d33b7c5b460c4e95c8af0544053af0999f6d11773cf70e8f2cc2d69eb674b8fe

Analysis

max time kernel
134s
max time network
75s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03/04/2023, 17:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sbsetup_x86.exe
Size

51.3MB
MD5

ff6ed585f817df7ede4c13d22bd3db75
SHA1

3706db4183028024a72efe4ac0558d9dd9900c4d
SHA256

d33b7c5b460c4e95c8af0544053af0999f6d11773cf70e8f2cc2d69eb674b8fe
SHA512

d862000f87b4a3c6d636ee7aa6e670aace506ae58997e943773fe17eb5861daf4d3c81f678de4c1bf7e4a0456dbb12c7490b8b35aa5f8d9d02b36e25f5717b66
SSDEEP

786432:gxCTyXUkhSo/lXkrzyNgqJfc9efwmAGxReiZ/Rz04uBV6KncTRyhVLK3adix/vXM:yCTDkUoVkCVJUsfsGxR/Nw6mFh9YxXDQ

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
296	sb7z_x86_console.exe
1748	helper.exe
1836	slimbrowser.exe
1828	slimbrowser.exe
1620	slimbrowser.exe
1404	slimbrowser.exe
1648	slimbrowser.exe
1952	slimbrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
856	sbsetup_x86.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1748	helper.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1836	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe
1828	slimbrowser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	slimbrowser.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\SlimBrowser\AccessibleMarshal.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-convert-l1-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\vccorlib140.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Italian.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\browser\features\[email protected]	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Danish.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-handle-l1-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-filesystem-l1-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\browser\features	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Spanish.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-localization-l1-2-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-util-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\mozavcodec.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Macedonian.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Danish.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Greek.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Swedish.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-rtlsupport-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\ipcclientcerts.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\msvcp140_atomic_wait.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\biscripts\SelectElemToBlockPri.js	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Malay.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\API-MS-Win-core-xstate-l2-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\libGLESv2.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\slimbrowser.exe	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Arabic.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Lithuanian.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-conio-l1-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\freebl3.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\mozglue.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\softokn3.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\vccorlib140.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\vcruntime140.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\crashreporter.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\browser\features\[email protected]	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Hebrew.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Turkish.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\removed-files	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-memory-l1-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-locale-l1-1-0.dll	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\IA2Marshal.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\Accessible.tlb	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\browser\features\[email protected]	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Vietnamese.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\precomplete	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-console-l1-2-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-file-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-heap-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\msvcp140_2.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\biscripts\SelectElemToBlock.js	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-file-l1-2-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\msvcp140_codecvt_ids.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\omni.ja	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Turkish.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\French (France).ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Japanese.ini	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\language\Spanish.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-interlocked-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-string-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\api-ms-win-core-timezone-l1-1-0.dll	sb7z_x86_console.exe
File created	C:\Program Files (x86)\SlimBrowser\uninst.exe	sbsetup_x86.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Catalan.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Indonesian.ini	sb7z_x86_console.exe
File opened for modification	C:\Program Files (x86)\SlimBrowser\language\Korean.ini	sb7z_x86_console.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	slimbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	slimbrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	slimbrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	slimbrowser.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.ogv\OpenWithProgids	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C\shell\ = "open"	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\shell\ = "open"	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserPDF-871357197E4AF33C\shell\open\command	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C\shell\open	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\https\URL Protocol	helper.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\https\EditFlags = "2"	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\mailto\shell\ = "open"	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C\DefaultIcon\ = "C:\\Program Files (x86)\\SlimBrowser\\slimbrowser.exe,1"	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\shell\open	helper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\slimbrowser.exe\shell\open\command	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.html	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.oga	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.webm\OpenWithProgids	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.svg	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserPDF-871357197E4AF33C\shell\open\ddeexec\	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\shell\open\command\ = "\"C:\\Program Files (x86)\\SlimBrowser\\slimbrowser.exe\" -osint -url \"%1\""	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\mailto\shell	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.pdf	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserHTML-871357197E4AF33C\shell\ = "open"	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.bmp	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.flac	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.xml	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.xhtml	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.oga\OpenWithProgids	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.avif	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\DefaultIcon\ = "C:\\Program Files (x86)\\SlimBrowser\\slimbrowser.exe,1"	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\mailto\shell\open\command	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.oga	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.png	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.htm\ = "SlimBrowserHTML-871357197E4AF33C"	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.ogg	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\shell\open\command	helper.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\shell\open	helper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\slimbrowser.exe\SupportedTypes	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.webm	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.xht	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C\shell	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C\shell\open\command	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.shtml	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.shtml	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.webm	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\shell	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\https\shell\open\command	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\mailto\shell\open\command\ = "\"C:\\Program Files (x86)\\SlimBrowser\\slimbrowser.exe\" -osint -url \"%1\""	helper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\slimbrowser.exe\DefaultIcon	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.html\ = "SlimBrowserHTML-871357197E4AF33C"	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.xhtml\ = "SlimBrowserHTML-871357197E4AF33C"	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.ogv	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.avif\OpenWithProgids	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\mailto\shell\open\ddeexec\	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.avif	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.webp\OpenWithProgids	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.pdf\OpenWithProgids\SlimBrowserPDF-871357197E4AF33C	helper.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserURL-871357197E4AF33C\shell\open\command\ = "\"C:\\Program Files (x86)\\SlimBrowser\\slimbrowser.exe\" -osint -url \"%1\""	helper.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\http\EditFlags = "2"	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.gif	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.ogg	helper.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\slimbrowser.exe\SupportedTypes\.opus	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\.webp\OpenWithProgids\SlimBrowserHTML-871357197E4AF33C	helper.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserHTML-871357197E4AF33C\EditFlags = "2"	helper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\SlimBrowserPDF-871357197E4AF33C\shell\ = "open"	helper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 296	856	sbsetup_x86.exe	28
PID 856 wrote to memory of 296	856	sbsetup_x86.exe	28
PID 856 wrote to memory of 296	856	sbsetup_x86.exe	28
PID 856 wrote to memory of 296	856	sbsetup_x86.exe	28
PID 856 wrote to memory of 1748	856	sbsetup_x86.exe	31
PID 856 wrote to memory of 1748	856	sbsetup_x86.exe	31
PID 856 wrote to memory of 1748	856	sbsetup_x86.exe	31
PID 856 wrote to memory of 1748	856	sbsetup_x86.exe	31
PID 856 wrote to memory of 1456	856	sbsetup_x86.exe	32
PID 856 wrote to memory of 1456	856	sbsetup_x86.exe	32
PID 856 wrote to memory of 1456	856	sbsetup_x86.exe	32
PID 856 wrote to memory of 1456	856	sbsetup_x86.exe	32
PID 1768 wrote to memory of 1836	1768	explorer.exe	34
PID 1768 wrote to memory of 1836	1768	explorer.exe	34
PID 1768 wrote to memory of 1836	1768	explorer.exe	34
PID 1768 wrote to memory of 1836	1768	explorer.exe	34
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1836 wrote to memory of 1828	1836	slimbrowser.exe	35
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37
PID 1828 wrote to memory of 1620	1828	slimbrowser.exe	37

C:\Users\Admin\AppData\Local\Temp\sbsetup_x86.exe
"C:\Users\Admin\AppData\Local\Temp\sbsetup_x86.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:856
- C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe
  "C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe" -o"C:\Program Files (x86)\SlimBrowser" -y
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:296
- C:\Program Files (x86)\SlimBrowser\uninstall\helper.exe
  "C:\Program Files (x86)\SlimBrowser\uninstall\helper.exe" /SetAsDefaultAppUser
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:1748
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Program Files (x86)\SlimBrowser\slimbrowser.exe"
  2⤵
  PID:1456

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\SlimBrowser\slimbrowser.exe
  "C:\Program Files (x86)\SlimBrowser\slimbrowser.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1836
- - C:\Program Files (x86)\SlimBrowser\slimbrowser.exe
    "C:\Program Files (x86)\SlimBrowser\slimbrowser.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Checks processor information in registry
    - Suspicious use of WriteProcessMemory
    PID:1828
  - - C:\Program Files (x86)\SlimBrowser\slimbrowser.exe
      "C:\Program Files (x86)\SlimBrowser\slimbrowser.exe" -contentproc --channel="1828.0.409909465\925386603" -parentBuildID 20230126134838 -prefsHandle 920 -prefMapHandle 1224 -prefsLen 960 -prefMapSize 253158 -appDir "C:\Program Files (x86)\SlimBrowser\browser" - 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1284 79c150 socket
      4⤵
      Executes dropped EXE
      PID:1620
  - - C:\Program Files (x86)\SlimBrowser\slimbrowser.exe
      "C:\Program Files (x86)\SlimBrowser\slimbrowser.exe" -contentproc --channel="1828.1.22237957\2010891422" -parentBuildID 20230126134838 -prefsHandle 1524 -prefMapHandle 1508 -prefsLen 1513 -prefMapSize 253158 -appDir "C:\Program Files (x86)\SlimBrowser\browser" - 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1556 f0a0d50 gpu
      4⤵
      Executes dropped EXE
      PID:1404

C:\Program Files (x86)\SlimBrowser\slimbrowser.exe
"C:\Program Files (x86)\SlimBrowser\slimbrowser.exe"
1⤵
- Executes dropped EXE
PID:1648
- C:\Program Files (x86)\SlimBrowser\slimbrowser.exe
  "C:\Program Files (x86)\SlimBrowser\slimbrowser.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:1952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SlimBrowser\MSVCP140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Program Files (x86)\SlimBrowser\VCRUNTIME140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
2f3ed68e88962a3db91fddff116043c6

SHA1
f89f28cd1a2afb247c483ec5d3373687acd9f0f3

SHA256
94285b076bc56f70b600340cb8e462fa860745a4e259a01a5faf200365b626eb

SHA512
99965f02106a278ccffa953849546008595a38eaa21e81f6b72d8635931b6e32bdb44c96e4ed52df374ed765138ff5e2a97d6dd1878e9bb062d7d5b7332bd247

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
5ee963beea8ab70e4837b3ddc3dfa780

SHA1
08d253b2d5d44f4f01c5c8cd32a53202f46ea050

SHA256
7ec7ff7c30d637a2b2bdf202befc401d9840bd38aaf10633c7cbf03aaed80ba3

SHA512
c1cfc308a25196c1661e579f270aebb40685fbb478590be155a65cd79dda03d70ef53211fff6e1fc0c07b620ea92e05db8529b707c41e0aa7f3f82f23d764fdf

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1d309498972c67db409bff7c34ad30af

SHA1
0bc9a4d52e482129bb3e52ad6c6b12bcb3f9f27f

SHA256
2f0973102f1d2e78158e80b0eea8a5f63085cb3088624227bc89c337dcea96d3

SHA512
933380e33119a42de01d06ea2aa9970f1db5f3a9a9dcdd08d35e18ed6365f75b94cf3a146f11e6f3f3c8da118f46a6224f3fd0e2c1736c9d667b948dca794d4f

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
3041be8b8f3e2e99d6f7fafcaf428648

SHA1
9ff03d218278bd12fc1406d21d58f5c4dca8e3c2

SHA256
7f1a83c6b5d0a856ea8c7952fd4c637a9ac7e663a620571afdcec7af6c68a960

SHA512
dcb59dd2ebafa0ac64fc35dbf6b9ce3c22bd857a93e64bd64b53c9c35dec3c026b6d25c9a848968dd00cb8dd01b4b6755fa2273b540e1db7ccfce32a2a97f112

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
e162b53ff1f872345471989d20374f36

SHA1
232c1427096188e791ab0db44bf309cbefe20413

SHA256
3f61c83e3dcbe7f03195efcbabd9fd1ca75ee6359828e45733a53cc1fb1183f6

SHA512
2d60d609cb281cd4f2fa1c6369d2f75afa0d9f43df681a5f42e85f51d5bf57bb4e23c8e041b3fbae703706b8f82db9d27d1f650cf5bb9088e4f222ce1734ffd9

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a99dafdd0eb1668ae60d4898338dbed3

SHA1
504687e909f0730e3c4db6ee14578b055e99743d

SHA256
ed383bc5365e2d9ff18c0867d4e2f8682ced6e45b0875b55cfcfb7bc87e6b301

SHA512
72af70f554a66280d6ac53a0cac342dc6e0b7fb8975757a404576101fd0f7445a1bcc8778fe5d7084f382a843710af4c94a9fcb9c230931b0b8b5e5ad3dcfa53

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
b42f3df73d062dcf7c61eb3e455fe1c6

SHA1
cdba01951de434f36b9100c7db2316bd0728abac

SHA256
3d205605ed371704d2de5fa0511fb4ad2f791c81e5781ed3c4464881efd8523b

SHA512
b70c49f8494b600483a858210a5bb73c0a052460e34aa16290f32ec6af68095b38b7436fbae34273048ecd058c7fd40ce1c6184ea21171afe291c29e249253f0

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
e795f694529fc430e0b0e25884e6a24e

SHA1
6c86a0bd746f55fd731a30f378e5f21c4fb2e2b7

SHA256
0ebae37459eb25ef518c47c454e6af81b076d0fdc5fed1674806551259435584

SHA512
c71622d473c68d7ae87cba663f38c08fb1b4ec0786e364f6863fbdf2711a7faac1e5cd18ba0912c318627cd58d7fc836ef0dd993a9444c846ec298502e04fc66

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fb887fed29c62e516005fadb6838d521

SHA1
c1b783800f33aed8f67953e0816c1792e976c62a

SHA256
f989de398e969df49c108ef53f5e152eb35f7a7d0e19974aa9f24a995e5c9e11

SHA512
d895e2c83578400174bd0d316e790b1b5c7400b7e24f8ac4ab1964701821f4ae7fac4ef308e4bdd09ad774cfcd54b1f0176da0911437759439a1e2a0d99cb13d

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
49c9af5961980346905239d9988cd041

SHA1
d679539617cf74ec04d75f450ef93d94abecac28

SHA256
f7cb5d3347d5a13b8bcce06821ba75043fce87f298131e23155753b56a48297e

SHA512
f2e04aff6d502d47946d8f0f9337e81fcc9c23608163d276c3cd304b3ef42e4d07d6f00e3606a6c2f2eadefc23fda3af55c1cefb7912def815e5c339208719b0

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
16KB

MD5
0792930cced35a6b7afd0548a380d5d1

SHA1
45139b80525961c5aadffc3b4e44720f144da878

SHA256
f0e0d8b65a8cf88355a7c2fd401cee5ff4bcb7965a888f4361ad14a054517fd7

SHA512
df1ca5b417e5ec7a6600eee4e5ebb8de557ccd7883174ca47e4b69e0138c6af4afeae0cb2d2f8c3b32c128e92c725dcd4739d40911e15571bc5573289796f3d5

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
38799420c40507472fd54b3ba205db3e

SHA1
84d04a2e360f16da027b84d51aab649154979232

SHA256
eec15efdf7caa058cb7f721a1c4e5d3f1c97039c4b6bfe2b32f789e10756106f

SHA512
cde6ff6b3dc908dcf932b4e308c99589af3bcfe8aa06a416db107e948616ba7517c3ef882a59fbecf2b3ea92290f90123d5a6f4c355bc1d89a5f4745ee886833

Download Submit
C:\Program Files (x86)\SlimBrowser\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
2c4f5369a8c60a6d8107f474d2942859

SHA1
9e52ae6e0397672fdbf251217cea25201f11004a

SHA256
c8138031537a27fd364f359d48db88485c4a0d668ed2983ff5f6edf0bffcd91f

SHA512
efe27d138cdae009e4aea9aaf31c899cc60389ed644f042ff3b656c3a24fc8a98420d90ad86fa16ef95bd14b918eaaab926f2ad20ad47e0831842eec2b136a29

Download Submit
C:\Program Files (x86)\SlimBrowser\mozglue.dll

Filesize
599KB

MD5
1f9de850d03c0f3b04a6344d67959d18

SHA1
5fb5f9e1ae168223ed97ef878cbad3876e5d9290

SHA256
6d82353699fc405489acd8e23ac62b7e844d45d0f8ae1efcccbec45e20c5be09

SHA512
519dd4034f0c9c4b55600c227e24740dd8d9270ebfd084d1f922456f4bd83f7da2cdd0faf457bf9653b72fdc667c9ca59ed844687c7ea8456f5cef18ad6587e0

Download Submit
C:\Program Files (x86)\SlimBrowser\slimbrowser.exe

Filesize
807KB

MD5
c39c490ef48943961285464e699a332c

SHA1
25f8dfb9d28853e80ec044c55607a59dec02ad1e

SHA256
7190c5d5220772db241b1c880663a09652640a139ea263e71136d2a42866946d

SHA512
5ed1bde205feadf835c76c5244c6fa65c79d5802178e8ab3b5077c646dba240dc98afc7bfd7190ee75c006fb90933cf3e1173bf05221a1368c55c9365d8927f2

Download Submit
C:\Program Files (x86)\SlimBrowser\slimbrowser.exe

Filesize
807KB

MD5
c39c490ef48943961285464e699a332c

SHA1
25f8dfb9d28853e80ec044c55607a59dec02ad1e

SHA256
7190c5d5220772db241b1c880663a09652640a139ea263e71136d2a42866946d

SHA512
5ed1bde205feadf835c76c5244c6fa65c79d5802178e8ab3b5077c646dba240dc98afc7bfd7190ee75c006fb90933cf3e1173bf05221a1368c55c9365d8927f2

Download Submit
C:\Program Files (x86)\SlimBrowser\ucrtbase.DLL

Filesize
1.1MB

MD5
5fef2fd676d7a1ac1bbf2cc9ba5c1a29

SHA1
3716deef1ba1915e06111199b1b6ab9e1d0649a4

SHA256
1f1ce96469c20279003cf9ec59f452febed2dd7f6e6c055ae8019216105c8f3b

SHA512
d6ebd0a633075040237bd30447af9d88672163f40f2ecd4197c9b4fb191225212b789cd514ce2f81f695cc485173705582e4dbf6b8f9fc40c03936a31919e064

Download Submit
C:\Program Files (x86)\SlimBrowser\uninstall\helper.exe

Filesize
1.2MB

MD5
dfa5da3f0f1e1e1483d621a7277e8c33

SHA1
3814be11c676ab98b8043fa0deae9d95e37bff6a

SHA256
84037466ce3facc572ca9408a2bd15021261680af68685928c64a94327e2c8a9

SHA512
b2215e53fda12688c609e8bc632aa2c5d2c0cf16c5ed98e9da8526e0cfe087991d63b491a81109f326c75fa275b8e6c38ea37c2f9dbfeb9b68de1f6c36a3e54f

Download Submit
C:\Program Files (x86)\SlimBrowser\uninstall\helper.exe

Filesize
1.2MB

MD5
dfa5da3f0f1e1e1483d621a7277e8c33

SHA1
3814be11c676ab98b8043fa0deae9d95e37bff6a

SHA256
84037466ce3facc572ca9408a2bd15021261680af68685928c64a94327e2c8a9

SHA512
b2215e53fda12688c609e8bc632aa2c5d2c0cf16c5ed98e9da8526e0cfe087991d63b491a81109f326c75fa275b8e6c38ea37c2f9dbfeb9b68de1f6c36a3e54f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser\FlashPeak SlimBrowser.lnk

Filesize
1KB

MD5
cdbe05f8d760a4b56073148baa6d92b1

SHA1
2584e0a71711486cecdee6c6a231c28a7fd4b75f

SHA256
481ebdc0e57f0974091c30d3cd213895b2dbb22d7064c048156e2006aff117bb

SHA512
77432cdd1337124df1be463a754eb3fe433126f402f13123a7cc0a7aff83d13fdc00613e7b3b76ed32b61bf490ec0933d816b4f673398b5a69eed2ac3e87713a

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\871357197E4AF33C\update-config.json

Filesize
78B

MD5
fe74f5c38f433736ee7015868cfb159e

SHA1
f723b0032565fb3007407201963f7bb762bdd981

SHA256
3f7b3252ef3b6217ad78adb7007738601ce1eebca69f55990b64bf254bd4fc63

SHA512
19fe20baff40c195955a921ee2fe1927d00da14e0ed3eb683e5f6f026353bfcd5322a1d2399b8977bdf97bb23dfd6cc811c9a9494f019b6e404aff477316cafd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30F.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30F.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse30F.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\LangDLL.dll

Filesize
5KB

MD5
a1cd3f159ef78d9ace162f067b544fd9

SHA1
72671fdf4bfeeb99b392685bf01081b4a0b3ae66

SHA256
47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

SHA512
ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\nsDialogs.dll

Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
50.6MB

MD5
3ad0b4284ba8b6a2df14a8895b8a1247

SHA1
c013d94715066456c963f1df8b29a968e40a4bff

SHA256
a739be3b1d4512ff1730c3f11bdc6f74109bfe35509243e039b12f87a17b37b3

SHA512
8289f9a806b5c82c9b49ccad6fdf1765f2722fdc4a44eac4216ee964ff9639cf903cfa3ec1376ac193da0027d51bc92f9bf3174fcce7ad433a32a419cec5d3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
50.6MB

MD5
3ad0b4284ba8b6a2df14a8895b8a1247

SHA1
c013d94715066456c963f1df8b29a968e40a4bff

SHA256
a739be3b1d4512ff1730c3f11bdc6f74109bfe35509243e039b12f87a17b37b3

SHA512
8289f9a806b5c82c9b49ccad6fdf1765f2722fdc4a44eac4216ee964ff9639cf903cfa3ec1376ac193da0027d51bc92f9bf3174fcce7ad433a32a419cec5d3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
50.6MB

MD5
3ad0b4284ba8b6a2df14a8895b8a1247

SHA1
c013d94715066456c963f1df8b29a968e40a4bff

SHA256
a739be3b1d4512ff1730c3f11bdc6f74109bfe35509243e039b12f87a17b37b3

SHA512
8289f9a806b5c82c9b49ccad6fdf1765f2722fdc4a44eac4216ee964ff9639cf903cfa3ec1376ac193da0027d51bc92f9bf3174fcce7ad433a32a419cec5d3fd

Download Submit
C:\Users\Admin\AppData\Roaming\FlashPeak\SlimBrowser\Profiles\gvdxh19y.default-default\prefs.js

Filesize
471B

MD5
c3b5f2c2ff731061807ca55d64a7f528

SHA1
b152c7d52ffe2af7b15eb99badd8687d12cb791e

SHA256
bbdb728edd3c3a8bddecfe9119651fc1bf3f377e6e992237e6ce196c3abf83f8

SHA512
b2ad38b325d5b9b763a5c77963557d50016892288a614ef7706e33e1442e35e4976937d95e016562d0d8cc51d571262244260b6fb90cf8b1bde55f07f472dc89

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
2f3ed68e88962a3db91fddff116043c6

SHA1
f89f28cd1a2afb247c483ec5d3373687acd9f0f3

SHA256
94285b076bc56f70b600340cb8e462fa860745a4e259a01a5faf200365b626eb

SHA512
99965f02106a278ccffa953849546008595a38eaa21e81f6b72d8635931b6e32bdb44c96e4ed52df374ed765138ff5e2a97d6dd1878e9bb062d7d5b7332bd247

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
5ee963beea8ab70e4837b3ddc3dfa780

SHA1
08d253b2d5d44f4f01c5c8cd32a53202f46ea050

SHA256
7ec7ff7c30d637a2b2bdf202befc401d9840bd38aaf10633c7cbf03aaed80ba3

SHA512
c1cfc308a25196c1661e579f270aebb40685fbb478590be155a65cd79dda03d70ef53211fff6e1fc0c07b620ea92e05db8529b707c41e0aa7f3f82f23d764fdf

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1d309498972c67db409bff7c34ad30af

SHA1
0bc9a4d52e482129bb3e52ad6c6b12bcb3f9f27f

SHA256
2f0973102f1d2e78158e80b0eea8a5f63085cb3088624227bc89c337dcea96d3

SHA512
933380e33119a42de01d06ea2aa9970f1db5f3a9a9dcdd08d35e18ed6365f75b94cf3a146f11e6f3f3c8da118f46a6224f3fd0e2c1736c9d667b948dca794d4f

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
3041be8b8f3e2e99d6f7fafcaf428648

SHA1
9ff03d218278bd12fc1406d21d58f5c4dca8e3c2

SHA256
7f1a83c6b5d0a856ea8c7952fd4c637a9ac7e663a620571afdcec7af6c68a960

SHA512
dcb59dd2ebafa0ac64fc35dbf6b9ce3c22bd857a93e64bd64b53c9c35dec3c026b6d25c9a848968dd00cb8dd01b4b6755fa2273b540e1db7ccfce32a2a97f112

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
e162b53ff1f872345471989d20374f36

SHA1
232c1427096188e791ab0db44bf309cbefe20413

SHA256
3f61c83e3dcbe7f03195efcbabd9fd1ca75ee6359828e45733a53cc1fb1183f6

SHA512
2d60d609cb281cd4f2fa1c6369d2f75afa0d9f43df681a5f42e85f51d5bf57bb4e23c8e041b3fbae703706b8f82db9d27d1f650cf5bb9088e4f222ce1734ffd9

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a99dafdd0eb1668ae60d4898338dbed3

SHA1
504687e909f0730e3c4db6ee14578b055e99743d

SHA256
ed383bc5365e2d9ff18c0867d4e2f8682ced6e45b0875b55cfcfb7bc87e6b301

SHA512
72af70f554a66280d6ac53a0cac342dc6e0b7fb8975757a404576101fd0f7445a1bcc8778fe5d7084f382a843710af4c94a9fcb9c230931b0b8b5e5ad3dcfa53

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
b42f3df73d062dcf7c61eb3e455fe1c6

SHA1
cdba01951de434f36b9100c7db2316bd0728abac

SHA256
3d205605ed371704d2de5fa0511fb4ad2f791c81e5781ed3c4464881efd8523b

SHA512
b70c49f8494b600483a858210a5bb73c0a052460e34aa16290f32ec6af68095b38b7436fbae34273048ecd058c7fd40ce1c6184ea21171afe291c29e249253f0

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fb887fed29c62e516005fadb6838d521

SHA1
c1b783800f33aed8f67953e0816c1792e976c62a

SHA256
f989de398e969df49c108ef53f5e152eb35f7a7d0e19974aa9f24a995e5c9e11

SHA512
d895e2c83578400174bd0d316e790b1b5c7400b7e24f8ac4ab1964701821f4ae7fac4ef308e4bdd09ad774cfcd54b1f0176da0911437759439a1e2a0d99cb13d

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
49c9af5961980346905239d9988cd041

SHA1
d679539617cf74ec04d75f450ef93d94abecac28

SHA256
f7cb5d3347d5a13b8bcce06821ba75043fce87f298131e23155753b56a48297e

SHA512
f2e04aff6d502d47946d8f0f9337e81fcc9c23608163d276c3cd304b3ef42e4d07d6f00e3606a6c2f2eadefc23fda3af55c1cefb7912def815e5c339208719b0

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
16KB

MD5
0792930cced35a6b7afd0548a380d5d1

SHA1
45139b80525961c5aadffc3b4e44720f144da878

SHA256
f0e0d8b65a8cf88355a7c2fd401cee5ff4bcb7965a888f4361ad14a054517fd7

SHA512
df1ca5b417e5ec7a6600eee4e5ebb8de557ccd7883174ca47e4b69e0138c6af4afeae0cb2d2f8c3b32c128e92c725dcd4739d40911e15571bc5573289796f3d5

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
38799420c40507472fd54b3ba205db3e

SHA1
84d04a2e360f16da027b84d51aab649154979232

SHA256
eec15efdf7caa058cb7f721a1c4e5d3f1c97039c4b6bfe2b32f789e10756106f

SHA512
cde6ff6b3dc908dcf932b4e308c99589af3bcfe8aa06a416db107e948616ba7517c3ef882a59fbecf2b3ea92290f90123d5a6f4c355bc1d89a5f4745ee886833

Download Submit
\Program Files (x86)\SlimBrowser\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
2c4f5369a8c60a6d8107f474d2942859

SHA1
9e52ae6e0397672fdbf251217cea25201f11004a

SHA256
c8138031537a27fd364f359d48db88485c4a0d668ed2983ff5f6edf0bffcd91f

SHA512
efe27d138cdae009e4aea9aaf31c899cc60389ed644f042ff3b656c3a24fc8a98420d90ad86fa16ef95bd14b918eaaab926f2ad20ad47e0831842eec2b136a29

Download Submit
\Program Files (x86)\SlimBrowser\mozglue.dll

Filesize
599KB

MD5
1f9de850d03c0f3b04a6344d67959d18

SHA1
5fb5f9e1ae168223ed97ef878cbad3876e5d9290

SHA256
6d82353699fc405489acd8e23ac62b7e844d45d0f8ae1efcccbec45e20c5be09

SHA512
519dd4034f0c9c4b55600c227e24740dd8d9270ebfd084d1f922456f4bd83f7da2cdd0faf457bf9653b72fdc667c9ca59ed844687c7ea8456f5cef18ad6587e0

Download Submit
\Program Files (x86)\SlimBrowser\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
\Program Files (x86)\SlimBrowser\slimbrowser.exe

Filesize
807KB

MD5
c39c490ef48943961285464e699a332c

SHA1
25f8dfb9d28853e80ec044c55607a59dec02ad1e

SHA256
7190c5d5220772db241b1c880663a09652640a139ea263e71136d2a42866946d

SHA512
5ed1bde205feadf835c76c5244c6fa65c79d5802178e8ab3b5077c646dba240dc98afc7bfd7190ee75c006fb90933cf3e1173bf05221a1368c55c9365d8927f2

Download Submit
\Program Files (x86)\SlimBrowser\slimbrowser.exe

Filesize
807KB

MD5
c39c490ef48943961285464e699a332c

SHA1
25f8dfb9d28853e80ec044c55607a59dec02ad1e

SHA256
7190c5d5220772db241b1c880663a09652640a139ea263e71136d2a42866946d

SHA512
5ed1bde205feadf835c76c5244c6fa65c79d5802178e8ab3b5077c646dba240dc98afc7bfd7190ee75c006fb90933cf3e1173bf05221a1368c55c9365d8927f2

Download Submit
\Program Files (x86)\SlimBrowser\slimbrowser.exe

Filesize
807KB

MD5
c39c490ef48943961285464e699a332c

SHA1
25f8dfb9d28853e80ec044c55607a59dec02ad1e

SHA256
7190c5d5220772db241b1c880663a09652640a139ea263e71136d2a42866946d

SHA512
5ed1bde205feadf835c76c5244c6fa65c79d5802178e8ab3b5077c646dba240dc98afc7bfd7190ee75c006fb90933cf3e1173bf05221a1368c55c9365d8927f2

Download Submit
\Program Files (x86)\SlimBrowser\ucrtbase.dll

Filesize
1.1MB

MD5
5fef2fd676d7a1ac1bbf2cc9ba5c1a29

SHA1
3716deef1ba1915e06111199b1b6ab9e1d0649a4

SHA256
1f1ce96469c20279003cf9ec59f452febed2dd7f6e6c055ae8019216105c8f3b

SHA512
d6ebd0a633075040237bd30447af9d88672163f40f2ecd4197c9b4fb191225212b789cd514ce2f81f695cc485173705582e4dbf6b8f9fc40c03936a31919e064

Download Submit
\Program Files (x86)\SlimBrowser\uninstall\helper.exe

Filesize
1.2MB

MD5
dfa5da3f0f1e1e1483d621a7277e8c33

SHA1
3814be11c676ab98b8043fa0deae9d95e37bff6a

SHA256
84037466ce3facc572ca9408a2bd15021261680af68685928c64a94327e2c8a9

SHA512
b2215e53fda12688c609e8bc632aa2c5d2c0cf16c5ed98e9da8526e0cfe087991d63b491a81109f326c75fa275b8e6c38ea37c2f9dbfeb9b68de1f6c36a3e54f

Download Submit
\Program Files (x86)\SlimBrowser\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
\Users\Admin\AppData\Local\Temp\nse30F.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\LangDLL.dll

Filesize
5KB

MD5
a1cd3f159ef78d9ace162f067b544fd9

SHA1
72671fdf4bfeeb99b392685bf01081b4a0b3ae66

SHA256
47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

SHA512
ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\NSISdl.dll

Filesize
15KB

MD5
7caaf58a526da33c24cbe122e7839693

SHA1
7687112cb6593947226f8a8319d6e2d0cdef3b11

SHA256
19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

SHA512
aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\nsDialogs.dll

Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD6C.tmp\nsExec.dll

Filesize
6KB

MD5
132e6153717a7f9710dcea4536f364cd

SHA1
e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

SHA256
d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

SHA512
9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

Download Submit
\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
50.6MB

MD5
3ad0b4284ba8b6a2df14a8895b8a1247

SHA1
c013d94715066456c963f1df8b29a968e40a4bff

SHA256
a739be3b1d4512ff1730c3f11bdc6f74109bfe35509243e039b12f87a17b37b3

SHA512
8289f9a806b5c82c9b49ccad6fdf1765f2722fdc4a44eac4216ee964ff9639cf903cfa3ec1376ac193da0027d51bc92f9bf3174fcce7ad433a32a419cec5d3fd

Download Submit
\Users\Admin\AppData\Local\Temp\sb7z_x86_console.exe

Filesize
50.6MB

MD5
3ad0b4284ba8b6a2df14a8895b8a1247

SHA1
c013d94715066456c963f1df8b29a968e40a4bff

SHA256
a739be3b1d4512ff1730c3f11bdc6f74109bfe35509243e039b12f87a17b37b3

SHA512
8289f9a806b5c82c9b49ccad6fdf1765f2722fdc4a44eac4216ee964ff9639cf903cfa3ec1376ac193da0027d51bc92f9bf3174fcce7ad433a32a419cec5d3fd

Download Submit
memory/1404-1000-0x00000000001E0000-0x00000000001EA000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads