3db2c1f543f255d87c37c3faa0dc3c4e20e0e939a20c58db4efad1bab9b55e9a

Analysis

max time kernel
140s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zen.win-specific\zen\private_browsing.exe
Size

130KB
MD5

cd54ffb591d100f72f53a02e1b79530a
SHA1

9cd1b2e34237d3ad8e1e46d5a5d7ff77fd82000a
SHA256

dcd141979e1815996faf7fdcfc76e4b3ab821e8c7bdacfb4aaac7d5ae21c6284
SHA512

f648c83c58f0d72969abcb205be12fb7797b6abe74944c457b2413477e8330153c04d7c0cb84c8bce53f00c3b009513f14b8be703b7bf95056a79578a748d4bd
SSDEEP

768:FbVBx0z1hspNjEcdVVmPUQY+uXiXSdr2YoPSC3SVz2FygIXdb2GLyGheSoQuGQz:FXx05omEfm2ZnoaC3m+ub2GLTkL7Pz

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

zen.exezen.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	zen.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	zen.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	zen.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

zen.exe

description	pid	process
Token: SeDebugPrivilege	1568	zen.exe
Token: SeDebugPrivilege	1568	zen.exe
Token: SeDebugPrivilege	1568	zen.exe
Token: SeDebugPrivilege	1568	zen.exe
Token: SeDebugPrivilege	1568	zen.exe

Suspicious use of FindShellTrayWindow 22 IoCs

Processes:

zen.exe

pid	process
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

zen.exe

pid	process
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe
1568	zen.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

zen.exe

pid process

1568 zen.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

private_browsing.exezen.exezen.exe

description	pid	process	target process
PID 4968 wrote to memory of 4820	4968	private_browsing.exe	zen.exe
PID 4968 wrote to memory of 4820	4968	private_browsing.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 4820 wrote to memory of 1568	4820	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 1504	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 4652	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 4652	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 4652	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 4652	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 4652	1568	zen.exe	zen.exe
PID 1568 wrote to memory of 4652	1568	zen.exe	zen.exe

C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\private_browsing.exe
"C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\private_browsing.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
  "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -private-window
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
    C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe -private-window
    3⤵
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=2416 -parentBuildID 20240923000110 -prefsHandle 2352 -prefMapHandle 2344 -prefsLen 22834 -prefMapSize 261553 -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {79e702c1-a3ff-40da-b95f-c1d07070de59} 1568 gpu
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=2704 -parentBuildID 20240923000110 -prefsHandle 2696 -prefMapHandle 2692 -prefsLen 22834 -prefMapSize 261553 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {28ff3f64-61a6-43ad-9063-59ab91ce0ae1} 1568 socket
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=1860 -childID 1 -isForBrowser -prefsHandle 3624 -prefMapHandle 3616 -prefsLen 23100 -prefMapSize 261553 -jsInitHandle 1308 -jsInitLen 234840 -parentBuildID 20240923000110 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {b039d278-e755-455a-a0c0-a1b70d6a4124} 1568 tab
      4⤵
      PID:572
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=3632 -childID 2 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 23982 -prefMapSize 261553 -jsInitHandle 1308 -jsInitLen 234840 -parentBuildID 20240923000110 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {ae5a4049-416f-48a0-8867-54833735423e} 1568 tab
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=4344 -childID 3 -isForBrowser -prefsHandle 4408 -prefMapHandle 4404 -prefsLen 24843 -prefMapSize 261553 -jsInitHandle 1308 -jsInitLen 234840 -parentBuildID 20240923000110 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {4b6ae903-23f4-4bc7-9bf9-20ed5c178e21} 1568 tab
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=5104 -parentBuildID 20240923000110 -prefsHandle 5268 -prefMapHandle 5264 -prefsLen 33605 -prefMapSize 261553 -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {cb37cf5a-b537-4703-82d9-4f6837e9f38e} 1568 rdd
      4⤵
      PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=3396 -parentBuildID 20240923000110 -sandboxingKind 0 -prefsHandle 1340 -prefMapHandle 5100 -prefsLen 33605 -prefMapSize 261553 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {93b6d7eb-ce07-42c7-90f9-01ca1989e987} 1568 utility
      4⤵
      Checks processor information in registry
      PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=5224 -childID 4 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 31965 -prefMapSize 261553 -jsInitHandle 1308 -jsInitLen 234840 -parentBuildID 20240923000110 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {0dc5a4ec-ccc5-4353-b0eb-f0a24bbbf28e} 1568 tab
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5504 -prefsLen 31965 -prefMapSize 261553 -jsInitHandle 1308 -jsInitLen 234840 -parentBuildID 20240923000110 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {87e4705c-7774-4b13-a8f3-4641c4314ede} 1568 tab
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe
      "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\zen.exe" -contentproc --channel=5884 -childID 6 -isForBrowser -prefsHandle 5876 -prefMapHandle 5520 -prefsLen 31965 -prefMapSize 261553 -jsInitHandle 1308 -jsInitLen 234840 -parentBuildID 20240923000110 -win32kLockedDown -appDir "C:\Users\Admin\AppData\Local\Temp\zen.win-specific\zen\browser" - {683b14ad-404a-46b2-aaa8-d5da434b9ff7} 1568 tab
      4⤵
      PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4076,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:8
1⤵
PID:5548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\DADAA9A560B29076\update-config.json

Filesize
78B

MD5
fe74f5c38f433736ee7015868cfb159e

SHA1
f723b0032565fb3007407201963f7bb762bdd981

SHA256
3f7b3252ef3b6217ad78adb7007738601ce1eebca69f55990b64bf254bd4fc63

SHA512
19fe20baff40c195955a921ee2fe1927d00da14e0ed3eb683e5f6f026353bfcd5322a1d2399b8977bdf97bb23dfd6cc811c9a9494f019b6e404aff477316cafd

Download Submit
C:\Users\Admin\AppData\Local\Temp\33d4fc43-914f-44df-9503-7d1d7222fc3d.zip

Filesize
3.6MB

MD5
8c4f4ff165b4535a06cb7a928ca6cf34

SHA1
ca0a37c1854fb04b473f66be56257e5f50e14e59

SHA256
bd5a910a6c98747e2ae5149c77e9f5c8e38faf6a6cbf023bbc79f7aba1c8e81a

SHA512
f61c575fff575b3977a70529fac107037c092815b9bb78be6ef3a6e6a1bc2840595cebc77f6146a0d6f40eaa27cdbe26d8f21e202b889ef3bccf26893cbee23e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
13.8MB

MD5
3db950b4014a955d2142621aaeecd826

SHA1
c2b728b05bc34b43d82379ac4ce6bdae77d27c51

SHA256
567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

SHA512
03105dcf804e4713b6ed7c281ad0343ac6d6eb2aed57a897c6a09515a8c7f3e06b344563e224365dc9159cfd8ed3ef665d6aec18cc07aaad66eed0dc4957dde3

Download Submit
C:\Users\Admin\AppData\Local\zen\Profiles\cpynh2up.Default (alpha)\cache2\entries\B274976F35E1A3D756D5CEC45FE57E2BEF822C3D

Filesize
13KB

MD5
b96e55fd4ccab3a05503e1884c5c7020

SHA1
76099783b946d972e7650af98968485a39fa946c

SHA256
e0d973ae04238ba9c1a2dc014daf5c462596914f8b8abf2c642c095f28cd7f70

SHA512
e523d008a94c3461c4c37ae202a0f5f324a47b61dc8776ad1648b6c251cb8e4c72deb265c14a2ac07c82bbbdee8a069ce71e87ee1febd970391823cc3f4d4e07

Download Submit
C:\Users\Admin\AppData\Local\zen\Profiles\cpynh2up.Default (alpha)\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\addons.json

Filesize
24B

MD5
3088f0272d29faa42ed452c5e8120b08

SHA1
c72aa542ef60afa3df5dfe1f9fcc06c0b135be23

SHA256
d587cec944023447dc91bc5f71e2291711ba5add337464837909a26f34bc5a06

SHA512
b662414edd6def8589304904263584847586ecca0b0e6296fb3adb2192d92fb48697c99bd27c4375d192150e3f99102702af2391117fff50a9763c74c193d798

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\extensions.json

Filesize
13KB

MD5
9a0df5b0e265cfd354278bb9a9679fb8

SHA1
007c674791e072c6eb4a4559d02172cff7ff7ba0

SHA256
c6dfc04571878be1c441194ad8d53f8c318c9462249b82401486b531cc28bc7f

SHA512
349b326be4be5ecf87bc580cc10bb8b383f5d7fcd70285396fde3aeb35c36cc2a5aa1ad3169df0958ab7613c6874c22fe51c95866698135796b6fe55853a0fe6

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\gmp-widevinecdm\4.10.2830.0\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\gmp-widevinecdm\4.10.2830.0\widevinecdm.dll

Filesize
18.3MB

MD5
9d76604a452d6fdad3cdad64dbdd68a1

SHA1
dc7e98ad3cf8d7be84f6b3074158b7196356675b

SHA256
eb98fa2cfe142976b33fc3e15cf38a391f079e01cf61a82577b15107a98dea02

SHA512
edd0c26c0b1323344eb89f315876e9deb460817fc7c52faedadad34732797dad0d73906f63f832e7c877a37db4b2907c071748edfad81ea4009685385e9e9137

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\prefs-1.js

Filesize
13KB

MD5
13e727e1255666717bead5be8cf3f6bd

SHA1
55a10f1987cddf001d601c701d37dfdc20ba756a

SHA256
29cec0fd49760d35773d9d4ce607ca4ecd36ec3c4b1b80c0dc1ea0d933269e8e

SHA512
26e08d1f05ff4e61f12df9736cc6aaa7dcb3b10cc681788463895c11624aecfb71033012571d748466506dbc172bb856c73351371edc7a00a2295f4ead54b387

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\prefs-1.js

Filesize
8KB

MD5
9f11aec61ae8778267949b6e53e5eb94

SHA1
4ce5373760fc30bb0abc883913ad0879bad0e3dc

SHA256
0e60227a6562555f2be397c0eef7800e940a4d3b1a3fad68733e551e213da39c

SHA512
c2e8c7e2dddef9433f307e4bdc5c66e24842efc5946a3eb51dd6650a80b63b8d10c42e2fe773c0c1a4063dbe227c7004f3efee19267965e24358ce637682c796

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\prefs-1.js

Filesize
12KB

MD5
7321d361e8727aa7cbe461d535319d40

SHA1
82b333774300e1ca96a17b094e6936d42a4ad054

SHA256
225a5f00f39390abbface36f6ef74f14e1ff4c17fb6f1e82e9a667dafb7f551c

SHA512
38c074e7f90ab2c322cdf7e334c2c9fddbd62874582edc2823bd20f72b6f9d596969f240c979cacc8abe43bf20a83b17c8be1f0f9db72b1bbc07b9bef1375154

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\prefs-1.js

Filesize
7KB

MD5
fe2c039f596765d5a8df56c2acfcc665

SHA1
345cf4082d5d7c7b9b81fed522319da69e4356fc

SHA256
24d77a5e69319ab7bb351115ae6b28a0bb98b65cf01b53e84c0698ab7be093c3

SHA512
6d09e131a10656aceb34474125b20647b3e3188e9b3096397d943961d8409cfa5fdb9b2a812b844b3d037ea157e8c6745ff830c4a2d58b4356eb4d84cfdd72a6

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\prefs.js

Filesize
2KB

MD5
cffe79140b29b2ab91cf166dd27ac7c2

SHA1
4627cb68353fbdd9e7de2e5d2220456e21fbba04

SHA256
fb61b62dc6e031222d624d64409a5facb5129a8445d7716e51bd2732db295b12

SHA512
e0c7d7fcd8b8f4011b305b66a45e1d58ea46cdff70228831cf082f95db89e3a5402fef4e28aa491cff8418d9a140b41baf1ab70bdf80c01ba87d39dde2680a0b

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\prefs.js

Filesize
6KB

MD5
379ff388ab2fcd36b5187bd35c39c7cb

SHA1
840e317275db54ec5b8b800920f15817bafe3779

SHA256
9a93487a1c886542e492085b645d117bea3b2ab825e2e179a811adefef257085

SHA512
c4c3ea1c96ed160c45a7eaff2753772322b96f1c95970be21c8e2bdcecde1d3369aafc73efb591fa4ae739d0413535e70295066efc8176c0609a7159f14aa1e1

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\security_state\crlite.filter

Filesize
18.2MB

MD5
79414b05b2f67d41af795253c18ac754

SHA1
5caa7e21ab9b844a6af11f817a186b0c6646a416

SHA256
d8fa521a35065219361bf3915c12aa5d82f841d1a2927be6098260902f186ab4

SHA512
e6eff7792bc5bda5636e72ca991e5447791c557e62dbd8726b219e8108bb82f2642d61b3a62961be7ad1dabd2a95b0ad02d4512194339836243b9256e2c52095

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\security_state\crlite.stash

Filesize
2.6MB

MD5
0dafb5bd73028ad41d1cf3086a27d4ae

SHA1
19512a4097e9a3a49e8425b66a4ff6c7e56ec03a

SHA256
e9b66cfeddded006ec1c1bf7aa3850bf2bf0ae6c2d65aa447a7417d30f5b8a76

SHA512
6df5a3e8214de1a113354eeec8855d767b83f1d7a9cf5a41ca5ef02ce475312f842091abf268bd4209f48cba976c077e0aa9a295494ecc1a47ec57acc32af4e1

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\security_state\data.safe.tmp

Filesize
233KB

MD5
1d41384d13f3903b019a642b8641d545

SHA1
58fba36e2d6776bf619933a2bd798fbcdf03de96

SHA256
3eeb6bccb4f67484b161528eac9f7f8c41979b09d7e12550a5f9f8584f0be4f2

SHA512
662a30aeb2537f67750f1a8b46b2faacefce8770c0b7efb85ec886d9d64ead49400ec31c13f95cb2d181c2fb931c1a3589c81c90a0ff97ac6e511ce100fb4976

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\sessionstore-backups\recovery.baklz4

Filesize
186B

MD5
71c062ba143fff28feacfea2d200859e

SHA1
04c8dec95a788f52b48db38566285c56c8bfbf55

SHA256
087ffcefdc2961241436cbd712e792470433825188c34c2c049026a0259879f3

SHA512
db7fe675fbc4e2fb5c9ab0930fab534ff383b57c40e9baa118390905fd3c85c9e431489a6762b3a9e2cab3a8fea071340061f6967532c03e5f758321f900dd19

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\sessionstore-backups\recovery.baklz4

Filesize
185B

MD5
138aef8d02f73aa4a0881205a5fc5630

SHA1
aa741e3e9cedea15672c3915f0f9019bc3ad9cf5

SHA256
8cffd802e570919992f071ba43e2d4ad3d410bf470cf09c20b48fdbbf09b2f35

SHA512
8335273eb2676082bd67832e0a35bfe655f01d6eddf0f9468109859056130c24e1c8e82a175bc32e3038f3c00053ca515809dfb2c7001364688545bbfecb4205

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite

Filesize
48KB

MD5
46d38b8d633a312dc8f7da2ff03cb4e6

SHA1
96caa0d6bd466ab204942127fbf2c34f5a1d35a8

SHA256
86bd5289041bfd90a80681e0b4639289bbcb5b7207873d4fd1b79a8b98c5b20c

SHA512
a7d7c74125c0065ed55b7b0be3d203527eef3fa680a5938632601be37620c799fd6537aacc769ce166d9a3ebe43669451e725465ea0a0adffcad4fed7e6d97c6

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
728KB

MD5
68b1cce92fe293c8c6dea66f54806584

SHA1
ceeedf1a13c4beb053c38ee2c9158106ee514d56

SHA256
de2f319cbedad495fac777d484c5a6eb1ad696509f5ea24e8556bbd65d5e74d5

SHA512
237e3717039782a16f04e03f65951436d034c12fdce3f361ecd79319572fecc159d035fc81abc9b3a3b89249d7d798153fcf381a38f638be177e406daf3be4fc

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\cpynh2up.Default (alpha)\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
728KB

MD5
8cac90e81a0e3fce1098503b5a4114eb

SHA1
fd52b4e2d392f0615c6539b15be95f0a5aad2b56

SHA256
a9c3743284c8cc949a1255e35bca8435e609eea8cf0c2e93d281e18229fa47a1

SHA512
d4f7747fea6a11ce2578e94e55989deef1d3bde82fffeec8f25fa55c33e29f0e68ef3dfdaa67b32d731a47c0468a6b4ef36d93f0fbcf3af571936fecd244ade2

Download Submit
memory/1568-5-0x00007FFE0EF00000-0x00007FFE0FF00000-memory.dmp

Filesize
16.0MB

Download
memory/1568-9593-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-735-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-7643-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9588-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9591-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9592-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-2497-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9599-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-361-0x00000227D7CA0000-0x00000227D7CB0000-memory.dmp

Filesize
64KB

Download
memory/1568-9611-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-493-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9644-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-518-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9657-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download
memory/1568-9661-0x00000227C7940000-0x00000227C7A01000-memory.dmp

Filesize
772KB

Download