05 62 90 aa 11 33 a9 23 aa cd 34 0f 7d 55 7f a9 33 b5 c7 8c dd d9 6a 3b 55 ef 0c b2 7d 41 1c 03 51 26 b5 40 72 d6 9c c9 9c 39 e8 53 87 6a 66 4b 66 fc df e1 C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3533 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_7_set_up_user_fullname.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ...yIDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 3.T.a...!. 00 0f 50 4c 54 45 00 ...... o3.q(...... #..~Vm.hB.... 00 a8 a8 a8 a8 00 00 Dr...u|([email protected]'.^.n..\Mz...W] 00 a8 00 00 f8 fc f8 cc aTd._...h...H..\...... rR.4J.. 25 ec b8 00 00 0d 79 .f.P.[.F.....@. 49 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 d9 33 17 54 c7 61 18 8a ae 21 ca 0a 94 1d 84 ee 7f 6f 33 17 71 28 97 e7 17 93 e9 bf 23 81 b0 7e 56 6d 1f 68 42 fc dd b2 bc 44 72 92 ff ee 75 7c 28 90 06 d2 40 1a c8 65 27 b2 5e b0 6e 92 fd 5c 4d 7a a6 81 ec 57 5d 61 54 64 f0 5f 0b a4 81 68 d8 df 0d 48 03 b9 5c 96 f5 af e2 af eb c5 72 52 c5 34 4a ae fe ae 66 e4 50 cd 5b ad 46 f1 f7 05 b2 bd 40 0e

Copyright Joe Security LLC 2019 Page 79 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 2735 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_8_set_up_username.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %..... 44 52 00 00 03 20 00 [IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... q .. 00 0f 50 4c 54 45 00 (Z...$.X..o7^..L..[.. 00 a8 a8 a8 a8 00 00 ....oL/..4./..A..P.AZ..6.#.... 00 a8 00 00 f8 fc f8 cc D.\g`./...... |7.AZ..'uD..UV.W 25 ec b8 00 00 0a 5b ...... ;.,_ 49 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 1d bb b0 71 20 88 01 28 5a c3 ca 15 24 1d 58 d3 7f 6f 37 5e dd 0f 4c 98 e9 5b b2 b2 86 e0 0b bf 6f 4c 2f 89 c5 34 c6 2f dd 0e 41 04 f9 50 10 41 5a d2 89 36 dd 23 f2 a2 9d 11 44 90 5c 67 60 f4 2f 13 af 06 11 04 87 7c 37 10 41 5a 9b a2 27 75 44 db 9a 55 56 8f 57 d3 ba ce ac 92 19 19 bd b5 b5 d3 da 3b 83 2c 5f C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 2404 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... X.....h success or wait 1 403E4A WriteFile _install_9_user_password.png 0a 00 00 00 0d 49 48 X.C....PLTE...... %.. 44 52 00 00 03 20 00 ....IDATx...... 00 02 58 04 03 00 00 ...... 00 68 58 9f 43 00 00 ...... 00 0f 50 4c 54 45 00 [email protected]!.fE...... 00 a8 a8 a8 a8 00 00 ...... c].../[email protected] 00 a8 00 00 f8 fc f8 cc P..Wh..3.i ;....d...i ...4 ..8 25 ec b8 00 00 09 10 ...... 6sg~..).. 49 44 41 54 78 da ec c0 81 00 00 00 00 80 a0 fd a9 17 a9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 3d 33 40 75 1c 86 81 e8 19 46 39 81 74 83 90 fb df 6d 21 1a 66 45 bc a9 b7 de 96 fe 2e 1a 10 b1 ad 91 bf 9d f7 a9 d3 f4 e7 0a 1f 91 63 5d df bf 8e 2f 05 d2 40 1a 48 03 39 76 50 db 81 57 68 7f c2 33 02 69 20 3b 14 1b c8 88 64 b6 8f 03 69 20 e4 b0 ff 34 20 0d e4 38 b0 1d 87 fa db c6 36 73 67 7e cb eb 29 f5 f7

Copyright Joe Security LLC 2019 Page 80 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\debian unknown 3047 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... success or wait 1 403E4A WriteFile _root_login.png 0a 00 00 00 0d 49 48 )...... PLTE...... ,....IDATx 44 52 00 00 02 d0 00 ...... k.....~g.....w.{.{.=S!.. 00 01 90 01 03 00 00 Y.L..[...7...b)...wv.*.E..{!.. 00 bd 29 c5 2e 00 00 ...o.^!q.p%.... .nw..s.9_;.... 00 06 50 4c 54 45 00 k..D:?.2.<0...... "XH.2 00 00 a8 a8 a8 cc df .yBq...... C..H.1...B...2P.... a8 2c 00 00 0b 9c 49 ..^...!.p.^..^V..[/.p~w..K.... 44 41 54 78 da ec dc 96m.m....9..].z 01 84 a5 6b 19 07 f0 df fb 7e 67 cf f9 e8 ec cc 77 89 7b b4 7b cf 3d 53 21 90 13 59 b7 4c b7 af 5b 00 08 00 37 cd 08 c2 62 29 1a aa 9d 77 76 a7 2a c2 45 08 b2 7b 21 80 2e c2 a2 da 6f f7 5e 21 71 07 70 25 fa f6 de ca 20 f9 6e 77 aa b3 73 cf 39 5f 3b ad 0e c3 de 6b ec ce 44 3a 3f f0 32 df 3c 30 e3 ef f1 bc af c7 d2 d2 d2 d2 d2 d2 ff a8 22 58 48 80 32 1a 79 42 71 0b b0 f5 c2 9a ef 03 43 00 9d 48 e9 31 c5 df d2 42 7f 04 09 32 50 03 92 c7 14 e7 c3 5e 96 dd ad 21 a4 70 ed 5e be 8b 5e 56 d5 1b 5b 2f ba 70 7e 77 ed f1 4b cb c2 d5 b0 39 36 6d 04 6d 18 83 b0 b3 39 ae fa 5d 7f 7a C:\Program Files\GridcoinResearch\doc\gitian-building\networ unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...... success or wait 3 403E4A WriteFile k_settings.png 0a 00 00 00 0d 49 48 [....OIDATx...... A...1.?.....,|. 44 52 00 00 02 90 00 @X..!.X.5`]....Q...... 00 01 e5 08 02 00 00 {.....y...... TrH.<.R...z' 00 cd d0 5b e8 00 00 %..}...... (j.Z.a~7o...... _.is. 9b 4f 49 44 41 54 78 .....~...H...... 1.N.a(..3.. da ec cf 81 c6 02 41 ...... B.....Kp).X.O).j]..z 14 c5 f1 31 ef 3f 00 f3 ....=o.....6.?...m:[.7..I....H 02 03 06 2c 7c f8 20 2.....I3..1.-.. 40 58 0c 01 21 80 58 aa 35 60 5d 96 dc 14 19 51 dc 08 83 ff 0f 1c e0 9c e3 2e 00 00 a0 7b de 01 00 80 ee 79 07 00 00 ba e7 15 80 c1 54 72 48 a3 3c f2 52 e7 ba ac 7a 27 25 c7 ff 7d d5 ef c8 98 e2 f6 28 6a d2 5a 9e 61 7e 37 6f 08 b9 88 9a ad d3 5f 0c 69 73 b8 be b6 0c bb 93 7e d0 8e ff 48 bb 03 c0 c0 9d 01 18 dc d8 31 03 4e bb 61 28 8e ef 33 9e ef 11 00 04 b0 00 05 01 01 85 e2 42 10 16 14 97 b2 4b 70 29 b1 58 09 4f 29 15 6a 5d be c4 7a da 96 be b7 3d 6f b5 01 ce 0f e4 36 fa 3f f9 83 df 6d 3a 5b 00 37 09 97 49 03 c0 ad cd 48 32 1c 98 f6 f9 1a 49 33 b8 f9 31 ff 2d fb 94

Copyright Joe Security LLC 2019 Page 81 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\doc\gitian-building\port_f unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...t...A.....q success or wait 2 403E4A WriteFile orwarding_rules.png 0a 00 00 00 0d 49 48 T....N-IDATx...A..... 44 52 00 00 02 74 00 .g5.J..A 00 01 41 08 02 00 00 .R..U..l...r.....r.....r=..... 00 71 54 a5 1b 00 00 ...w.w`...=.;...... D.d{ 4e 2d 49 44 41 54 78 ...&...A.W.5j.....?.W...la\.C. da ec d5 41 11 00 00 .d....q%M.me\.Ckw. 0c 02 20 fb 67 35 c4 .+a\.Wf...+ 4a ec e5 41 09 52 00 a\...... Zq./.b8;.uQ.'..f.j.... e0 55 0a 00 6c e6 0a ...... T.E.J.W.5w.8....R.1.>..f 00 72 05 00 e4 0a 00 .3.B{...7.K/.". 72 05 00 b9 02 00 72 3d f6 cb c2 8a a1 20 04 82 fd 77 c9 77 60 a1 87 98 3d 8b 3b b7 13 97 93 89 cd cb df 03 c0 dd 01 44 03 64 7b d0 ba b6 26 b6 04 f9 41 18 57 96 35 6a c3 b8 96 86 d6 3f d7 57 c2 b8 12 6c 61 5c 0b 43 eb 16 64 19 d7 df 82 71 25 4d fc 6d 65 5c ab 43 6b 77 8f 20 8c 2b 61 5c 19 57 66 86 d6 8c 2b 61 5c 19 d7 cc bc e1 e1 5a 71 85 2f f3 62 38 3b ca 75 51 c3 27 93 e1 66 aa 6a e6 b7 9b 94 b0 d6 e6 ac 0f c0 54 1d 45 e3 4a 18 57 c6 35 77 bc 38 ae b9 e6 d9 52 be 31 ae 3e f7 b2 66 d4 33 c3 42 7b e9 17 bf 37 15 4b 2f 83 22 ef C:\Program Files\GridcoinResearch\doc\gitian-building\select unknown 16384 89 50 4e 47 0d 0a 1a .PNG...... IHDR...3...%...... success or wait 5 403E4A WriteFile _startup_disk.png 0a 00 00 00 0d 49 48 W...... [email protected].$.c. 44 52 00 00 02 33 00 .. 00 01 25 08 02 00 00 ..oqV...N(qw...Yp....9.....C.' 00 9e 57 f4 8e 00 01 .....%6FL..S3.#f.9@...... I)..- 16 bd 49 44 41 54 78 ....D.4.I2..3.'J=.....&."..).. da ec d9 35 c2 d7 40 e.ddT...3...... Oe..B .8...I) 14 45 f1 73 df 24 f9 63 ...... h.....O.Z...... u...UO- d6 e2 ee ec 01 6f 71 \...... :>.|r..RJ..?S.....Kc.. 56 89 d7 f8 4e 28 71 .LgL.....}[email protected] 77 99 fb b9 59 70 7f bf 98 f5 39 c9 8c ee dc b9 43 fa 27 98 a8 c8 c4 c4 25 36 46 4c f2 dc 53 33 1f 23 66 0a 39 40 00 18 87 1c ae 92 49 29 a5 1f 2d cb f4 0f d0 44 93 34 ad 49 32 d3 19 33 a1 27 4a 3d 8f 04 04 96 08 26 d5 22 8b 0a 29 a5 94 65 82 64 64 54 09 90 c0 33 fe 93 dc 93 9a de db fd 4f 65 08 1c 42 20 c6 38 e4 a0 82 49 29 a5 ef 16 a4 bf 90 15 9f 68 aa 1a ab 80 80 4f a6 5a d5 02 84 19 e3 89 75 01 02 f1 55 4f 2d 5c e1 a3 f9 e8 c9 16 a9 3a 3e b8 7c 72 18 91 52 4a ff d5 3f 53 aa 84 09 a4 f1 4b 63 c0 02 c0 4c 67 4c 1f f3 a5 bc f0 7d 41 40 08 31 4e

Copyright Joe Security LLC 2019 Page 82 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\uninstall.exe unknown 79360 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1 40360C WriteFile 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode....$...... PE..L..... 00 00 00 00 00 00 00 W...... 00 00 00 00 00 00 00 ...... uC...... 00 00 00 00 00 00 00 ..@...... ` 00 00 00 80 00 00 00 ...... 0e 1f ba 0e 00 b4 09 ...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 60 04 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 6638 00 b4 16 96 32 4a ca ....2J..L....a\.R...y}.i.[..M. success or wait 1 403CBE WriteFile 93 4c fd 0d a9 fd 61 5c ...... i2MY...... P..... bd 52 af fd ee 79 7d b6 ...... H...... [.....9G...... 69 92 5b 1b 89 4d 16 .".q..F.]/%~wB5.C.!{..(.e. 09 d4 0a f4 d2 c1 a0 [6L. cd b1 d6 94 03 69 32 +.*%B..E.LYVP...%..I....*.... 4d 59 d3 08 c8 82 1e Y..}[email protected].;!.g.}....] 13 8b 1f 50 df b8 e7 a7 .9X.....|...d..7...Z~!...... 1< fb ad be f3 c1 04 84 dc ^?.:....e.2.<(..Z.@}[...+.;U." cf 48 02 08 07 d0 99 ...... N...(E... e0 5b d7 8d 13 d4 e7 39 47 8e bf 14 1e ca df 0e 1e 22 a2 71 c1 fd 46 b5 5d 2f 25 7e 77 42 35 95 43 02 21 7b d6 13 28 c5 65 d4 5b 36 4c bd 2b f3 2a 25 42 d7 fc 45 9b 4c 59 56 50 1a ed 15 25 86 d4 49 c0 bc e4 83 2a 7f c4 ff d7 59 ec c0 7d 52 ea d9 f0 11 1c 40 fc f6 50 f7 df 1a 71 44 fe 3b 21 90 67 e7 7d 85 05 db d4 5d 97 39 58 98 0c 9d e8 02 7c ce fc b2 64 18 f1 37 c2 fc c1 5a 7e 21 00 a0 b8 cc ec c8 31 3c 5e 3f c0 3a 92 15 c9 f4 65 84 32 0a 3c 28 ce 07 5a c1 40 7d 5b d1 ef 05 2b b5 3b 55 ac 22 ce f8 da b4 f7 a0 4e ea bc 1f 28 45 cf 88 d6

Copyright Joe Security LLC 2019 Page 83 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Program Files\GridcoinResearch\uninstall.exe unknown 9534 01 00 00 00 ef be ad ...... NullsoftInst....>%..]. success or wait 1 403E4A WriteFile de 4e 75 6c 6c 73 6f ....L...... P..S-....e...... E=. 66 74 49 6e 73 74 99 ...... $....BtX...gl...... 1f 00 00 3e 25 00 00 ...... [email protected]...... A.. 5d 00 00 80 00 00 4c ap.xIg.u...... F_.P....JL.0XA 87 bc 17 bc ff ee 50 cc %Z..nEw...... j....l.J>..E.r.. b1 53 2d bb 86 ec 18 ...... U..=.?.d.I...hZ.b....X. 65 c6 14 97 a5 ad de V..Jx.Y{.rTX...... M...... ".. 45 3d bd ca 03 c0 b5 [email protected]..... 14 ad 24 03 05 1d d2 42 74 58 dd f4 af 67 6c 03 d7 c9 81 0f f7 92 e5 b9 af 9f ad c3 e8 fc da c8 1d 76 e3 33 de ad 6c 48 b4 2b fd 40 14 43 d9 de 12 0b e2 bb ac 41 1f 96 61 70 06 78 49 67 f7 75 0d 11 d4 c1 84 a6 18 46 5f d9 50 bb ee ab ac 4a 4c f2 30 58 41 25 5a 05 85 6e 45 77 a7 ba 84 9f 01 95 c6 a5 6a 92 85 08 0c 6c 04 4a 3e a2 eb 45 95 72 c4 83 f7 01 c6 e1 fa 16 a4 55 b3 db 3d d7 3f 83 64 9b 49 b6 9e 90 68 5a 81 62 9b c3 a0 9b 58 1f 56 b5 b8 4a 78 c6 59 7b fe 72 54 58 f3 9e 0c 8d e8 0e 02 7f 4d b0 f7 8f ab 9f b8 22 d0 d1 da b0 77 40 b8 ac 02 d5 ff 73 1e 9b aa df f8

File Read

Source File Path Offset Length Completion Count Address Symbol C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 512 success or wait 566 403B1B ReadFile C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 4 success or wait 1 403B1B ReadFile C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 16384 success or wait 1 403B1B ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 24997 success or wait 1 403EE7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 16384 success or wait 1 403B1B ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 16384 success or wait 2 403E9D ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 16384 success or wait 7 403E9D ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 16384 success or wait 2 403E9D ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 16384 success or wait 2 403E9D ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 11264 success or wait 1 403E9D ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 9728 success or wait 1 403E9D ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 51 403DD7 ReadFile C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 16384 success or wait 811 403B1B ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 16384 success or wait 2283 403E9D ReadFile C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 79360 success or wait 1 403B1B ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4304 success or wait 1 403EE7 ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 4 success or wait 1 403DD7 ReadFile C:\Users\user\Desktop\gridcoin-4.0.4-win64-setup (1).exe unknown 6745 success or wait 1 403B1B ReadFile C:\Users\user\AppData\Local\Temp\nsp6C9C.tmp unknown 9534 success or wait 1 403E9D ReadFile

Registry Activities

Key Created

Copyright Joe Security LLC 2019 Page 84 of 109 Source Key Path Completion Count Address Symbol HKEY_CURRENT_USER\Software\Gridcoin (64-bit) success or wait 1 402ED9 RegCreateKeyExA HKEY_CURRENT_USER\Software\Gridcoin (64-bit)\Components success or wait 1 402ED9 RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Gridcoin (64-bit) success or wait 1 402ED9 RegCreateKeyExA HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gridcoin (64-bit) success or wait 1 402ED9 RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gridcoin success or wait 1 402ED9 RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gridcoin\DefaultIcon success or wait 1 402ED9 RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gridcoin\shell success or wait 1 402ED9 RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gridcoin\shell\open success or wait 1 402ED9 RegCreateKeyExA HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gridcoin\shell\open\command success or wait 1 402ED9 RegCreateKeyExA

Key Value Created

Source Key Path Name Type Data Completion Count Address Symbol HKEY_CURRENT_USER\Software\Gridcoin (64- Main unicode 1 success or wait 1 402F85 RegSetValueExA bit)\Components HKEY_CURRENT_USER\Software\Gridcoin (64-bit) Path unicode C:\Program Files\GridcoinResearch success or wait 1 402F85 RegSetValueExA HKEY_LOCAL_MACHINE\SOFTWARE\Gridcoin (64- StartMenuGroup unicode Gridcoin success or wait 1 402F85 RegSetValueExA bit) HKEY_CURRENT_USER\Software\Mic DisplayName unicode Gridcoin (64-bit) success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- bit) HKEY_CURRENT_USER\Software\Mic DisplayVersion unicode 4.0.4 success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- bit) HKEY_CURRENT_USER\Software\Mic Publisher unicode Gridcoin project success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- bit) HKEY_CURRENT_USER\Software\Mic URLInfoAbout unicode https://gridcoin.us/ success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- bit) HKEY_CURRENT_USER\Software\Mic DisplayIcon unicode C:\Program Files\GridcoinResea success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- rch\uninstall.exe bit) HKEY_CURRENT_USER\Software\Mic UninstallString unicode C:\Program Files\GridcoinResea success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- rch\uninstall.exe bit) HKEY_CURRENT_USER\Software\Mic NoModify dword 1 success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- bit) HKEY_CURRENT_USER\Software\Mic NoRepair dword 1 success or wait 1 402F85 RegSetValueExA rosoft\Windows\CurrentVersion\Uninstall\Gridcoin (64- bit) HKEY_LOCAL_MACHINE\SOFTWARE\Cl URL Protocol unicode success or wait 1 402F85 RegSetValueExA asses\gridcoin

Key Value Modified

Source Key Path Name Type Old Data New Data Completion Count Address Symbol HKEY_LOCAL_MACHINE\SOFT NULL unicode URL:Bitcoin success or wait 1 402F85 RegSetValueExA WARE\Classes\gridcoin HKEY_LOCAL_MACHINE\SOFT NULL unicode C:\Program Files\GridcoinResea success or wait 1 402F85 RegSetValueExA WARE\Cl rch\gridcoinresearch.exe asses\gridcoin\DefaultIcon HKEY_LOCAL_MACHINE\SOFT NULL unicode "C:\Program Files\GridcoinRese success or wait 1 402F85 RegSetValueExA WARE\Cl arch\gridcoinresearch.exe" "%1" asses\gridcoin\shell\open\comm and

Analysis Process: gridcoinresearch.exe PID: 944 Parent PID: 2292

General

Start time: 21:00:53 Start date: 31/05/2019 Path: C:\Program Files\GridcoinResearch\gridcoinresearch.exe Wow64 process (32bit): false Commandline: C:\Program Files\GridcoinResearch\gridcoinresearch.exe Copyright Joe Security LLC 2019 Page 85 of 109 Imagebase: 0x400000 File size: 28627984 bytes MD5 hash: 78E48A7A001B99EBDF855A4D9CD65167 Has administrator privileges: true Programmed in: C, C++ or other language Antivirus matches: Detection: 1%, virustotal, Browse Reputation: low

File Activities

File Created

Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch read data or list normal directory file | success or wait 1 66E0F2 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log read attributes | normal synchronous io success or wait 1 596FC0 fopen synchronize | non alert | non generic write directory file C:\Users\user\AppData\Roaming\GridcoinResearch\.lock read attributes | normal synchronous io success or wait 1 473DF0 fopen synchronize | non alert | non generic write directory file C:\Users\user\AppData\Roaming\GridcoinResearch\database read data or list normal directory file | success or wait 1 66E0F2 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\GridcoinResearch\db.log read attributes | normal synchronous io success or wait 1 468541 fopen synchronize | non alert | non generic write directory file C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb read data or list normal directory file | success or wait 1 66E0F2 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\LOG read attributes | normal synchronous io success or wait 1 636C6E CreateFileW synchronize | non alert | non generic read | directory file generic write C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\LOCK read attributes | normal synchronous io success or wait 1 6370C7 CreateFileW synchronize non alert | non directory file C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\MANIFEST- read attributes | normal synchronous io success or wait 1 636C6E CreateFileW 000001 synchronize | non alert | non generic read | directory file generic write C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\000001.dbtmp read attributes | normal synchronous io success or wait 1 636C6E CreateFileW synchronize | non alert | non generic read | directory file generic write C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\000003.log read attributes | normal synchronous io success or wait 1 636C6E CreateFileW synchronize | non alert | non generic read | directory file generic write C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\MANIFEST- read attributes | normal synchronous io success or wait 1 636C6E CreateFileW 000002 synchronize | non alert | non generic read | directory file generic write C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\000002.dbtmp read attributes | normal synchronous io success or wait 1 636C6E CreateFileW synchronize | non alert | non generic read | directory file generic write C:\Users\user\AppData\Roaming\GridcoinResearch\blk0001.dat read attributes | normal synchronous io success or wait 1 4944F9 fopen synchronize | non alert | non generic write directory file C:\Users\user\AppData\Roaming\GridcoinResearch\database\log. read attributes | normal sequential only | success or wait 1 11705FE CreateFileA 0000000001 synchronize | synchronous io generic read | non alert | non generic write directory file C:\Users\user\AppData\Roaming\GridcoinResearch\__db.80000001 read attributes | normal synchronous io success or wait 1 11705FE CreateFileA .17ce4c07 synchronize | non alert | non generic read | directory file | generic write random access Copyright Joe Security LLC 2019 Page 86 of 109 Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\peers.dat.ecdd read attributes | normal synchronous io success or wait 1 4673B4 fopen synchronize | non alert | non generic write directory file C:\Users\user\AppData\Roaming\GridcoinResearch\scraper.log read attributes | normal synchronous io success or wait 1 1623129 fopen synchronize | non alert | non generic write directory file C:\ProgramData\boost_interprocess read data or list normal directory file | success or wait 1 14A4806 CreateDirectoryA directory | synchronous io synchronize non alert | open for backup ident | open reparse point

File Deleted

Source File Path Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\CURRENT success or wait 1 634E92 DeleteFileW C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\MANIFEST-000001 success or wait 1 63495C DeleteFileW

File Moved

Source Old File Path New File Path Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\000 C:\Users\user\AppData\Roaming\ success or wait 1 634DF5 MoveFileW 001.dbtmp GridcoinResearch\txleveldb\CURRENT. C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\000 C:\Users\user\AppData\Roaming\ object name collision 1 634DF5 MoveFileW 002.dbtmp GridcoinResearch\txleveldb\CURRENT. C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\000 C:\Users\user\AppData\Roaming\ success or wait 1 634EAA MoveFileW 002.dbtmp GridcoinResearch\txleveldb\CURRENT. C:\Users\user\AppData\Roaming\ C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat.d success or wait 1 11707B8 MoveFileA GridcoinResearch\__db.80000001.17ce4c07 C:\Users\user\AppData\Roaming\GridcoinResearch\peers.dat.ecd C:\Users\user\AppData\Roaming\GridcoinResearch\peers.dat success or wait 1 594855 MoveFileExA d

File Written

Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 19 53 74 61 72 74 69 6e Starting Gridcoin.. success or wait 1 596EE4 fwrite 67 20 47 72 69 64 63 6f 69 6e 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 21 49 6e 69 74 69 61 6c Initializing GUI..... success or wait 1 596EE4 fwrite 69 7a 69 6e 67 20 47 55 49 2e 2e 2e 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 35 42 6f 6f 73 74 20 56 65 Boost Version: Using success or wait 1 596EE4 fwrite 72 73 69 6f 6e 3a 20 Boost 1.65.1.. 55 73 69 6e 67 20 42 6f 6f 73 74 20 31 2e 36 35 2e 31 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 67 49 4e 46 4f 3a 20 4e INFO: success or wait 1 596EE4 fwrite 4e 3a 3a 43 72 65 61 NN::CreateNeuralNet(): N 74 65 4e 65 75 72 61 ative C++ neural network 6c 4e 65 74 28 29 3a is active... 20 4e 61 74 69 76 65 20 43 2b 2b 20 6e 65 75 72 61 6c 20 6e 65 74 77 6f 72 6b 20 69 73 20 61 63 74 69 76 65 2e 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 26 55 73 69 6e 67 20 73 Using specific arg default success or wait 1 596EE4 fwrite 70 65 63 69 66 69 63 20 61 72 67 20 64 65 66 61 75 6c 74 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 64 55 73 69 6e 67 20 74 Using the success or wait 1 596EE4 fwrite 68 65 20 27 73 73 65 'sse4(1way+4way),avx 34 28 31 77 61 79 2b 2(8way)' SHA256 34 77 61 79 29 2c 61 implementation.... 76 78 32 28 38 77 61 79 29 27 20 53 48 41 32 35 36 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 0d 0a 0d 0a

Copyright Joe Security LLC 2019 Page 87 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 36 0d 0a 0d 0a 0d 0a 0d ...... success or wait 1 596EE4 fwrite 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 64 47 72 69 64 63 6f 69 Gridcoin version v4.0.4.0- success or wait 1 596EE4 fwrite 6e 20 76 65 72 73 69 g4a64ab854 (2019-05-16 6f 6e 20 76 34 2e 30 20:18:50 +0200) 2e 34 2e 30 2d 67 34 61 36 34 61 62 38 35 34 20 28 32 30 31 39 2d 30 35 2d 31 36 20 32 30 3a 31 38 3a 35 30 20 2b 30 32 30 30 29 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 49 55 73 69 6e 67 20 4f Using OpenSSL version success or wait 1 596EE4 fwrite 70 65 6e 53 53 4c 20 OpenSSL 1.0.1k 8 Jan 76 65 72 73 69 6f 6e 2015.. 20 4f 70 65 6e 53 53 4c 20 31 2e 30 2e 31 6b 20 38 20 4a 61 6e 20 32 30 31 35 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 78 44 65 66 61 75 6c 74 Default data directory success or wait 1 596EE4 fwrite 20 64 61 74 61 20 64 C:\User 69 72 65 63 74 6f 72 s\user\AppData\Roaming\ 79 20 43 3a 5c 55 73 GridcoinResearch 65 72 73 5c 43 72 61 69 67 20 48 6f 6c 6c 61 6e 64 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 47 72 69 64 63 6f 69 6e 52 65 73 65 61 72 63 68 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 77 55 73 65 64 20 64 61 Used data directory success or wait 1 596EE4 fwrite 74 61 20 64 69 72 65 C:\Users\u 63 74 6f 72 79 20 43 ser\AppData\Roaming\Grid 3a 5c 55 73 65 72 73 coinResearch.. 5c 43 72 61 69 67 20 48 6f 6c 6c 61 6e 64 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 47 72 69 64 63 6f 69 6e 52 65 73 65 61 72 63 68 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 157 64 62 65 6e 76 2e 6f dbenv.open success or wait 1 596EE4 fwrite 70 65 6e 20 4c 6f 67 LogDir=C:\Users\use 44 69 72 3d 43 3a 5c r\AppData\Roaming\Gridco 55 73 65 72 73 5c 43 inResearch\database 72 61 69 67 20 48 6f ErrorFile=C:\Use 6c 6c 61 6e 64 5c 41 rs\user\AppData\Roaming\ 70 70 44 61 74 61 5c GridcoinResearch\db.log.. 52 6f 61 6d 69 6e 67 5c 47 72 69 64 63 6f 69 6e 52 65 73 65 61 72 63 68 5c 64 61 74 61 62 61 73 65 20 45 72 72 6f 72 46 69 6c 65 3d 43 3a 5c 55 73 65 72 73 5c 43 72 61 69 67 20 48 6f 6c 6c 61 6e 64 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 47 72 69 64 63 6f 69 6e 52 65 73 65 61 72 63 68 5c 64 62 2e 6c 6f 67 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 22 4c 6f 61 64 69 6e 67 Loading block index... success or wait 1 596EE4 fwrite 20 62 6c 6f 63 6b 20 69 6e 64 65 78 2e 2e 2e C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 11 4d 6f 64 65 3d 50 72 6f Mode=Prod.. success or wait 1 596EE4 fwrite 64 0d 0a

Copyright Joe Security LLC 2019 Page 88 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 84 4f 70 65 6e 69 6e 67 Opening LevelDB in success or wait 1 596EE4 fwrite 20 4c 65 76 65 6c 44 C:\Users\us 42 20 69 6e 20 43 3a er\AppData\Roaming\Gridc 5c 55 73 65 72 73 5c oinResearch\txleveldb 43 72 61 69 67 20 48 6f 6c 6c 61 6e 64 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 47 72 69 64 63 6f 69 6e 52 65 73 65 61 72 63 68 5c 74 78 6c 65 76 65 6c 64 62 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 29 4f 70 65 6e 65 64 20 Opened LevelDB success or wait 1 596EE4 fwrite 4c 65 76 65 6c 44 42 successfully.. 20 73 75 63 63 65 73 73 66 75 6c 6c 79 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 21 4c 6f 61 64 69 6e 67 Loading DiskIndex 0.. success or wait 1 596EE4 fwrite 20 44 69 73 6b 49 6e 64 65 78 20 30 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 66 54 69 6d 65 20 74 6f Time to memorize success or wait 1 596EE4 fwrite 20 6d 65 6d 6f 72 69 diskindex containing 0 7a 65 20 64 69 73 6b blocks : 32ms 69 6e 64 65 78 20 63 6f 6e 74 61 69 6e 69 6e 67 20 30 20 62 6c 6f 63 6b 73 20 3a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 33 32 6d 73 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 49 54 69 6d 65 20 74 6f Time to calculate Chain success or wait 1 596EE4 fwrite 20 63 61 6c 63 75 6c Trust 0ms.. 61 74 65 20 43 68 61 69 6e 20 54 72 75 73 74 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 6d 73 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 27 73 74 61 72 74 69 6e starting Genesis Check..... success or wait 1 596EE4 fwrite 67 20 47 65 6e 65 73 69 73 20 43 68 65 63 6b 2e 2e 2e 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 317 43 42 6c 6f 63 6b 28 CBlock(hash=000005a247 success or wait 1 596EE4 fwrite 68 61 73 68 3d 30 30 b397eadf 30 30 30 35 61 32 34 efa58e872bc967c2614797 37 62 33 39 37 65 61 bdc8d4d0 64 66 65 66 61 35 38 e6b09fea5c191599, ver=1, 65 38 37 32 62 63 39 hashP 36 37 63 32 36 31 34 revBlock=0000000000000 37 39 37 62 64 63 38 00000000 64 34 64 30 65 36 62 0000000000000000000000 30 39 66 65 61 35 63 000000000000000000000, 31 39 31 35 39 39 2c hashMerkleRoot= 20 76 65 72 3d 31 2c 5109d5782a26e6a5a5eb76 20 68 61 73 68 50 72 c7867f3e 65 76 42 6c 6f 63 6b 8ddae2bff026632c36afec5 3d 30 30 30 30 30 30 dc32ed8ce9f, nTime=141 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 2c 20 68 61 73 68 4d 65 72 6b 6c 65 52 6f 6f 74 3d 35 31 30 39 64 35 37 38 32 61 32 36 65 36 61 35 61 35 65 62 37 36 63 37 38 36 37 66 33 65 38 64 64 61 65 32 62 66 66 30 32 36 36 33 32 63 33 36 61 66 65 63 35 64 63 33 32 65 64 38 63 65 39 66 2c 20 6e 54 69 6d 65 3d 31 34 31 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 20 20 success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite

Copyright Joe Security LLC 2019 Page 89 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 314 43 6f 69 6e 62 61 73 Coinbase(hash=5109d578 success or wait 1 596EE4 fwrite 65 28 68 61 73 68 3d 2a, nTime=1413033777, 35 31 30 39 64 35 37 ver=1, vin.size=1, 38 32 61 2c 20 6e 54 vout.size=1, 69 6d 65 3d 31 34 31 nLockTime=0).. 33 30 33 33 37 37 37 CTxIn(COutPoint(0000000 2c 20 76 65 72 3d 31 000, 4294967295), 2c 20 76 69 6e 2e 73 coinbase 00012a 69 7a 65 3d 31 2c 20 4531302f31312f313420416 76 6f 75 74 2e 73 69 e647265 7a 65 3d 31 2c 20 6e 6120526f73736920496e64 4c 6f 63 6b 54 69 6d 75737472 65 3d 30 29 0d 0a 20 69616c2048656174207669 20 20 20 43 54 78 49 6e646963 6e 28 43 4f 75 74 50 6f 617465642077697 69 6e 74 28 30 30 30 30 30 30 30 30 30 30 2c 20 34 32 39 34 39 36 37 32 39 35 29 2c 20 63 6f 69 6e 62 61 73 65 20 30 30 30 31 32 61 34 35 33 31 33 30 32 66 33 31 33 31 32 66 33 31 33 34 32 30 34 31 36 65 36 34 37 32 36 35 36 31 32 30 35 32 36 66 37 33 37 33 36 39 32 30 34 39 36 65 36 34 37 35 37 33 37 34 37 32 36 39 36 31 36 63 32 30 34 38 36 35 36 31 37 34 32 30 37 36 36 39 36 65 36 34 36 39 36 33 36 31 37 34 36 35 36 34 32 30 37 37 36 39 37 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 17 20 20 76 4d 65 72 6b vMerkleTree: .. success or wait 1 596EE4 fwrite 6c 65 54 72 65 65 3a 20 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 10 35 31 30 39 64 35 37 5109d5782a success or wait 1 596EE4 fwrite 38 32 61 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 86 7b 53 42 43 7d 20 6e {SBC} new best success or wait 1 596EE4 fwrite 65 77 20 62 65 73 74 {000005a247b397 20 7b 30 30 30 30 30 eadfefa58e872bc967c2614 35 61 32 34 37 62 33 797bdc8 39 37 65 61 64 66 65 d4d0e6b09fea5c191599 0} 66 61 35 38 65 38 37 ; 32 62 63 39 36 37 63 32 36 31 34 37 39 37 62 64 63 38 64 34 64 30 65 36 62 30 39 66 65 61 35 63 31 39 31 35 39 39 20 30 7d 20 3b 20 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 30 20 62 6c 6f 63 6b 20 block index success or wait 1 596EE4 fwrite 69 6e 64 65 78 20 20 517ms 20 20 20 20 20 20 20 20 20 20 20 35 31 37 6d 73 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 19 4c 6f 61 64 69 6e 67 Loading wallet..... success or wait 1 596EE4 fwrite 20 77 61 6c 6c 65 74 2e 2e 2e 0d 0a

Copyright Joe Security LLC 2019 Page 90 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ unknown 8192 00 00 00 00 00 00 00 ...... success or wait 1 1170C8B WriteFile GridcoinResearch\database\log.0000000001 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ 0 95 00 00 00 00 1c 00 00 ...... /...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 99 1c 2f ab 88 09 ..C...2...... 04 00 10 00 00 00 00 __db.80000001.17ce4c07.. 00 a0 00 00 00 00 00 ...... 00 00 00 00 43 00 00 00 32 fb de 90 8f 00 00 00 02 00 00 80 00 00 00 00 00 00 00 00 17 00 00 00 5f 5f 64 62 2e 38 30 30 30 30 30 30 31 2e 31 37 63 65 34 63 30 37 00 00 00 00 00 01 00 00 00 b0 01 00 00

Copyright Joe Security LLC 2019 Page 91 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ unknown 8192 00 00 00 00 01 00 00 ...... b1...... success or wait 1 1170C8B WriteFile GridcoinResearch\__db.80000001.17ce4c07 00 00 00 00 00 62 31 ...... MZ...... 05 00 09 00 00 00 00 ...... 20 00 00 00 09 00 00 ...... 00 00 00 00 01 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 20 ...... 00 00 00 4d 5a 01 00 ...... 00 00 0d 00 20 82 a8 ...... 1b 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ unknown 8192 00 00 00 00 01 00 00 ...... success or wait 1 1170C8B WriteFile GridcoinResearch\__db.80000001.17ce4c07 00 01 00 00 00 00 00 ...... MZ...... 00 00 00 00 00 00 00 ...... 00 00 20 01 05 00 00 ...... 00 00 00 00 01 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 20 ...... 00 00 00 4d 5a 01 00 ...... 00 00 0d 00 20 82 a8 ...... 1b 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Copyright Joe Security LLC 2019 Page 92 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 95 16652 1c 00 00 00 53 20 00 ....S ..&8{...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 26 38 7b 8c 91 00 ..__db.80000001.17ce4c07 00 00 02 00 00 80 01 ...... 00 00 00 1c 00 00 00 .b1...... 17 00 00 00 5f 5f 64 62 ...MZ...... 2e 38 30 30 30 30 30 ...... 30 31 2e 31 37 63 65 ...... 34 63 30 37 00 00 00 ...... 00 00 01 00 00 00 00 ...... 20 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00 01 00 00 00 00 00 00 00 62 31 05 00 09 00 00 00 00 20 00 00 00 09 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ 16747 16927 05 41 00 00 28 00 00 .A..(...[...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 5b d3 1b 01 0c 00 ...... A..kA..W...... z...... 00 00 01 00 00 80 00 ....kA...... wallet.dat.... 00 00 00 00 00 00 00 .MZ...... 02 00 00 80 01 00 00 ...... A..D...... 1...... 00 05 41 00 00 6b 41 ..A...... 00 00 57 00 00 00 e3 ...... A..D...$._N).. db c0 7a 02 00 00 00 ...... A...... 01 00 00 80 01 00 00 ...... main 00 6b 41 00 00 03 00 00 00 0b 00 00 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 00 80 93 41 00 00 44 00 00 00 a3 bf 8b df 31 00 00 00 01 00 00 80 01 00 00 00 93 41 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 09 00 00 00 00 00 00 00 01 00 00 00 ea 41 00 00 44 00 00 00 24 16 5f 4e 29 00 00 00 01 00 00 80 01 00 00 00 ea 41 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 6d 61 69 6e

Copyright Joe Security LLC 2019 Page 93 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 0 8192 01 00 00 00 e6 62 00 .....b...... b1...... success or wait 4 1170E64 WriteFile 00 00 00 00 00 62 31 ...... MZ...... 05 00 09 00 00 00 00 ...... 20 00 00 00 09 00 00 ...... 00 00 00 00 03 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 20 ...... 00 00 00 4d 5a 01 00 ...... 00 00 0d 00 20 82 a8 ...... 1b 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ 33674 131 5a 63 00 00 57 00 00 Zc..W...... Zc.... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 dc d7 16 cf 02 00 ...... wallet.dat.....MZ...... 00 00 01 00 00 80 01 ...... 00 00 00 5a 63 00 00 .,.....e...... ~ 03 00 00 00 0b 00 00 ..\...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 8a 83 00 00 2c 00 00 00 90 7f 65 aa 0a 00 00 00 01 00 00 80 01 00 00 00 8a 83 00 00 01 00 00 00 7e f8 f1 5c f7 8e 0e 26 00 00 00 00

Copyright Joe Security LLC 2019 Page 94 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 33805 271 e1 83 00 00 57 00 00 ....W....X.)...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 f8 58 9f 29 02 00 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... H..... 00 00 00 00 00 00 02 [.)...... 00 00 00 0b 00 00 00 ...... versio 77 61 6c 6c 65 74 2e n....Zc..d...D...'^..)...... 64 61 74 00 14 00 00 ...d...... 00 4d 5a 01 00 00 00 ...... =.....d...... ,...... }. 0d 00 20 82 a8 1b 00 ...... 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 0d 84 00 00 48 00 00 00 95 80 5b 9d 29 00 00 00 03 00 00 80 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 03 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 08 00 00 00 07 76 65 72 73 69 6f 6e 01 00 00 00 5a 63 00 00 64 84 00 00 44 00 00 00 27 5e a6 9c 29 00 00 00 03 00 00 80 01 00 00 00 64 84 00 00 01 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 90 0a 3d 00 01 00 00 00 64 84 00 00 ac 84 00 00 2c 00 00 00 9b 0e ac 7d 0a 00 00 00 03 00 00 80 01 00 00 00 ac 84 00 00 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 22 6e 46 69 6c 65 56 65 nFileVersion = 4000400 success or wait 1 596EE4 fwrite 72 73 69 6f 6e 20 3d 20 34 30 30 30 34 30 30 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 54 4b 65 79 73 3a 20 30 Keys: 0 plaintext, 0 success or wait 1 596EE4 fwrite 20 70 6c 61 69 6e 74 encrypted, 0 w/ metadata, 65 78 74 2c 20 30 20 0 total 65 6e 63 72 79 70 74 65 64 2c 20 30 20 77 2f 20 6d 65 74 61 64 61 74 61 2c 20 30 20 74 6f 74 61 6c C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite

Copyright Joe Security LLC 2019 Page 95 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 24576 8192 01 00 00 00 ac 84 00 ...... success or wait 1 1170E64 WriteFile 00 03 00 00 00 00 00 ...... 00 00 00 00 00 00 02 ...... 00 ec 1f 01 05 f4 1f ec ...... 1f 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ 34076 143 f0 84 00 00 57 00 00 ....W....K...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 17 4b 1a f5 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 .8.....,...... 01 00 00 00 0b 00 00 ...... ~..\...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 1c 85 00 00 38 00 00 00 18 7f 2c b1 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 f0 84 00 00 00 00 00 00 00 00 00 00 7e f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 34 50 65 72 66 6f 72 6d Performing wallet upgrade success or wait 1 596EE4 fwrite 69 6e 67 20 77 61 6c to 60000 6c 65 74 20 75 70 67 72 61 64 65 20 74 6f 20 36 30 30 30 30 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite

Copyright Joe Security LLC 2019 Page 96 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 34219 187 73 85 00 00 4b 00 00 s...K....:.')...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 8c 3a 01 27 29 00 ...... min 00 00 04 00 00 80 00 version...... D....~..).. 00 00 00 00 00 00 00 ...... 01 00 00 00 01 00 00 ...... `...... ,.. 00 03 00 00 00 02 00 ...v...... ~..\...&.... 00 00 10 00 00 00 00 00 00 00 0b 00 00 00 0a 6d 69 6e 76 65 72 73 69 6f 6e 01 00 00 00 ac 84 00 00 ab 85 00 00 44 00 00 00 a2 7e bc 9b 29 00 00 00 04 00 00 80 01 00 00 00 ab 85 00 00 01 00 00 00 01 00 00 00 03 00 00 00 03 00 00 00 08 00 00 00 00 00 00 00 04 00 00 00 60 ea 00 00 01 00 00 00 ab 85 00 00 f6 85 00 00 2c 00 00 00 1d d2 76 b4 0a 00 00 00 04 00 00 80 01 00 00 00 f6 85 00 00 01 00 00 00 7e f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 24576 8192 01 00 00 00 f6 85 00 ...... success or wait 1 1170E64 WriteFile 00 03 00 00 00 00 00 ...... 00 00 00 00 00 00 04 ...... 00 d4 1f 01 05 f4 1f ec ...... 1f dc 1f d4 1f 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ 34406 143 3a 86 00 00 57 00 00 :...W....I...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 dd 49 1a f5 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... f.. 00 00 00 00 00 00 00 .8....m.C...... : 01 00 00 00 0b 00 00 ...... s...~..\...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 66 86 00 00 38 00 00 00 df 6d c0 43 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 3a 86 00 00 01 00 00 00 73 85 00 00 7e f8 f1 5c f7 8e 0e 26 00 00 00 00

Copyright Joe Security LLC 2019 Page 97 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 34549 226 bd 86 00 00 6a 00 00 ....j...&...)...... success or wait 101 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 26 d9 d8 ad 29 00 ...... 0...... *....key 00 00 05 00 00 80 00 meta!..a.K....}GY...P.K.5.... 00 00 00 00 00 00 00 ..Z.a..#...... L....o..). 01 00 00 00 01 00 00 ...... 00 03 00 00 00 00 00 ...... \...... 00 00 30 00 00 00 00 .._...,....g...... _... 00 00 00 2a 00 00 00 ...... \...&.... 07 6b 65 79 6d 65 74 61 21 03 e6 61 ce 4b f2 be ca d2 7d 47 59 0b bc 8a 50 9b 4b 95 35 0e b3 02 16 82 90 5a a7 61 a3 f8 23 e8 01 00 00 00 f6 85 00 00 f5 86 00 00 4c 00 00 00 d6 6f 11 ac 29 00 00 00 05 00 00 80 01 00 00 00 f5 86 00 00 01 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 10 00 00 00 00 00 00 00 0c 00 00 00 01 00 00 00 81 f8 f1 5c 00 00 00 00 01 00 00 00 f5 86 00 00 5f 87 00 00 2c 00 00 00 e5 67 84 c0 0a 00 00 00 05 00 00 80 01 00 00 00 5f 87 00 00 01 00 00 00 81 f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\ 34775 425 ab 87 00 00 66 00 00 ....f...... g)...... success or wait 101 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 07 af 15 67 29 00 ...... ,...... &....key 00 00 06 00 00 80 00 !..a.K....}GY...P.K.5...... Z.a 00 00 00 00 00 00 00 ..#....._...... 7.)..... 01 00 00 00 01 00 00 ...... 00 03 00 00 00 00 00 ...... 0...... D#,.ji.oX.h...- 00 00 2c 00 00 00 00 Io...c.y...... Ki...0.....0, 00 00 00 26 00 00 00 ..*.H.=...!...... 03 6b 65 79 21 03 e6 ...... /0 61 ce 4b f2 be ca d2 7d 47 59 0b bc 8a 50 9b 4b 95 35 0e b3 02 16 82 90 5a a7 61 a3 f8 23 e8 01 00 00 00 5f 87 00 00 d7 87 00 00 17 01 00 00 d7 80 37 d3 29 00 00 00 06 00 00 80 01 00 00 00 d7 87 00 00 01 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 dc 00 00 00 00 00 00 00 d7 00 00 00 d6 30 81 d3 02 01 01 04 20 44 23 2c 8d 6a 69 8b 6f 58 e6 68 f5 0a 7f 2d 49 6f ef c0 93 63 a6 79 f1 e0 f4 dc fd d5 d9 4b 69 a0 81 85 30 81 82 02 01 01 30 2c 06 07 2a 86 48 ce 3d 01 01 02 21 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe ff ff fc 2f 30

Copyright Joe Security LLC 2019 Page 98 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 24576 8192 01 00 00 00 3d 88 00 ....=...... h... success or wait 228 1170E64 WriteFile 00 03 00 00 00 00 00 ...... 00 00 00 00 00 00 08 ...... 00 8c 1e 01 05 68 1f ...... 8c 1e a4 1f 94 1f f4 1f ...... ec 1f dc 1f d4 1f 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C:\Users\user\AppData\Roaming\ 35200 143 54 89 00 00 57 00 00 T...W....F...... success or wait 101 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 b3 46 1a f5 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 .8...4..]...... T 01 00 00 00 0b 00 00 ...... \...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 80 89 00 00 38 00 00 00 34 da 96 5d 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 54 89 00 00 01 00 00 00 bd 86 00 00 81 f8 f1 5c f7 8e 0e 26 00 00 00 00

Copyright Joe Security LLC 2019 Page 99 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 35343 231 d7 89 00 00 4d 00 00 ....M....N.[)...... success or wait 101 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 03 4e ec 5b 29 00 ...... poo 00 00 07 00 00 80 00 l...... =...... n.....}.) 00 00 00 00 00 00 00 ...... 01 00 00 00 01 00 00 .4...... =....\....!..a. 00 03 00 00 00 02 00 K....}GY...P.K.5...... Z.a..#.. 00 00 10 00 00 00 00 ...... \...,...... s...... 00 00 00 0d 00 00 00 .\...... \...&.... 04 70 6f 6f 6c 01 00 00 00 00 00 00 00 01 00 00 00 3d 88 00 00 0f 8a 00 00 6e 00 00 00 fd 08 7d a7 29 00 00 00 07 00 00 80 01 00 00 00 0f 8a 00 00 01 00 00 00 01 00 00 00 03 00 00 00 03 00 00 00 34 00 00 00 00 00 00 00 2e 00 00 00 90 0a 3d 00 81 f8 f1 5c 00 00 00 00 21 03 e6 61 ce 4b f2 be ca d2 7d 47 59 0b bc 8a 50 9b 4b 95 35 0e b3 02 16 82 90 5a a7 61 a3 f8 23 e8 01 00 00 00 0f 8a 00 00 5c 8a 00 00 2c 00 00 00 88 0c d6 73 0a 00 00 00 07 00 00 80 01 00 00 00 5c 8a 00 00 01 00 00 00 81 f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 49152 8192 01 00 00 00 74 00 03 ....t...... (...... success or wait 1 1170E64 WriteFile 00 06 00 00 00 09 00 ..x.h.4.$...... h.X.$...... 00 00 08 00 00 00 c4 ....X.H...... |.H.8...... 00 28 06 01 05 f0 1f bc ..|.l.8.(...... l.\.(...... 1f ac 1f 78 1f 68 1f 34 ....\.L...... L.<...... p. 1f 24 1f f0 1e e0 1e ac <.,...... p.`.,...... 1e 9c 1e 68 1e 58 1e ....`.P...... P.@...... 24 1e 14 1e e0 1d d0 [email protected]...... p.`.,... 1d 9c 1d 8c 1d 58 1d ....d.T...... 48 1d 14 1d 04 1d d0 1c c0 1c 8c 1c 7c 1c 48 1c 38 1c 04 1c f4 1b c0 1b b0 1b 7c 1b 6c 1b 38 1b 28 1b f4 1a e4 1a b0 1a a0 1a 6c 1a 5c 1a 28 1a 18 1a e4 19 d4 19 a0 19 90 19 5c 19 4c 19 18 19 08 19 d4 18 c4 18 90 18 80 18 4c 18 3c 18 08 18 f8 17 c4 17 b4 17 80 17 70 17 3c 17 2c 17 f8 16 e8 16 b4 16 a4 16 70 16 60 16 2c 16 1c 16 e8 15 d8 15 a4 15 94 15 60 15 50 15 1c 15 0c 15 d8 14 c8 14 94 14 84 14 50 14 40 14 0c 14 fc 13 c8 13 b8 13 84 13 74 13 40 13 30 13 fc 12 ec 12 b8 12 e8 10 b4 10 a4 10 70 10 60 10 2c 10 dc 0f a8 0f 98 0f 64 0f 54 0f 20 0f d0 0e 9c 0e 8c

Copyright Joe Security LLC 2019 Page 100 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 196878 143 e2 00 03 00 57 00 00 ....W...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 05 cf 19 f5 02 00 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 01 .8...... 00 00 00 0b 00 00 00 ...... \...&.... 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 0e 01 03 00 38 00 00 00 15 a2 f7 bd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e2 00 03 00 01 00 00 00 ef ff 02 00 83 f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\ 197021 288 65 01 03 00 30 00 00 e...0...... 9...4...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 dd f8 04 e3 39 00 ...... U...... P...... @ 00 00 34 01 00 80 00 )...4...... 00 00 00 00 00 00 00 ...... pool...... 01 00 00 00 09 00 00 ...... t....E..)...4..... 00 01 00 00 00 55 fe ...... 4...4... 02 00 1a 00 00 00 9d .....=....\....!..a.K....}GY.. 01 03 00 50 00 00 00 .P.K.5...... Z.a..#...... 98 ef 02 40 29 00 00 ...... ,...5.: 00 34 01 00 80 01 00 00 00 9d 01 03 00 02 00 00 00 01 00 00 00 09 00 00 00 1a 00 00 00 10 00 00 00 10 00 00 00 0d 00 01 04 70 6f 6f 6c 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 9d 01 03 00 cd 01 03 00 74 00 00 00 b4 45 15 96 29 00 00 00 34 01 00 80 01 00 00 00 cd 01 03 00 02 00 00 00 01 00 00 00 09 00 00 00 1a 00 00 00 34 00 00 00 34 00 00 00 2e 00 81 90 0a 3d 00 81 f8 f1 5c 00 00 00 00 21 03 e6 61 ce 4b f2 be ca d2 7d 47 59 0b bc 8a 50 9b 4b 95 35 0e b3 02 16 82 90 5a a7 61 a3 f8 23 e8 00 00 00 00 00 00 00 01 00 00 00 cd 01 03 00 1d 02 03 00 2c 00 00 00 35 e5 3a

Copyright Joe Security LLC 2019 Page 101 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 73728 8192 01 00 00 00 1d 02 03 ...... 6...... success or wait 1 1170E64 WriteFile 00 09 00 00 00 05 00 ...... 00 00 06 00 00 00 36 ...... d.T...... 00 e0 0e 01 05 d4 1f f8 ...... T.D...... x.D.4..... 1e cc 1e f0 1d c4 1d ....x.h.4.$...... L...... D...... e8 1c bc 1c e0 1b c4 <...... 4.....|.,.....t.$. 10 e8 0f b4 1b d8 1a ....l...... d...... \...... T...... L. bc 0f e0 0e ac 1a d0 <.,...|.d.T...... |.l.4.$.<.,...... 19 a4 19 c8 18 9c 18 c0 17 94 17 b8 16 8c 16 b0 15 84 15 a8 14 98 14 64 14 54 14 20 14 10 14 dc 13 cc 13 98 13 88 13 54 13 44 13 10 13 00 13 cc 12 bc 12 88 12 78 12 44 12 34 12 00 12 f0 11 bc 11 ac 11 78 11 68 11 34 11 24 11 f0 10 f0 10 bc 10 4c 0c 18 0c c8 0b 94 0b 44 0b 10 0b c0 0a 8c 0a 3c 0a 08 0a b8 09 84 09 34 09 00 09 b0 08 7c 08 2c 08 f8 07 a8 07 74 07 24 07 f0 06 a0 06 6c 06 1c 06 e8 05 98 05 64 05 14 05 e0 04 90 04 5c 04 0c 04 d8 03 88 03 54 03 04 03 d0 02 80 02 4c 02 3c 1a 2c 1a 8c 10 7c 10 64 0b 54 0b fc 19 ec 19 bc 19 ac 19 7c 19 6c 19 34 05 24 05 3c 19 2c 19 fc 18 ec 18 bc C:\Users\user\AppData\Roaming\ 197309 143 91 02 03 00 57 00 00 ....W...v...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 76 cd 19 f5 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... 8.....? 00 00 00 00 00 00 00 |...... 01 00 00 00 0b 00 00 ...... e...... \...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 bd 02 03 00 38 00 00 00 c8 2e 3f 7c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 91 02 03 00 01 00 00 00 65 01 03 00 83 f8 f1 5c f7 8e 0e 26 00 00 00 00

Copyright Joe Security LLC 2019 Page 102 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 197452 217 14 03 03 00 4b 00 00 ....K....L..)...5...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 98 4c 11 f2 29 00 ...... def 00 00 35 01 00 80 00 aultkey....w...L...b...... v).. 00 00 00 00 00 00 00 .5...... L...... ( 01 00 00 00 01 00 00 ...... "...!..a.K....}GY...P.K 00 08 00 00 00 b4 00 .5...... Z.a..#.....L...... ,... 00 00 10 00 00 00 00 [e_.....5...... \...&.... 00 00 00 0b 00 00 00 0a 64 65 66 61 75 6c 74 6b 65 79 01 00 00 00 77 fd 02 00 4c 03 03 00 62 00 00 00 11 04 f3 76 29 00 00 00 35 01 00 80 01 00 00 00 4c 03 03 00 01 00 00 00 01 00 00 00 08 00 00 00 b5 00 00 00 28 00 00 00 00 00 00 00 22 00 00 00 21 03 e6 61 ce 4b f2 be ca d2 7d 47 59 0b bc 8a 50 9b 4b 95 35 0e b3 02 16 82 90 5a a7 61 a3 f8 23 e8 01 00 00 00 4c 03 03 00 97 03 03 00 2c 00 00 00 5b 65 5f f5 0a 00 00 00 35 01 00 80 01 00 00 00 97 03 03 00 01 00 00 00 83 f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 65536 8192 01 00 00 00 97 03 03 ...... \...... success or wait 1 1170E64 WriteFile 00 08 00 00 00 06 00 d.T.....P.@...... P.@... 00 00 00 00 00 00 b8 ..d.T...... d.T.d.T. 00 5c 09 01 05 d0 1f ....P.@...... $...... P.@... c0 1f 64 10 54 10 90 1f ...... d.T.....P.@...... 80 1f 50 1f 40 1f 10 1f d.T.$...... P.@...... 00 1f d0 1e c0 1e 90 ..d.T.....P.@...... 1e 80 1e 50 1e 40 1e P.@...... $. a4 0e 94 0e 64 0f 54 0f ..$...P.@.....$ 10 1e 00 1e e4 0a d4 0a e4 0c d4 0c d0 1d c0 1d 64 0c 54 0c 64 0e 54 0e 90 1d 80 1d 50 1d 40 1d 10 1d 00 1d d0 1c c0 1c 24 0d 14 0d 90 1c 80 1c 50 1c 40 1c 10 1c 00 1c d0 1b c0 1b 64 0d 54 0d 90 1b 80 1b 50 1b 40 1b 10 1b 00 1b d0 1a c0 1a a4 0a 94 0a 64 0b 54 0b 24 0a 14 0a 90 1a 80 1a a4 0b 94 0b 50 1a 40 1a 10 1a 00 1a d0 19 c0 19 90 19 80 19 64 0a 54 0a a4 0f 94 0f 50 19 40 19 e4 0b d4 0b 10 19 00 19 d0 18 c0 18 90 18 80 18 50 18 40 18 10 18 00 18 e4 09 d4 09 d0 17 c0 17 a4 0d 94 0d e4 0f d4 0f 90 17 80 17 24 0f 14 0f 24 0b 14 0b 50 17 40 17 10 17 00 17 24

Copyright Joe Security LLC 2019 Page 103 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\ 197669 143 f9 03 03 00 57 00 00 ....W...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 1e cc 19 f5 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... %.. 00 00 00 00 00 00 00 .8...... 01 00 00 00 0b 00 00 ...... \...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 25 04 03 00 38 00 00 00 da f1 04 bd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 f9 03 03 00 01 00 00 00 14 03 03 00 83 f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\ 197812 213 7c 04 03 00 68 00 00 |...h...... )...6...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 20 14 97 86 29 00 ...... ,...... (....nam 00 00 36 01 00 80 00 e"SEUioaVJKGJBxUT9UD 00 00 00 00 00 00 00 b1MHXVWWpf 01 00 00 00 01 00 00 iUByoX...... A....t..)... 00 09 00 00 00 1a 00 6...... 00 00 2c 00 00 00 00 ...... ,...... 00 00 00 28 00 00 00 .....6...... \...&.... 04 6e 61 6d 65 22 53 45 55 69 6f 61 56 4a 4b 47 4a 42 78 55 54 39 55 44 62 31 4d 48 58 56 57 57 70 66 69 55 42 79 6f 58 01 00 00 00 1d 02 03 00 b4 04 03 00 41 00 00 00 96 74 ae 0e 29 00 00 00 36 01 00 80 01 00 00 00 b4 04 03 00 01 00 00 00 01 00 00 00 09 00 00 00 1b 00 00 00 04 00 00 00 00 00 00 00 01 00 00 00 00 01 00 00 00 b4 04 03 00 1c 05 03 00 2c 00 00 00 18 ef da c2 0a 00 00 00 36 01 00 80 01 00 00 00 1c 05 03 00 01 00 00 00 83 f8 f1 5c f7 8e 0e 26 00 00 00 00

Copyright Joe Security LLC 2019 Page 104 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 73728 8192 01 00 00 00 1c 05 03 ...... 8...... success or wait 1 1170E64 WriteFile 00 09 00 00 00 05 00 ...... 00 00 06 00 00 00 38 ...... d.T. . 00 b0 0e 01 05 d4 1f f8 ...... T.D...... x.D.4. 1e cc 1e f0 1d c4 1d ...... x.h.4.$...L...... D...... e8 1c bc 1c e0 1b c4 <...... 4.....|.,.....t.$. 10 e8 0f b4 1b d8 1a ....l...... d...... \...... T...... L. bc 0f e0 0e ac 1a d0 <.,...|.d.T...... |.l.4.$.<.,...... 19 a4 19 c8 18 9c 18 c0 17 94 17 b8 16 8c 16 b0 15 84 15 a8 14 b4 0e b0 0e 98 14 64 14 54 14 20 14 10 14 dc 13 cc 13 98 13 88 13 54 13 44 13 10 13 00 13 cc 12 bc 12 88 12 78 12 44 12 34 12 00 12 f0 11 bc 11 ac 11 78 11 68 11 34 11 24 11 f0 10 4c 0c 18 0c c8 0b 94 0b 44 0b 10 0b c0 0a 8c 0a 3c 0a 08 0a b8 09 84 09 34 09 00 09 b0 08 7c 08 2c 08 f8 07 a8 07 74 07 24 07 f0 06 a0 06 6c 06 1c 06 e8 05 98 05 64 05 14 05 e0 04 90 04 5c 04 0c 04 d8 03 88 03 54 03 04 03 d0 02 80 02 4c 02 3c 1a 2c 1a 8c 10 7c 10 64 0b 54 0b fc 19 ec 19 bc 19 ac 19 7c 19 6c 19 34 05 24 05 3c 19 2c 19 fc 18 ec 18 bc C:\Users\user\AppData\Roaming\ 198025 143 5d 05 03 00 57 00 00 ]...W...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 ba ca 19 f5 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 .8...... ] 01 00 00 00 0b 00 00 ...... |...... \...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 89 05 03 00 38 00 00 00 e7 96 0e d0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 5d 05 03 00 01 00 00 00 7c 04 03 00 83 f8 f1 5c f7 8e 0e 26 00 00 00 00 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 30 20 77 61 6c 6c 65 74 wallet 5096ms success or wait 1 596EE4 fwrite 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 35 30 39 36 6d 73 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 39 45 52 52 4f 52 3a 20 ERROR: success or wait 1 596EE4 fwrite 43 41 64 64 72 6d 61 CAddrman::Read() : open 6e 3a 3a 52 65 61 64 failed.. 28 29 20 3a 20 6f 70 65 6e 20 66 61 69 6c 65 64 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 40 49 6e 76 61 6c 69 64 Invalid or missing success or wait 1 596EE4 fwrite 20 6f 72 20 6d 69 73 peers.dat; recreating 73 69 6e 67 20 70 65 65 72 73 2e 64 61 74 3b 20 72 65 63 72 65 61 74 69 6e 67 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 41 4c 6f 61 64 65 64 20 Loaded 0 addresses from success or wait 1 596EE4 fwrite 30 20 61 64 64 72 65 peers.dat 50ms.. 73 73 65 73 20 66 72 6f 6d 20 70 65 65 72 73 2e 64 61 74 20 20 35 30 6d 73 0d 0a

Copyright Joe Security LLC 2019 Page 105 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 29 44 6f 6e 65 20 6c 6f 61 Done loading Admin success or wait 1 596EE4 fwrite 64 69 6e 67 20 41 64 messages.. 6d 69 6e 20 6d 65 73 73 61 67 65 73 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 13 4c 6f 61 64 20 43 50 Load CPID; .. success or wait 1 596EE4 fwrite 49 44 3b 20 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 35 45 52 52 4f 52 3a 20 ERROR: Cannot find success or wait 1 596EE4 fwrite 43 61 6e 6e 6f 74 20 BOINC data dir.. 66 69 6e 64 20 42 4f 49 4e 43 20 64 61 74 61 20 64 69 72 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 55 67 65 74 66 69 6c 65 getfilecontents: file does success or wait 1 596EE4 fwrite 63 6f 6e 74 65 6e 74 not exist client_state.xml.. 73 3a 20 66 69 6c 65 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 20 63 6c 69 65 6e 74 5f 73 74 61 74 65 2e 78 6d 6c 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 31 55 6e 61 62 6c 65 20 Unable to obtain Boinc success or wait 1 596EE4 fwrite 74 6f 20 6f 62 74 61 69 CPIDs .. 6e 20 42 6f 69 6e 63 20 43 50 49 44 73 20 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 152 42 6f 69 6e 63 20 64 Boinc data directory is not success or wait 1 596EE4 fwrite 61 74 61 20 64 69 72 in the operating system's 65 63 74 6f 72 79 20 default location ..Please 69 73 20 6e 6f 74 20 move it there or specify its 69 6e 20 74 68 65 20 current location in 6f 70 65 72 61 74 69 gridcoinresearch.conf.. 6e 67 20 73 79 73 74 65 6d 27 73 20 64 65 66 61 75 6c 74 20 6c 6f 63 61 74 69 6f 6e 20 0d 0a 50 6c 65 61 73 65 20 6d 6f 76 65 20 69 74 20 74 68 65 72 65 20 6f 72 20 73 70 65 63 69 66 79 20 69 74 73 20 63 75 72 72 65 6e 74 20 6c 6f 63 61 74 69 6f 6e 20 69 6e 20 67 72 69 64 63 6f 69 6e 72 65 73 65 61 72 63 68 2e 63 6f 6e 66 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 25 20 47 65 74 74 69 6e Getting first project;.. success or wait 1 596EE4 fwrite 67 20 66 69 72 73 74 20 70 72 6f 6a 65 63 74 3b 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 33 20 46 69 6e 69 73 68 Finished getting first success or wait 1 596EE4 fwrite 65 64 20 67 65 74 74 project.. 69 6e 67 20 66 69 72 73 74 20 70 72 6f 6a 65 63 74 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 19 45 52 52 4f 52 3a 20 ERROR: Empty CPID.. success or wait 1 596EE4 fwrite 45 6d 70 74 79 20 43 50 49 44 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 12 44 6f 6e 65 20 6c 6f 61 Done loading success or wait 1 596EE4 fwrite 64 69 6e 67 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 15 47 55 49 20 4c 6f 61 GUI Loaded..... success or wait 1 596EE4 fwrite 64 65 64 2e 2e 2e 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 56 55 73 69 6e 67 20 38 Using 8 success or wait 1 596EE4 fwrite 20 4f 75 74 62 6f 75 6e OutboundConnections with 64 43 6f 6e 6e 65 63 a MaxConnections of 125 74 69 6f 6e 73 20 77 69 74 68 20 61 20 4d 61 78 43 6f 6e 6e 65 63 74 69 6f 6e 73 20 6f 66 20 31 32 35 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 19 53 63 72 61 70 65 72 Scraper disabled... success or wait 1 596EE4 fwrite 20 64 69 73 61 62 6c 65 64 2e 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 33 4e 4e 20 68 6f 75 73 NN housekeeping thread success or wait 1 596EE4 fwrite 65 6b 65 65 70 69 6e enabled... 67 20 74 68 72 65 61 64 20 65 6e 61 62 6c 65 64 2e 0d 0a

Copyright Joe Security LLC 2019 Page 106 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 35 53 74 61 6b 65 4d 69 StakeMiner: success or wait 1 596EE4 fwrite 6e 65 72 3a 20 66 45 fEnableStakeSplit = 0.. 6e 61 62 6c 65 53 74 61 6b 65 53 70 6c 69 74 20 3d 20 30 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 34 53 74 61 6b 65 4d 69 StakeMiner: success or wait 1 596EE4 fwrite 6e 65 72 3a 20 66 45 fEnableSideStaking = 0 6e 61 62 6c 65 53 69 64 65 53 74 61 6b 69 6e 67 20 3d 20 30 C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 191 49 4e 46 4f 3a 20 53 INFO: Scraper: success or wait 1 596EE4 fwrite 63 72 61 70 65 72 3a : Starting 20 3c 4e 65 75 72 61 Neural Network hous 6c 4e 65 74 77 6f 72 ekeeping thread (new C++ 6b 3e 3a 20 53 74 61 implementation). ..Note 72 74 69 6e 67 20 4e that this does NOT mean 65 75 72 61 6c 20 4e the NN is active. This 65 74 77 6f 72 6b 20 simply does housekeeping 68 6f 75 73 65 6b 65 functions. 65 70 69 6e 67 20 74 68 72 65 61 64 20 28 6e 65 77 20 43 2b 2b 20 69 6d 70 6c 65 6d 65 6e 74 61 74 69 6f 6e 29 2e 20 0d 0a 4e 6f 74 65 20 74 68 61 74 20 74 68 69 73 20 64 6f 65 73 20 4e 4f 54 20 6d 65 61 6e 20 74 68 65 20 4e 4e 20 69 73 20 61 63 74 69 76 65 2e 20 54 68 69 73 20 73 69 6d 70 6c 79 20 64 6f 65 73 20 68 6f 75 73 65 6b 65 65 70 69 6e 67 20 66 75 6e 63 74 69 6f 6e 73 2e C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 35 54 68 72 65 61 64 4f ThreadOpenAddedConnect success or wait 1 596EE4 fwrite 70 65 6e 41 64 64 65 ions exited.. 64 43 6f 6e 6e 65 63 74 69 6f 6e 73 20 65 78 69 74 65 64 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 43 47 65 74 4d 79 45 78 GetMyExternalIP() success or wait 1 596EE4 fwrite 74 65 72 6e 61 6c 49 returned 185.32.222.118.. 50 28 29 20 72 65 74 75 72 6e 65 64 20 31 38 35 2e 33 32 2e 32 32 32 2e 31 31 38 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 5 37 2e 2e 0d 0a 7.... success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\ 198168 143 e0 05 03 00 57 00 00 ....W...F.[...... success or wait 1 1170E64 WriteFile GridcoinResearch\database\log.0000000001 00 46 af 5b 0e 02 00 ...... wallet.dat.....MZ...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 .8.....9...... 02 00 00 00 0b 00 00 ...... \...&.... 00 77 61 6c 6c 65 74 2e 64 61 74 00 14 00 00 00 4d 5a 01 00 00 00 0d 00 20 82 a8 1b 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 18 06 03 00 38 00 00 00 1a 7f 39 ce 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 18 06 03 00 01 00 00 00 e0 05 03 00 86 f8 f1 5c f7 8e 0e 26 00 00 00 00

Copyright Joe Security LLC 2019 Page 107 of 109 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 91 69 70 63 49 6e 69 74 ipcInit() - boost success or wait 1 596EE4 fwrite 28 29 20 2d 20 62 6f 6f interprocess exception #1: 73 74 20 69 6e 74 65 boost::interpro 72 70 72 6f 63 65 73 cess_exception::library_err 73 20 65 78 63 65 70 or.. 74 69 6f 6e 20 23 31 3a 20 62 6f 6f 73 74 3a 3a 69 6e 74 65 72 70 72 6f 63 65 73 73 5f 65 78 63 65 70 74 69 6f 6e 3a 3a 6c 69 62 72 61 72 79 5f 65 72 72 6f 72 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 97 47 55 49 3a 20 22 72 GUI: success or wait 1 596EE4 fwrite 65 67 69 73 74 65 72 "registerShutdownBlockRe 53 68 75 74 64 6f 77 ason: Successfully 6e 42 6c 6f 63 6b 52 registered: Gridcoin didn't 65 61 73 6f 6e 3a 20 yet exit safely...".. 53 75 63 63 65 73 73 66 75 6c 6c 79 20 72 65 67 69 73 74 65 72 65 64 3a 20 47 72 69 64 63 6f 69 6e 20 64 69 64 6e 27 74 20 79 65 74 20 65 78 69 74 20 73 61 66 65 6c 79 2e 2e 2e 22 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 2 0d 0a .. success or wait 1 596EE4 fwrite C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 35 45 52 52 4f 52 3a 20 ERROR: Cannot find success or wait 1 596EE4 fwrite 43 61 6e 6e 6f 74 20 BOINC data dir.. 66 69 6e 64 20 42 4f 49 4e 43 20 64 61 74 61 20 64 69 72 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 55 67 65 74 66 69 6c 65 getfilecontents: file does success or wait 1 596EE4 fwrite 63 6f 6e 74 65 6e 74 not exist client_state.xml.. 73 3a 20 66 69 6c 65 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 20 63 6c 69 65 6e 74 5f 73 74 61 74 65 2e 78 6d 6c 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 43 42 4f 49 4e 43 20 6e 6f BOINC not installed in success or wait 1 596EE4 fwrite 74 20 69 6e 73 74 61 default location! .. 6c 6c 65 64 20 69 6e 20 64 65 66 61 75 6c 74 20 6c 6f 63 61 74 69 6f 6e 21 20 0d 0a C:\Users\user\AppData\Roaming\GridcoinResearch\debug.log unknown 35 45 52 52 4f 52 3a 20 ERROR: Cannot find success or wait 1 596EE4 fwrite 43 61 6e 6e 6f 74 20 BOINC data dir.. 66 69 6e 64 20 42 4f 49 4e 43 20 64 61 74 61 20 64 69 72 0d 0a

File Read

Source File Path Offset Length Completion Count Address Symbol C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\CURRENT unknown 8192 success or wait 1 635362 ReadFile C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\CURRENT unknown 8192 end of file 1 635362 ReadFile C:\Users\user\AppData\Roaming\GridcoinResearch\txleveldb\MANIFEST-000001 unknown 32768 success or wait 1 635362 ReadFile C:\Users\user\AppData\Roaming\GridcoinResearch\database\log.0000000001 unknown 28 end of file 1 1170A59 ReadFile C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 0 8192 success or wait 1 1170F40 ReadFile C:\Users\user\AppData\Roaming\GridcoinResearch\wallet.dat 8192 8192 success or wait 1 1170F40 ReadFile

Registry Activities

Key Created

Source Key Path Completion Count Address Symbol HKEY_CURRENT_USER\Software\Gridcoin success or wait 1 10348EB RegCreateKeyExW HKEY_CURRENT_USER\Software\Gridcoin\Gridcoin-Qt success or wait 1 10348EB RegCreateKeyExW

Source Key Path Name Type Data Completion Count Address Symbol

Code Analysis