9baa8a188b6781d1b565f6433d6a22452e42e505c90fd9accbe31f3c42eefa09

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 22:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

zen.installer.exe
Size

60.5MB
MD5

82661d211a4cb7b95d2d4b0c577f14de
SHA1

b0a5f9ca33d61ad73220b45079cf85967bdd83f6
SHA256

9baa8a188b6781d1b565f6433d6a22452e42e505c90fd9accbe31f3c42eefa09
SHA512

0129f7032e2f2635b2e8002a5339da4c783f5471917b3be5d4d9e33764a702440c4e5244cc4c9bd5aeb34e8bb313e9fa544f389c6620a5f6957c70418524db00
SSDEEP

1572864:3ebV4RM7pbJ2b60lQBLn/x3NiCg7mcQDFpnSsJaMcv/Lg/DO:ubua7lJ8lQ5np3Xccphtcvk/DO

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3636	setup.exe

Loads dropped DLL 4 IoCs

pid	Process
3636	setup.exe
3636	setup.exe
3636	setup.exe
3636	setup.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/760-0-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral2/memory/760-358-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	zen.installer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 3636	760	zen.installer.exe	89
PID 760 wrote to memory of 3636	760	zen.installer.exe	89
PID 760 wrote to memory of 3636	760	zen.installer.exe	89

C:\Users\Admin\AppData\Local\Temp\zen.installer.exe
"C:\Users\Admin\AppData\Local\Temp\zen.installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:760
- C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\setup.exe
  .\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\AccessibleMarshal.dll

Filesize
20KB

MD5
2d7cf9389363d8a2e06401fbf7411cb0

SHA1
705fef58715af86d4619688aa82442f713bcab6a

SHA256
5727717987df8a7c68187a01341b1d76056e83a292cddcaf6353cf17c4189dc5

SHA512
9a458d58415d16db60ba0d695900dcb034f66b5be678689fe7d2241ad7321a94c7d1bf3d14f65427bdbdb830c0fceec6baa282088ab197d08edac3fe72b9d24d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\application.ini

Filesize
665B

MD5
187ffc8625de2de9329f0069e5f8d65a

SHA1
06c5f168698969dcc678430141e769202cd4f7ec

SHA256
70faa591c53dbce9a5818a8239bc011b98e1140f8ac1bcfe918c06dc3bef8872

SHA512
04f430111d4771082b97d47d043c5cc6993b67d8746c0d7a314d6e604adfa480720114de0179097915f1e5391dc3f0057a85def8eabf80a80f3b8bdd6366f83d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\VisualElements\PrivateBrowsing_150.png

Filesize
7KB

MD5
9219f54c4b9d9b458461f269c6a02b95

SHA1
ecdb67295d72bcd60b4433c852d5b3a59f83b576

SHA256
dd4d1a59951c7654e0b621debc05da98f0f000d44bcdeedc9d5841f4077ac5d5

SHA512
d6235b3c69fb159736564827f64c74bdb255a955beb7c9c3d60769c517a1bd7d097e6a4164becaaaae772d15ed5b3ca81575d53374a44b7bdc26d41bc0c44227

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\VisualElements\PrivateBrowsing_70.png

Filesize
3KB

MD5
5b67016ce82086fe7d1c2d09f6c91fdd

SHA1
297f8681ff44a0f4ab72d42e7a5f21f75a4ea49c

SHA256
ed243d6267ac035c8501d9959f5d6cb74dd3cc2a8b779020aeb1734dd653c6ee

SHA512
0a4cd6c654ccb00a15947189b82de1e502ea32668f448fa8a09c277a0e4672928eeb9cc1c4233a5431740865928481876adf8ac912abea702100d8e46fd7bb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\VisualElements\VisualElements_150.png

Filesize
6KB

MD5
273a7837b378dffc994757fabcbe3338

SHA1
e192184ea0576fe0a8e829324ef31493491b689a

SHA256
74b1eb2b2127dd1261aacb7fb922cdb0d8987495b85f2bbc5830370d1e54a4ce

SHA512
222d40b8fe0032c39b303bb62293591888fe61803ec6a29dd4f19b97fc503fb4edd30f49996de6566853b647d40d708166330bebfb33ada931f118e117df5234

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\VisualElements\VisualElements_70.png

Filesize
3KB

MD5
4ef1b7fafcddc005446d100cd02a76d5

SHA1
b4195fa56202cb2d9f88b90a3b19b86a3a947718

SHA256
c27dc550d19f841ad07c22b9be30430c86f4b2670cd0bc6d363f11a8bc1e6aab

SHA512
579311637890f590895865e7e3ae5ee16ac15fc23cac296e4686e6709fd60fe5f419b7dcfe17cfa54d350310c1d39642c792c60d14ae66f1b746d0ddca979fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\features\[email protected]

Filesize
102KB

MD5
6d0eca72c47c4f5fab8dc2f9855ba179

SHA1
5d796b107ccb2ae9b9d4044f859de1faef35ab4a

SHA256
4b4fc4482c19b8f4cc2a34d65d5ad4496073a8b477bad81f77661f2c70530d30

SHA512
b41e443bd66e30fde8bd582b03f8d51473474b22c0ecec6b72fd15938c5e6f2d1d8691b318dda9ab95b6aafd7d1a95626dc29fc9682474630b4c1160e1daf8b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\features\[email protected]

Filesize
64KB

MD5
8d0f50effbcd345481f47e99e2f7b3c4

SHA1
020da54373ff24d03e86f2b7f2b942b1cc8b44e4

SHA256
4e2df1c31c201c1b3763c98931a106754aac0f471bcc4d862f134a90e000047a

SHA512
ff2b3110282f6c91a7d334f56269a38bd97b6b4e451f34a58964d7bce8bf19c4f1f3d2e6a9be0a084e1687bca8014f169882e4c2ddebdb354644524d0aa01b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\features\[email protected]

Filesize
167KB

MD5
e10085f8b32fec57e1ae3ed6e5ebbba4

SHA1
c4fa6054c41b9317d34e40c3335439d85e96eaa6

SHA256
e710c857573782afe766683d142e3eb5e47fc0513fa157795f55fafddab0463a

SHA512
93660fe902068c60368283674695738b068f22f5f553b47e2037f155097505ee594e5ec68120772b63bf8383271ffe3f601ba0185d1ace408fe38bdb240ab0be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\features\[email protected]

Filesize
10KB

MD5
885ba4bd78e0bde3eb503b4f27a5bf00

SHA1
8362955fb94f9297b7f1d5de4de0a41426d0a2a1

SHA256
1f2687386338ba7820cf342a9a50217d0735a1ff505fac6b1a1b6e4874913630

SHA512
d19ea252d8d2185036ea187b17a3d015cf8dd60c9de90b4859768dc3a03972f79a2e7d44f818108cfbc7ac275c06281bb2f3cac3adf52f7de2b4737841f1eaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\features\[email protected]

Filesize
421KB

MD5
d8abe02a66e4db2014e2cf89855986b1

SHA1
03efc6d7c390c59edd04e2f95f7d4b5a2e0c7ded

SHA256
0e1223d4df3378cdb68e37a9e74a5adeefb6a25506ccd791b9d473a94eefd034

SHA512
67693028ee789c09021ea74920b45ec0b59ebbb139fa4b68f8623f23a61f8e8488bed06ea474786ce78e23e386b48fd78960927b912dc3ccff2e37e35fed4106

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\browser\omni.ja

Filesize
42.2MB

MD5
e7aa0851a05cd29faf3993e1d312537d

SHA1
5c2bcfda4e88a7882547925c7c2ec2f2ba28a000

SHA256
770fc7c15a5fd56e77d86026adb6dd17bb909921478751c21188f1d931a1151d

SHA512
41a9a239554470730363f4f4817717cb1d880ec9837558a5851989126349ed7a2c0f06bb309fa76dc2b55cbb4d23c3e59572261ceba78d25f56e9950dc802c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\defaults\pref\channel-prefs.js

Filesize
427B

MD5
e44234f7fafcd73a246967ed7f4739d1

SHA1
dbac01b22dde7ccbe766be65aaaba5da2f355a59

SHA256
2f068ae56a6150bab6fc576c501ee7a9836475a93ae7b3f4296e9885b743d9ff

SHA512
83540974dba305fba9a75373b028d9aacf953c6de73bc103d87e9550add8b6eb8d49920d37ba236d8c5a8c92f0b3fc4a8de3af5e98023204570fae23f661bebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\dependentlibs.list

Filesize
55B

MD5
a515bc619743c790d426780ed4810105

SHA1
355dab227f0291b2c7f1945478eec7a4248578a0

SHA256
612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

SHA512
48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\firefox.VisualElementsManifest.xml

Filesize
557B

MD5
613815852a622ff9e54d697b9b3d2862

SHA1
a49149260f4e6d09412ce09d5847f15be65f527b

SHA256
dded8c3942e2d8eca65838e55379b1da5765c2dd6183dd5c3530c9976cb25a86

SHA512
64993969eccb8f75496b11cecab6f351a3ac659d8d6906cda2bfec8684b2d0d253f4c1bc23eefbec388939dc9ad0e898bec0a8f3e03c78d1b9c73d714fa5feb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\fonts\TwemojiMozilla.ttf

Filesize
1.4MB

MD5
aac75d901445bc0419d56e56dbc18891

SHA1
3ada434f3a727167ce6dce3b865fa6bfb70ed86f

SHA256
6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e

SHA512
83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\freebl3.dll

Filesize
831KB

MD5
cdb8f5f5d2d696dde99c055ed861872f

SHA1
9517a3797fd837eecdd38ad5e662c553ebf95f99

SHA256
e83fcf634a448961767671f63d67890a6122ff7d62130dfb47d1ed0121f8e48e

SHA512
4c62bf4d410933d8449596c9c6776b2f419950482be39bddcc066daabf7bd8fb9524ea8d85c012591fd52f18b9f4b58494000bdd17989c58fc87aee1ce7f0318

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\gkcodecs.dll

Filesize
9.1MB

MD5
e5a23c9849698ddae4ddafbd46d4af62

SHA1
4ca52fbe590f14dbb40f16acf5865e29022990fe

SHA256
3b9d09e3cddfc1f2b61758f10dca3115aaac4e012f139d694503398e5b091285

SHA512
ab51bbd8e24c95ae4deeb6517961beaee6c866372d36502aba296a1c20dbaec39211cbd950585a38e13d0bf43046be6df0a9d5f8c7f03dae395b28898e5108e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\gmp-clearkey\0.1\clearkey.dll

Filesize
95KB

MD5
b0536f01c56b9595e179a0a37c326f68

SHA1
118aa712fb39efb57bab3e7cc520e901bbcfe662

SHA256
27234c59823f6e409ec04f7bdea285f5219b3ea205acba5869b992f38153c5af

SHA512
9350352fc9e2957bf2a96207deb3e0030113e39d00328350566a83d964181941ce16a14325c547668c073333b63ecb9663ed24e7abdfabbae818a92d79f9c417

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\gmp-clearkey\0.1\manifest.json

Filesize
229B

MD5
cffdadfaeeaaf0a5a78e7f9a299aa7f1

SHA1
7a8f06d7c91877484301ce8474dfbb1bde08a040

SHA256
ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c

SHA512
5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\ipcclientcerts.dll

Filesize
201KB

MD5
2a613dc63bb65a16914790ec35c2f520

SHA1
3f35faad34bc9e1017bd7b00a3e2d394ffcfe4a7

SHA256
641001fbd0a964021ef65e414b8faccbefdfdd93f63b363899b58c630e1ae491

SHA512
f10a66b5ff255434977f383f42ed73c55bc70d6734222640ce0eb59d98b6c4f26422e91dd4782ca82b3595961256f82e4244d1314915513e0639ac61079e1db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\lgpllibs.dll

Filesize
141KB

MD5
7aaf790a8864bd9d6aa09d515f070283

SHA1
e7e011f21a17ea18423eeee8a3ac7cb50fe5404c

SHA256
397d99e0eb0162ff5da24faef642fddf6219302eb9e2aa17ecad298311e9b231

SHA512
ae46d73fe810bd8536602c4b7c978d8b70623c8e6060e6a091876e78c13126ed66cdf002d33fb072597f6495bd496dedcb0bf24db99a161204389d521f1cbc48

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\libEGL.dll

Filesize
36KB

MD5
c5830da3dea817b4f700d737b7509a8d

SHA1
8bf4cc4ae73373b0ddb3e264c3d047bbc3099237

SHA256
ca48d0785665e113ccdfff7cb6c8e2c13b4a1f3ea2602492a21abafe74f82006

SHA512
12248b98a643e5249b612461b39f73e0e5f3a7ca387b76245f9044888c11541a8cea72022b4787933143bb43844f8d746c0a9cecfb767d53e20ecdaedce0c84f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\libGLESv2.dll

Filesize
4.9MB

MD5
8ac1e9c65b349db0e2ead2bdceb25843

SHA1
bf9406fa88b1a37d5e9495c3adf3597bc3d18228

SHA256
be27a2cf84d728ddda746b154b466b7e65cd1a4f0815ce99699065ef655161b4

SHA512
a32ed449c8f69cc463683edb9916790638dfe5af1968a30b42817d54cfd384aeeadaa85f8b5b529f4577c3a619c1d90436c8f08e1e8c798d317db64fcdc19d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\mozavcodec.dll

Filesize
3.3MB

MD5
a936d8698fb8e9210fd2929d06509afc

SHA1
e49c5bbf988e04e43ee17ed12c6f93840eade9b3

SHA256
15d3fb5c6cf23a92ef25fd38f3b6e0610336b447e6845269544b3cbec13e6951

SHA512
f88b2c54ade0108dc2956177667a55324ea48f590454f935d743c18a0528b541d0bc3362a3f9dd51a02e1682e9c6060357fe6dedf75f5afe43ba99ae0b639b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\mozavutil.dll

Filesize
608KB

MD5
c9c8b0c89b0f39e859a85d41354a9f05

SHA1
4ab738be1435dea0e5b2f6ab8e4961c0df25f760

SHA256
af19106da6f86caba5ef0830534339381eea65940f4b1a38ca836d19cef58456

SHA512
33e425683adcbbc9a54d54c1ceb2f70d9c6c401b63c69d52b83d23c127ec933403f53c033c08106baa1cf6abdb6f59f32694d7eb4ad6e3b331441e8241c3163a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\mozglue.dll

Filesize
655KB

MD5
d28a699b48e20cfa173ff50706202ee5

SHA1
80b153bfa42516713e3ab82229e613d4cc12509e

SHA256
e5828116c7229e42e915f5bd018e8efa8c02182d3558c80946c6c4b02eac5064

SHA512
1fd367cdbfed35deac22da4397935f81e3a49f97971c1ebb3ad37646ce8821a728a57a45e2d4ccf26abc1f27aa3a36eaed8976ddcc371a0ce5268a86a4f0e2a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\msvcp140.dll

Filesize
559KB

MD5
c3d497b0afef4bd7e09c7559e1c75b05

SHA1
295998a6455cc230da9517408f59569ea4ed7b02

SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\nmhproxy.exe

Filesize
624KB

MD5
25853c0f60310b95b297ff0305641234

SHA1
74ac33757d885ddbb6f924d08e3171b41ade3cbe

SHA256
cfef9cf7945a477fb08f0e036edc6aed17a342d52e9c2f7f73e41314a0c9b832

SHA512
016d712936e4843f765b7fa82b42e9f72011cf8f6322dbea3423bf892442f6d2767ac4cea2d073a42afb42e8e06862c6e64fc9545e7808f5aa448d514b169d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\notificationserver.dll

Filesize
48KB

MD5
37a482a652fc99bd61a8568444e13ecb

SHA1
48bf5e57aa046455ae73c822c91d75ecc12b50e4

SHA256
21c2d0448ed0395a1555a65233a43c97bf72ea60a5114531d44cc71e2f320122

SHA512
d3764ed4b95d85ea054b42b2f13f6cc49e8d2ec547f589244d523e05e340e9416c199a6d12ec5dc8f8d4a67037f2b27bf694809195e5c1b50f49968f14094df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\nss3.dll

Filesize
2.5MB

MD5
12aa5381da6e36772c4d7616b22b7099

SHA1
740977de31b3b9c65985dbbaa7b5730a690e75be

SHA256
c6d1dfe113d632ca0fdeb482f1038fabf3e49e5bacc7ec57cfdffeef06ab594c

SHA512
f3244c972295b5d617c9f18651275005dc41ca6c0fb23745241325b46378f92b07e0780cff6312f8bcfd12c3563a11a65ddbed3f40b7294e70eb854feee55607

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\nssckbi.dll

Filesize
353KB

MD5
54bc037dbc4cef9803fd6f723d7d4a86

SHA1
4ab3e906859e2bedc0174c46d1b32302de9aac87

SHA256
fb7504ad999576f69c16187f989bf98ebedd430975f249ab7621f9c017dd4799

SHA512
53aafa9563798ecc54ea255d8ddeae11dd7034ef2bfedfab10dbe8d821065139350fffee58e71c70c07e0c2793149d42f4a5245bd204d21348e81f85ce3c7d8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\omni.ja

Filesize
32.1MB

MD5
110edd90e5718092fb5854fce33b65f9

SHA1
12ee165c60e29b648869a0c6238ef095ee14fc2f

SHA256
a086f94bc41bb57f707b66812f65d2850bb5760fa86776bc93541ba52a8f4a5d

SHA512
2291cc3843f3cb166588f8500a1bff5f22a46921fa54c435e5a76c60e4b0c74808ef1ef48f93c84146097dd78c3de194951576e5f40bf55335a579c4b9b655e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\osclientcerts.dll

Filesize
396KB

MD5
dd6a106d47939ce00d9337fa2666d353

SHA1
229f6fff0d42e33b6cf35027a8eaac9fb4ff18f7

SHA256
22ad6e3b47c42e31eaeb184ba5c343f89d30cd389542851a7967acb5d284b493

SHA512
c0a237d4538218e1c12a6db6d2044160fbc5944814748c46640f5fa149d469497ddd8a85f400afdab445613c4e3c029039808affcba8fa02013ee112f5e5b900

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\pingsender.exe

Filesize
69KB

MD5
ba3db805cddc70fe03d152f279a2de41

SHA1
6b462a0bbec61efab8456ac1e1868e891a37ddc4

SHA256
f342d0cb03c4c7ceb5feb9a73a7b0022867fcf10c53295f3a15a541d9d1cff32

SHA512
bcd5840da3c680a64ae92644a47ca7dc093d80e7067f9031f57ee9d02ba34bb62722ab3946eb991657e0010095d18960dcfccca2050ff73c635274ca17ae3c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\platform.ini

Filesize
158B

MD5
e5127931d47d7f2e3d285c40c9ffc679

SHA1
c5def03a5369575a011a2fdbd28baf5d38992e49

SHA256
49eb23e1bb4bad58bba1d87fc78eced1d3aacc50807955dab1cb7e1ecca6236d

SHA512
b537cea1b1f8d0ae8ddd7671593c5506e430d456deda2a5be2639d14152900f573e0556557936eaced8e833cbb8cbfcc73398a1e6ba2f88498429585e12aed47

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\plugin-container.exe

Filesize
293KB

MD5
0ec82a58a03f6a43d1ae3f82e2c3f36a

SHA1
f423d25aaafd0d638dd3cff8c91d27a1313cbe56

SHA256
09618fbe4df88e068d9053250b553b95c8761920e9162ae31126b0c435eba310

SHA512
b96aa45266303f0972b2d94fc6515136794f79aa5f4a359ba1afedef7bf1f4872c2040b11a2508ccaca72a254d8fcd04054daa146db174b20ea5541fc7959977

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\precomplete

Filesize
1KB

MD5
66c8788bda3b85e7c8f037c9942a1168

SHA1
d44cdc07cfa1cb13f8674eac7b9d1e694260413e

SHA256
c30c701e40442526cc5870e31593fc5ca4a30de5d7dd62cbb01217f687262c03

SHA512
e465a0ff6e3c43601d8135555ed417b963e7db2f858487fd00f5bd28a24b715be3a055cc9f8e8b428947f7842a6f32f98f456e131c3473ed1944fc66b23bdbd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\private_browsing.VisualElementsManifest.xml

Filesize
559B

MD5
b499ede5c9228c742578086591193efe

SHA1
18e682ec73ed8fcea99893142fa8b08ee8a32b72

SHA256
9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae

SHA512
b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\private_browsing.exe

Filesize
120KB

MD5
59a90f4be315c54a1595b6e50ca5570b

SHA1
11c70cafd5c4c7f5b926522a5ff0174157480d37

SHA256
7c9bf98309615f930f2fadbf9ab3d591536da3ba7a67ef00c6c48b0352a7ca38

SHA512
725b9c7f2f967ad5fa78a517695d1bf9cf409c376501e4ef98552a7a467b801d2d28de86ae732718bb376eaa9971a00a9919031b0acb7a52c337d179d75da8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\removed-files

Filesize
16B

MD5
fefbfac37461bd30e05f5befaa1f7705

SHA1
74f9024662db06184e645cab76bfecb0e6897545

SHA256
52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f

SHA512
874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\softokn3.dll

Filesize
272KB

MD5
7e03090b53a05560fb694b7e73e44878

SHA1
71b70dd3ff4d25d4db5d6f9790cdecdb500d6cf2

SHA256
232094ddf524db60de868bf3dafccf211be58f88458786daf0ece6b9e9a84577

SHA512
0fc183d8a273b119eefdc5e359c41dea9fcb54521f3638b5d6311169477e6969147508ba7e8bd945b895bba1f5d38084e09e9da26ecff4fea3f1688a6d16c054

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\uninstall\helper.exe

Filesize
1.1MB

MD5
7c7e33dbe6f151507a42ae57cab8f92c

SHA1
b046096d1cd88dd50373b266286f85ee227f1793

SHA256
d3754fd7199da22685b518c26369d9e2598a8ceb1451c1e0be9cbc3a98bd02e0

SHA512
2bb1db2ee29be8243c68526acdd40f8b624f791702170964723170be6d318474ba2c1cf2813bbfebf851dcd918aa4d38c133d453b5a8058206482f93d094fd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\update-settings.ini

Filesize
109B

MD5
b23537f22e0cca13ff93047b685ff046

SHA1
ec77701e8c49c1ab48256b93fe7504fb40b408e6

SHA256
e337a87d021fc25ac78f39d93fef709e51ca269c6e10d4d5c61b29b099f3b7d5

SHA512
9e8a86d70bbe4948290f3405d6f043f2d2baae0ec94dcdc759eae69f19bd6e0221405e43552c3da9a44b101e30c1a01fb2ef4288a386f234a9f73e8043f09735

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\updater.exe

Filesize
412KB

MD5
5fae3647dd26e9138c037ad23319b4df

SHA1
ada92b591d4cbc9b86a87418081b4d95cc5c78aa

SHA256
cf2cb29871839c6d6516a2d482b8a98cc86bf5c3875d8a164fd870dbc2199fa2

SHA512
f1cb76ea69ae380c6e3c84fa546d023efb9f378c98d2109936eb862c0210e098477d87bff6ab327047394c24a317bef6aa9730e3ec86c49f966b2f1c6c167cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\updater.ini

Filesize
1KB

MD5
083c9abab084d134f8944451f1da10d2

SHA1
9cba8cd5d6085609b4d4de36720dfe20ab411c03

SHA256
0b135de7f379818ec55062dc000ef8204f628666e8a74549453e4e5541be90dc

SHA512
1b1a2dbf55f83ff85997f3d06eb290aacef8d570624d061fbf98f39b22792b85d35837fd0c4e2ee7015db4272d058e4cfda81884813aadc6be4201433842c814

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\vcruntime140.dll

Filesize
116KB

MD5
e9b690fbe5c4b96871214379659dd928

SHA1
c199a4beac341abc218257080b741ada0fadecaf

SHA256
a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

SHA512
00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\vcruntime140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\core\zen.exe

Filesize
961KB

MD5
476f6727fe11d249c5fcdf4fa28a74ac

SHA1
eecff2da32bd9f897c1e51a693ffc13c0ce63cbd

SHA256
2cea4ede340af90ace6f7ad569170a3741bb18f22b9c9c306cab37397f74144a

SHA512
8f59644d006d934d98c654b1186da8427560971f72eefc6bc9e1ffe9fca191688ce848247acb5c63c87b8280ae094e8c7769f8ce5949627f38665e3d354b6317

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8F26BE67\setup.exe

Filesize
877KB

MD5
89f847904d9fb3d91bd447af1a2e8355

SHA1
381a652bbced9419f27c7f7b20c218a3ae45818f

SHA256
5f1f12e29d11e3cf3eee91c775743cbe8e73cad8390f380f13cfa1ce0dd28940

SHA512
bf94b8065fbc14acc98b5c8a60e12f5432f5182731e0676639c79b0e793e7f1d64dc26687fbaff0e50c627238753e66c264768ad6a48dec1de56c7da86085790

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\InstallOptions.dll

Filesize
25KB

MD5
fd249bc508706f04a18e0bc0afddec82

SHA1
b94efda9f41c89fc6120ed385867125d03f28bea

SHA256
c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad

SHA512
c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\components.ini

Filesize
618B

MD5
84a3e5b1bf9be8aba32bb194acab2175

SHA1
af004c132d752f354b2a2a897677798df223c61e

SHA256
0a822d68634231271022ecd33a4bbc56cb5f4b972c095f9e818d313d98e8b8e0

SHA512
d2bbec3a68f9f11705a5ffff02472682ecdd6df86e615ba02707635e903ec1462b98c5517511c92217da921349623bdb90a8aa4cafe4b0996b7d9cbdac131e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\extensions.ini

Filesize
44B

MD5
c9b5d86a9a0f014293b24a0922837564

SHA1
3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a

SHA256
775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4

SHA512
790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\extensions.ini

Filesize
630B

MD5
940e15a3691292c513f015e351f33072

SHA1
0545d9d43b188182988195db8a01fcd3ff43afc4

SHA256
0723b5d0c55354754b2084b712854c39ca089b1d883de067ac3c20935808397d

SHA512
cab225845a6ad929b643f3c6f8e9f1b8d0e7f0b19ca7ddaeb6350c508e9d21294749077ab3d041facca1d41578b2434f0faa37a5bb64f1ab1ddadda0edce4b75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\ioSpecial.ini

Filesize
1KB

MD5
433591b4aa8e9337d6de7c6cf0b75b7a

SHA1
98bd2f2e41e0a2618ddf0cd2a9f732f9081cdd29

SHA256
eea1d0c1f0a48276d5bd7dcc90567730ae0c16b5ef5cd52af3e821e991a7cd0f

SHA512
7f9427c12b29a330deeb742a67478a639635b116b7127f7c7b528115b3c6ecf8ab0a5bf4c5d61594f187fe86f85bce453f3580706ac043383668016e44d2fd32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\modern-wizard.bmp

Filesize
150KB

MD5
b06b4bea1bfb48f82f1aee9a92535e5c

SHA1
bfa10ba432b8267bd5ae2c9d59ff44c9e748010e

SHA256
b1805e4132a0dc5ded71b822f6662530ab1965f997f91398e984db3240ee4b82

SHA512
b36a83b73a70ebebbcb9b9b53c412fc8ac58e317b8ee33702ca9c63811699e29f850b14979b0a832db67470f25f0cafb17fc1eda07e6a85b7f0904ecc0dd6318

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\options.ini

Filesize
1KB

MD5
6b51bb7519d81bc38bc25bbef96e0c4c

SHA1
1c1f7a44c329fb685da31273fba99b61b53c61d1

SHA256
f1b25b2125143618d78b746bbfabaeb5106ee8be568c00d03a5e215fce222726

SHA512
60a69fe32750632b329a2d8256d1ee048e664aaf8e9849f721d44719fbfe5c458bac036df0e3ed9b99405c5ce2df8ac7fcaa86919b5621f1a2a310f5042b812c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk8751.tmp\shortcuts.ini

Filesize
882B

MD5
316adf6c53592145a711fa70442c1a7b

SHA1
ccfffc8f7d5ee75812709999b88d44cea0b91e6f

SHA256
615d0101cc4777cbef62abebc77d7adfc8be77484c11ea9448b3b95e72faa05f

SHA512
f0470b6be98085bd005844deb695bf2a174fc6dcea0b5da89177106203de3da0fb7936030ce56cd528bdf7ba00fcc432f128667f78aec6d69932733d05a4b81f

Download Submit
memory/760-358-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/760-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download