c35bd349eed411b8afd113c3fd6cb0b25ac621b9bb6cc3dc692ebbe597bdc0e5

Analysis

max time kernel
227s
max time network
267s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2022, 13:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ZetWallet_Beta.exe
Size

60.5MB
MD5

f9f89e5376f32d472ccf86ac779c5c99
SHA1

b1141325295c7659a589a76b7a6424637412a2d9
SHA256

c35bd349eed411b8afd113c3fd6cb0b25ac621b9bb6cc3dc692ebbe597bdc0e5
SHA512

ede0f2ccaa0eb59da7586da0cfadea0b7820fb84b3aff78b16c77a5770e838ab87af4229cdb67f4dade48c4b7d89116c46064771c9453f277e80664633e3d408
SSDEEP

1572864:tywaLGMGgbcZdwIkWbLKZn7hBI/+wSI8EvBO4I4XSYOuRbk:tywAzVbcZdwIzUhBImw2mOdSSYOX

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
2796	ZetWallet.exe
2632	ZetWallet.exe
3388	ZetWallet.exe
4280	ZetWallet.exe
4088	ZetWallet.exe
2624	ZetWallet.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	ZetWallet.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	ZetWallet.exe

Loads dropped DLL 22 IoCs

pid	Process
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
2796	ZetWallet.exe
2632	ZetWallet.exe
3388	ZetWallet.exe
4280	ZetWallet.exe
2632	ZetWallet.exe
2632	ZetWallet.exe
2632	ZetWallet.exe
4280	ZetWallet.exe
4088	ZetWallet.exe
4088	ZetWallet.exe
4088	ZetWallet.exe
4088	ZetWallet.exe
4088	ZetWallet.exe
4088	ZetWallet.exe
2624	ZetWallet.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3480	tasklist.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	ZetWallet.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d601030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	ZetWallet.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c137e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	ZetWallet.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d601030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	ZetWallet.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c137e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	ZetWallet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	ZetWallet.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	ZetWallet.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	ZetWallet.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4820	ZetWallet_Beta.exe
4820	ZetWallet_Beta.exe
3480	tasklist.exe
3480	tasklist.exe
3388	ZetWallet.exe
3388	ZetWallet.exe
4280	ZetWallet.exe
4280	ZetWallet.exe
4088	ZetWallet.exe
4088	ZetWallet.exe
2624	ZetWallet.exe
2624	ZetWallet.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3480	tasklist.exe
Token: SeSecurityPrivilege	4820	ZetWallet_Beta.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 1096	4820	ZetWallet_Beta.exe	80
PID 4820 wrote to memory of 1096	4820	ZetWallet_Beta.exe	80
PID 4820 wrote to memory of 1096	4820	ZetWallet_Beta.exe	80
PID 1096 wrote to memory of 3480	1096	cmd.exe	82
PID 1096 wrote to memory of 3480	1096	cmd.exe	82
PID 1096 wrote to memory of 3480	1096	cmd.exe	82
PID 1096 wrote to memory of 5004	1096	cmd.exe	83
PID 1096 wrote to memory of 5004	1096	cmd.exe	83
PID 1096 wrote to memory of 5004	1096	cmd.exe	83
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 2632	2796	ZetWallet.exe	95
PID 2796 wrote to memory of 3388	2796	ZetWallet.exe	96
PID 2796 wrote to memory of 3388	2796	ZetWallet.exe	96
PID 2796 wrote to memory of 4280	2796	ZetWallet.exe	97
PID 2796 wrote to memory of 4280	2796	ZetWallet.exe	97
PID 2796 wrote to memory of 4088	2796	ZetWallet.exe	101
PID 2796 wrote to memory of 4088	2796	ZetWallet.exe	101
PID 2796 wrote to memory of 2624	2796	ZetWallet.exe	103
PID 2796 wrote to memory of 2624	2796	ZetWallet.exe	103

C:\Users\Admin\AppData\Local\Temp\ZetWallet_Beta.exe
"C:\Users\Admin\AppData\Local\Temp\ZetWallet_Beta.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq ZetWallet.exe" | find "ZetWallet.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1096
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq ZetWallet.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3480
- - C:\Windows\SysWOW64\find.exe
    find "ZetWallet.exe"
    3⤵
    PID:5004

C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe
"C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe
  "C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe" --type=gpu-process --field-trial-handle=1668,7287769649184383292,14914496360708820245,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1676 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2632
- C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe
  "C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe" --type=utility --field-trial-handle=1668,7287769649184383292,14914496360708820245,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1940 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe
  "C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe" --type=renderer --field-trial-handle=1668,7287769649184383292,14914496360708820245,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\ZetWallet\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4280
- C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe
  "C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe" --type=renderer --field-trial-handle=1668,7287769649184383292,14914496360708820245,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\ZetWallet\resources\app.asar" --node-integration --no-sandbox --no-zygote --enable-remote-module --background-color=#262626 --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe
  "C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe" --type=gpu-process --field-trial-handle=1668,7287769649184383292,14914496360708820245,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=2464 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\ZetWallet\D3DCompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ZetWallet.exe

Filesize
99.5MB

MD5
8bf05c7f0ed90520f438a62a6caaae04

SHA1
c742089ec7e02407a2d2810430f6c72644b6ed6c

SHA256
fd5894aa06ab5a827ca8543f2034db603ea29b7aedafdc3064902b061a2db8d8

SHA512
d57995ed9c64239b3b36ba5a2d0aab53090fb981995ab0fc9c624b86a1f953acb7dc32e8dce82c68c7d8a63955a5004e43b3dbdf943722db25c41db2adc35cb0

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\chrome_100_percent.pak

Filesize
175KB

MD5
3ff806f44723cee528a1aaee4d3a289e

SHA1
56830e7ff31f803077aed774fafebd4e6c5e6c90

SHA256
65cb11d090b32e0fb3c740a736c13c0a47cb1bcb265c084e3de5bb7474fb662f

SHA512
03dafb839308d644a9943ba66838536fbd1f606cafe392f90925ce51766b5e3a9064d60ca8463bacf7238258beded570d5a0007f3ce11c14f87b10faa2da2977

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\chrome_200_percent.pak

Filesize
312KB

MD5
bd66e8de6979dfe12cbaa29390d11a64

SHA1
967916eb7587f0163fbce50c7b4822d06e939d5a

SHA256
cd584f20aeed80fe5852d5d5656a12d25d9116d6b805ddbec3874d310925df2a

SHA512
f77bd5004d8da54e8588ffcf6962b3244b8e4a9f6310d31f0c7c44d913504577c9e3fb858078705c384649fbcf26223d8f98dd02778e259a8924028f2be3bc1c

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\d3dcompiler_47.dll

Filesize
4.3MB

MD5
fea40e5b591127ae3b065389d058a445

SHA1
621fa52fb488271c25c10c646d67e7ce5f42d4f8

SHA256
4b074a3976399dc735484f5d43d04b519b7bdee8ac719d9ab8ed6bd4e6be0345

SHA512
d2412b701d89e2762c72dd99a48283d601dd4311e3731d690cc2ab6cced20994fa67bf3fea4920291fc407cd946e20bdc85836e6786766a1b98a86febaa0e3d9

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\ffmpeg.dll

Filesize
2.2MB

MD5
7a3135b35ec373e7d4090967d82728c4

SHA1
fe70b0de243007a50c261ff344e403b1354af2c4

SHA256
6877255ff35316554b10a52986d843fbe7bc6c6c6f0b4aa26363916d796185eb

SHA512
b979548c15c029f30580b7ff078311b86978d36a27cfce2c138f780530ba39ecbba754a23bde05f3949c0c1c008817070f84706f0b7e74d0d8d17e4155ad779a

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\locales\en-US.pak

Filesize
75KB

MD5
a2201115723fd61d1e68ab001e6cdca0

SHA1
a97073e22adf7b300e702e717743cd249e64b4fb

SHA256
3333cf1fb2b0c15ea819787ba672d2274f3136e6a8729f2e5d2796b740688183

SHA512
e68c451602a0c2cd47ee3652daf1d74d87e6e61ebda9166cbb182301f03118b72288968695f85a1bcdefb45e4753ba7187dd5159b6694952f33238af39d89479

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\resources.pak

Filesize
8.9MB

MD5
5118ebd39acde0236a71fad2880add8c

SHA1
1daa8e701f17a793c0e70f4b0aa36fbb376962ae

SHA256
e3386c5fd98dc711a70eae7a9f6bf3139de3e9a15e3a022d343a459b747c6471

SHA512
925ae1d8c643e4f3c20221ae850a171e6032d9e391cf07e5efab4a4a29e8f6640973a8f0dc97704df5263ed93dfd4c32650c656fbc9874c98ab87c6131fdcaa8

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\resources\app.asar

Filesize
90.2MB

MD5
fe3c2d7d608d0fe1e152f8c713877c53

SHA1
c8d200f5218888fc296d4add72e5e2a314b3c320

SHA256
ac69d9e04312de26f583fa03a7017e36c9c70cba89f797ab48e5bee81709387b

SHA512
2a59d6db1b6643bce566261b31e1f8e92c26855ab424abda009e11cc73d9111a85eff0431c6c007f10bd0cb05f047c2ff0ec22bec0180a3182bf778091050c5f

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\swiftshader\libEGL.dll

Filesize
392KB

MD5
f1cb951b601764ecb615752aa6a6eb5d

SHA1
985c16c5e71abe9d2eb0292ca1f911451c0e5ba8

SHA256
7d226ad9f213890b37714808ab8397bf71cced005ae746dba84cd009bf6bb600

SHA512
f439a218654f37b1dea0a44aa2c052b0f783b8de19302e86dc1799a99f25744060fe5b3e6b4d909ebe3d742ea50bada2d73e621d40a72e7a1c5805ae014002f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\swiftshader\libGLESv2.dll

Filesize
3.6MB

MD5
6fe59c8fb550e7b94fdc8c252e7f408f

SHA1
dd141acd0d9631f853bafa7e11e0c5f12cc30fb7

SHA256
bc8886eb76aff294a6b0855c2c75e6ff675e24de1fdaa6294f89f64e4dad195a

SHA512
ab09359e2a654bab80f004ad694f96c533f92c34838886c82be38b6e955834c0f087a15e79f568ea9def7487bd6aee9b4270e3e20444e89945e15001a73106e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\swiftshader\libegl.dll

Filesize
392KB

MD5
f1cb951b601764ecb615752aa6a6eb5d

SHA1
985c16c5e71abe9d2eb0292ca1f911451c0e5ba8

SHA256
7d226ad9f213890b37714808ab8397bf71cced005ae746dba84cd009bf6bb600

SHA512
f439a218654f37b1dea0a44aa2c052b0f783b8de19302e86dc1799a99f25744060fe5b3e6b4d909ebe3d742ea50bada2d73e621d40a72e7a1c5805ae014002f6

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\swiftshader\libglesv2.dll

Filesize
3.6MB

MD5
6fe59c8fb550e7b94fdc8c252e7f408f

SHA1
dd141acd0d9631f853bafa7e11e0c5f12cc30fb7

SHA256
bc8886eb76aff294a6b0855c2c75e6ff675e24de1fdaa6294f89f64e4dad195a

SHA512
ab09359e2a654bab80f004ad694f96c533f92c34838886c82be38b6e955834c0f087a15e79f568ea9def7487bd6aee9b4270e3e20444e89945e15001a73106e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\ZetWallet\v8_context_snapshot.bin

Filesize
607KB

MD5
adb5d101b2d980211c8a662debbca53c

SHA1
60b02ba2e857eabb71c5fb1b49b25b8ee0672a2f

SHA256
5dff1f430af6626356963cfe4bf149362fd3ecc9bbaf765fe3184b17f6ad007b

SHA512
96a7430fcb1c2f4a5d568614c69151ce6f6b1c23d75c7eedb5966b12369f6e8025ff728597077b627c3418195a9ab07464b1c735e29d3b6e438732bdd2b31b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\33ff003b-488f-4797-a067-5609b9fd21df.tmp.node

Filesize
146KB

MD5
e85147b75f9749e9db015102b5e42837

SHA1
873fbb66ae1b7594c3cb3a510873c29bc9dfc58e

SHA256
f204d200ac35e8988553a6c0d50bed3a051b283970682c9d0f30735704caff59

SHA512
a22d3aaea3ba1284775daa28720096661cd9361827f44dcf0ffbb55c67913a47285f2f3fc8d08b0738e8226009c934fa43374cc9dcd64ecaff989f46ff3bc5f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ee80e5d-377c-49a3-94f2-c8b4594ff8b9.tmp.node

Filesize
275KB

MD5
63a7fb96a3d09b74a0cc73aff7c48f5b

SHA1
5385ae620cc0edf178e270d924d01dea591cafdf

SHA256
f00d85eb45b70e6b4456d4916793162dcacac87a49678ea3dc376912bc7392bb

SHA512
d5af761a4e158defb2d9a804ca1f8ea8cc2b99b8e2d7329dfe09f9f1596f265155d93f39dc2feef5d3d0b60615b2707d787266d603d135dfd3d3a964eea998cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\64f1ceca-84e2-40f8-9bbf-67404bae0e7d.tmp.node

Filesize
177KB

MD5
c0ab7054010b3a010767e13f803cfed5

SHA1
f770985c26fe1df0ee6d0a4b3b8948aaf3ed155a

SHA256
cd3cc9eade4dd63bbd33165588312f07487bad972fa1635dcb13ec5914d329b2

SHA512
9d35712246f6469a4d45a1c64b28bbe0f0e589c7aae8170807b22ebfd6aa3e6f57744ca2b3721d597f1840bfbe2ff43c11604260fca54112bf9a6f7d009d6cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\bb242e4a-1de7-4215-83a0-1b41055f1a0d.tmp.node

Filesize
177KB

MD5
c0ab7054010b3a010767e13f803cfed5

SHA1
f770985c26fe1df0ee6d0a4b3b8948aaf3ed155a

SHA256
cd3cc9eade4dd63bbd33165588312f07487bad972fa1635dcb13ec5914d329b2

SHA512
9d35712246f6469a4d45a1c64b28bbe0f0e589c7aae8170807b22ebfd6aa3e6f57744ca2b3721d597f1840bfbe2ff43c11604260fca54112bf9a6f7d009d6cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\c573b7be-5246-4849-904f-e361899fe3a7.tmp.node

Filesize
146KB

MD5
0907ad08dadf72234f190d0e5473990c

SHA1
be464efdda70346d59287b118f99bf7264c2b711

SHA256
d3b1715b180080bb678d0b30a30f1744e7fe65a4c5e5597a25281138b5c3501d

SHA512
9c7a4ba99c377cd83bc068f9afd06194400324997aa029cb29bb433d1f1fa6ac751df1524d20b6822a10e4e434a41e560f4b9f75718a04c19dc5351aa7a48651

Download Submit
C:\Users\Admin\AppData\Local\Temp\eaf5ba7b-e774-4e2d-9e89-7ac73ce9e567.tmp.node

Filesize
179KB

MD5
39388b949664a9d16e78ca8ec8923f50

SHA1
35aeeb79269672390246080d06536a52792241a1

SHA256
d71aaa2225454c3ac85abf09d18d67a9d5ef8c5626b24ea5c4976bf9d7514cb5

SHA512
91a2c732a4d34938ae5f0888830e059c0e7b094ce0b1d14d6483fe3a0ea112fdbbabbf321d3bce4af9f3aaa51e9c55e39280b4a1d24e141a778359b44239ac2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc81F7.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit