63489508238e2a85d250df003a630ecb2fbc201f56f5cf5311bd88b9eab50f62

Analysis

max time kernel
79s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zen.installer.exe
Size

63.9MB
MD5

721941ddad5cfad76281f8659b5223d1
SHA1

28730badf1425c5eb58375ac196a15836cccc2ac
SHA256

63489508238e2a85d250df003a630ecb2fbc201f56f5cf5311bd88b9eab50f62
SHA512

57bd878ebf48e308df6fb980fe4b5667a533e4660e29c101d0e24abc682a2dbaa1f04ecca1818c0676ae05c0afb610a82e02e9d829cce8949ba312272fa12541
SSDEEP

1572864:Ng4brSAkvbycK5MOMDMnZQinqxlUv9zmP22MAEYQmQiXcws4:d/FkvucKaOM4ZTnqxav98TWmQgcws4

Score

5^/10

discovery evasion persistence privilege_escalation trojan upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation	zen.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/memory/3068-0-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral3/memory/3068-453-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files\Zen Browser\install.log	setup.exe
File created	C:\Program Files\Zen Browser\AccessibleMarshal.dll	setup.exe
File created	C:\Program Files\Zen Browser\mozglue.dll	setup.exe
File created	C:\Program Files\Zen Browser\msvcp140.dll	setup.exe
File created	C:\Program Files\Zen Browser\notificationserver.dll	setup.exe
File created	C:\Program Files\Zen Browser\pingsender.exe	setup.exe
File opened for modification	C:\Program Files\Zen Browser\nsx8971.tmp\	setup.exe
File created	C:\Program Files\Zen Browser\private_browsing.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files\Zen Browser\browser\features\[email protected]	setup.exe
File created	C:\Program Files\Zen Browser\libGLESv2.dll	setup.exe
File created	C:\Program Files\Zen Browser\uninstall\uninstall.log	setup.exe
File created	C:\Program Files\Zen Browser\freebl3.dll	setup.exe
File created	C:\Program Files\Zen Browser\gkcodecs.dll	setup.exe
File created	C:\Program Files\Zen Browser\lgpllibs.dll	setup.exe
File created	C:\Program Files\Zen Browser\precomplete	setup.exe
File created	C:\Program Files\Zen Browser\private_browsing.exe	setup.exe
File created	C:\Program Files\Zen Browser\vcruntime140_1.dll	setup.exe
File opened for modification	C:\Program Files\Zen Browser\nsm8982.tmp	setup.exe
File created	C:\Program Files\Zen Browser\browser\VisualElements\PrivateBrowsing_150.png	setup.exe
File created	C:\Program Files\Zen Browser\uninstall\helper.exe	setup.exe
File created	C:\Program Files\Zen Browser\browser\features\[email protected]	setup.exe
File created	C:\Program Files\Zen Browser\browser\features\[email protected]	setup.exe
File created	C:\Program Files\Zen Browser\vcruntime140.dll	setup.exe
File created	C:\Program Files\Zen Browser\omni.ja	setup.exe
File created	C:\Program Files\Zen Browser\plugin-container.exe	setup.exe
File created	C:\Program Files\Zen Browser\removed-files	setup.exe
File created	C:\Program Files\Zen Browser\update-settings.ini	setup.exe
File created	C:\Program Files\Zen Browser\updater.ini	setup.exe
File created	C:\Program Files\Zen Browser\xul.dll	setup.exe
File created	C:\Program Files\Zen Browser\browser\VisualElements\VisualElements_70.png	setup.exe
File created	C:\Program Files\Zen Browser\libEGL.dll	setup.exe
File opened for modification	C:\Program Files\Zen Browser\uninstall\shortcuts_log.ini	setup.exe
File created	C:\Program Files\Zen Browser\uninstall\shortcuts_log.ini	setup.exe
File created	C:\Program Files\Zen Browser\firefox.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files\Zen Browser\gmp-clearkey\0.1\manifest.json	setup.exe
File created	C:\Program Files\Zen Browser\browser\omni.ja	setup.exe
File opened for modification	C:\Program Files\Zen Browser\AccessibleMarshal.dll	setup.exe
File opened for modification	C:\Program Files\Zen Browser\nsm8981.tmp	setup.exe
File created	C:\Program Files\Zen Browser\updater.exe	setup.exe
File created	C:\Program Files\Zen Browser\installation_telemetry.json	setup.exe
File opened for modification	C:\Program Files\Zen Browser\nsx8971.tmp	setup.exe
File created	C:\Program Files\Zen Browser\browser\features\[email protected]	setup.exe
File created	C:\Program Files\Zen Browser\softokn3.dll	setup.exe
File created	C:\Program Files\Zen Browser\ipcclientcerts.dll	setup.exe
File created	C:\Program Files\Zen Browser\mozavutil.dll	setup.exe
File created	C:\Program Files\Zen Browser\osclientcerts.dll	setup.exe
File created	C:\Program Files\Zen Browser\application.ini	setup.exe
File created	C:\Program Files\Zen Browser\mozavcodec.dll	setup.exe
File created	C:\Program Files\Zen Browser\nss3.dll	setup.exe
File created	C:\Program Files\Zen Browser\browser\VisualElements\VisualElements_150.png	setup.exe
File opened for modification	C:\Program Files\Zen Browser\nsm8981.tmp\	setup.exe
File created	C:\Program Files\Zen Browser\nmhproxy.exe	setup.exe
File opened for modification	C:\Program Files\Zen Browser\nsm8982.tmp\	setup.exe
File created	C:\Program Files\Zen Browser\browser\VisualElements\PrivateBrowsing_70.png	setup.exe
File created	C:\Program Files\Zen Browser\defaults\pref\channel-prefs.js	setup.exe
File created	C:\Program Files\Zen Browser\dependentlibs.list	setup.exe
File created	C:\Program Files\Zen Browser\gmp-clearkey\0.1\clearkey.dll	setup.exe
File created	C:\Program Files\Zen Browser\fonts\TwemojiMozilla.ttf	setup.exe
File opened for modification	C:\Program Files\Zen Browser\	setup.exe
File created	C:\Program Files\Zen Browser\browser\features\[email protected]	setup.exe
File created	C:\Program Files\Zen Browser\platform.ini	setup.exe
File created	C:\Program Files\Zen Browser\zen.exe	setup.exe
File created	C:\Program Files\Zen Browser\nssckbi.dll	setup.exe

Executes dropped EXE 18 IoCs

pid	Process
1344	setup.exe
452	zen.exe
4876	zen.exe
2948	zen.exe
1400	zen.exe
2260	zen.exe
4820	zen.exe
4172	zen.exe
1536	zen.exe
5164	zen.exe
5296	zen.exe
5396	zen.exe
5496	zen.exe
5524	zen.exe
5984	zen.exe
5240	zen.exe
5404	zen.exe
2236	zen.exe

Loads dropped DLL 64 IoCs

pid	Process
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
2432	regsvr32.exe
2432	regsvr32.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
452	zen.exe
452	zen.exe
452	zen.exe
452	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
4876	zen.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
1344	setup.exe
2948	zen.exe
2948	zen.exe
2948	zen.exe
2948	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1344	setup.exe
2260	zen.exe
2260	zen.exe
2260	zen.exe
2260	zen.exe
2260	zen.exe
4820	zen.exe
4820	zen.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	zen.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	zen.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	zen.installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	zen.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	zen.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	zen.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	zen.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\Colors	zen.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\Colors	zen.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\FirefoxPDF-F0DC299D809B9700\ = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.oga	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.rdf	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\FriendlyTypeName = "Firefox URL"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\shell\open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.opus	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppUserModelId\ZenToast-F0DC299D809B9700	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\FirefoxPDF-F0DC299D809B9700\shell\open\ddeexec	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\EditFlags = "2"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.xml	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-F0DC299D809B9700\shell\open\ddeexec	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\shell\open\command\ = "\"C:\\Program Files\\Zen Browser\\zen.exe\" -osint -url \"%1\""	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "PSFactoryBuffer"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\FirefoxPDF-F0DC299D809B9700\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\ = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell\ = "open"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-F0DC299D809B9700\shell\open	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\shell\ = "open"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.mp3	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\ZenToast-F0DC299D809B9700\IconUri = "C:\\Program Files\\Zen Browser\\browser\\VisualElements\\VisualElements_70.png"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell\open\command\ = "\"C:\\Program Files\\Zen Browser\\zen.exe\" -osint -url \"%1\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.m4a	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Interface	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods\ = "8"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\FirefoxPDF-F0DC299D809B9700\shell\open\command\ = "\"C:\\Program Files\\Zen Browser\\zen.exe\" -osint -url \"%1\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-F0DC299D809B9700\FriendlyTypeName = "Firefox HTML Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-F0DC299D809B9700\DefaultIcon\ = "C:\\Program Files\\Zen Browser\\zen.exe,1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.pdf	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\EditFlags = "2"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-F0DC299D809B9700\shell\open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.ico	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Program Files\\Zen Browser\\AccessibleMarshal.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\FirefoxPDF-F0DC299D809B9700\EditFlags = "2"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.ogg	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.xhtml	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70984F5A-890A-4780-9244-178AD352E267}\InProcServer32\ = "C:\\Program Files\\Zen Browser\\notificationserver.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\zen.exe\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.gif	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.jpeg	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-F0DC299D809B9700\DefaultIcon\ = "C:\\Program Files\\Zen Browser\\zen.exe,1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\DefaultIcon\ = "C:\\Program Files\\Zen Browser\\zen.exe,1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.html	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-F0DC299D809B9700\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.flac	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.pjpeg	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.xht	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.jpg	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.ogv	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\zen.exe\SupportedTypes\.webp	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}	regsvr32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1400	zen.exe
Token: SeDebugPrivilege	1400	zen.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
1344	setup.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe
1400	zen.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1400	zen.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1344	3068	zen.installer.exe	90
PID 3068 wrote to memory of 1344	3068	zen.installer.exe	90
PID 3068 wrote to memory of 1344	3068	zen.installer.exe	90
PID 1344 wrote to memory of 2432	1344	setup.exe	98
PID 1344 wrote to memory of 2432	1344	setup.exe	98
PID 1344 wrote to memory of 452	1344	setup.exe	100
PID 1344 wrote to memory of 452	1344	setup.exe	100
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 452 wrote to memory of 4876	452	zen.exe	101
PID 1344 wrote to memory of 2948	1344	setup.exe	102
PID 1344 wrote to memory of 2948	1344	setup.exe	102
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 2948 wrote to memory of 1400	2948	zen.exe	103
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104
PID 1400 wrote to memory of 2260	1400	zen.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\zen.installer.exe
"C:\Users\Admin\AppData\Local\Temp\zen.installer.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\setup.exe
  .\setup.exe
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Zen Browser\AccessibleMarshal.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:2432
- - C:\Program Files\Zen Browser\zen.exe
    "C:\Program Files\Zen Browser\zen.exe" --backgroundtask install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:452
  - - C:\Program Files\Zen Browser\zen.exe
      "C:\Program Files\Zen Browser\zen.exe" --backgroundtask install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Modifies Control Panel
      PID:4876
- - C:\Program Files\Zen Browser\zen.exe
    "C:\Program Files\Zen Browser\zen.exe" -first-startup
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Program Files\Zen Browser\zen.exe
      "C:\Program Files\Zen Browser\zen.exe" -first-startup
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Modifies Control Panel
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1400
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=2408 -parentBuildID 20240930174542 -prefsHandle 2376 -prefMapHandle 2368 -prefsLen 22834 -prefMapSize 261716 -appDir "C:\Program Files\Zen Browser\browser" - {9c5724fa-dc1c-4ab2-9440-5f28e0061233} 1400 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2260
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=2752 -parentBuildID 20240930174542 -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 22834 -prefMapSize 261716 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {70c9328c-e078-46b7-afc1-81bc3d5ca8bc} 1400 socket
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4820
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=1900 -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23099 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {bb32730e-8de3-45fd-b4ef-2148e03c1d56} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:4172
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=3604 -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 23898 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {2bd98cd7-2046-4e3c-944d-06a6b8c3b686} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:1536
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=4496 -childID 3 -isForBrowser -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 24195 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {51556b35-cd71-4f1b-9f2e-944c2d1d1419} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:5164
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=4696 -parentBuildID 20240930174542 -prefsHandle 4688 -prefMapHandle 4700 -prefsLen 25332 -prefMapSize 261716 -appDir "C:\Program Files\Zen Browser\browser" - {e955eb02-076b-44aa-90e4-a1a096005830} 1400 rdd
        5⤵
        Executes dropped EXE
        
        PID:5296
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=4856 -childID 4 -isForBrowser -prefsHandle 4848 -prefMapHandle 4668 -prefsLen 24195 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {f9afd692-1e69-4c30-a7a6-27bc21ffc110} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:5396
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=3940 -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26500 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {b33573de-a88a-4192-b656-01bc96444a09} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:5496
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=5856 -parentBuildID 20240930174542 -sandboxingKind 0 -prefsHandle 5708 -prefMapHandle 5724 -prefsLen 32908 -prefMapSize 261716 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {dd07d874-52d4-4c15-990f-5a3e1841bdf4} 1400 utility
        5⤵
        Executes dropped EXE
        Checks processor information in registry
        
        PID:5524
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=1940 -childID 6 -isForBrowser -prefsHandle 5700 -prefMapHandle 5696 -prefsLen 31270 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {6bda3a55-a113-495d-a698-266c13e2e46a} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:5984
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=3548 -childID 7 -isForBrowser -prefsHandle 3496 -prefMapHandle 3492 -prefsLen 31300 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {945d3ffa-1f1d-4c58-9dbe-d09064776061} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:5240
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=2084 -childID 8 -isForBrowser -prefsHandle 6448 -prefMapHandle 6444 -prefsLen 31300 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {0bb29e9a-73c7-4fcd-b6ca-f0288dd9a5a8} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:5404
    - - C:\Program Files\Zen Browser\zen.exe
        
        "C:\Program Files\Zen Browser\zen.exe" -contentproc --channel=9056 -childID 9 -isForBrowser -prefsHandle 7900 -prefMapHandle 9048 -prefsLen 35345 -prefMapSize 261716 -jsInitHandle 1352 -jsInitLen 234840 -parentBuildID 20240930174542 -win32kLockedDown -appDir "C:\Program Files\Zen Browser\browser" - {00390317-a2d6-4cf2-9d2d-9d36169dafb2} 1400 tab
        5⤵
        Executes dropped EXE
        
        PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4352,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
1⤵
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Zen Browser\uninstall\shortcuts_log.ini

Filesize
246B

MD5
1fd92684f91e96695a91d8b4f0df0a1f

SHA1
10ca04d62f53622680898a17f298ed0449aa65f4

SHA256
7239e98422c48c3cc741aa0e54f74aa0f19b42333b23b101f0d0787713203d71

SHA512
45bdc163048c6272e3477b72f8831a06288a9cf655d629f0f2a930b3925e73f07ebdacb0220a13e8e0c52920f8ea8c3084c3622d33dafa649d31bd9d6cbca2ba

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zen Browser Private Browsing.lnk

Filesize
1KB

MD5
164453674d0dd6e47f79ca6d26fee7aa

SHA1
6406ab6c0536e13b45339fc02b78ffb86e99b36e

SHA256
f45094b08516aaf3f5db3c0d7165561a88b74277c83bf6ab6c145b6c549af329

SHA512
445511b623e69b3d318261be6a20454d92055fccca7119c6215175d1f22c6611428ac85d2ac50fb22fdb01ea65d96efb683dd917cb9823d39aa842b7c2621c6c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zen Browser Private Browsing.lnk

Filesize
1KB

MD5
cb90891b55183b770c3157d561d9da59

SHA1
7d4e98c51402b0dbb339a851e258f64acb6a0c19

SHA256
179bd94798e9f66b388c427970f146c5c23d900f20a93ded7ab2970019a25f1b

SHA512
5c4d0e498a1a833c723bdd6c4de3c85cfeffd209780dde31e147506f2af66ec35dd0f5de6da474f842ea04f7fb2ba3f91f5083f11f5e6e4de931b7dfc04ba213

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zen Browser.lnk

Filesize
862B

MD5
c5bbef943ad0f4bea373dbd43aeab8cb

SHA1
a560aec896c4fe19bcae980e05fad8da1139f17f

SHA256
bf0b501d4dbc5a0450e9fba48691d6c8fb743d51556691b0326d51034d191128

SHA512
f03a7a2132f1f7d15ee9dbc84da12b644caa2d794224de49dc515648b7c5190bc28e523d2a325c48c8643ff4f63f72d32e059ab8a8ae39d48f42f8d4953ff892

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zen Browser.lnk

Filesize
960B

MD5
da1413c8974bbb8a2904daa834dc9022

SHA1
af3df530d06ba244df2b0487c671dc0df69303ed

SHA256
81ac713735acf2ebd22b188e8134f0b9b9f892830e5014b0f884e5e8a32caf54

SHA512
86cb59bd4ae0469c69cdc7b1e6d52030e9e60eea73d06d65d3420be77acb42fe7f0eb130e8e8339b91bd00d5f48726edb1936aa6daba785faafeb4abf9194563

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\F0DC299D809B9700\update-config.json

Filesize
78B

MD5
fe74f5c38f433736ee7015868cfb159e

SHA1
f723b0032565fb3007407201963f7bb762bdd981

SHA256
3f7b3252ef3b6217ad78adb7007738601ce1eebca69f55990b64bf254bd4fc63

SHA512
19fe20baff40c195955a921ee2fe1927d00da14e0ed3eb683e5f6f026353bfcd5322a1d2399b8977bdf97bb23dfd6cc811c9a9494f019b6e404aff477316cafd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\AccessibleMarshal.dll

Filesize
20KB

MD5
6396c5fb86eb8676c28645f420b8e87c

SHA1
d9d60966a71b6b800f6275c949e165a6d07e063a

SHA256
3f4270fb02aad14e21e01877415c760498f8ae4ad278f82f8bf0644fba78a191

SHA512
06c88cf9f10b7d88650c254ed9260115665567fa284e69d46bf19af2946c84942d525086657705cb7f6c9a2f39be17ac478b6271856f752b0453d8f123f0e901

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\application.ini

Filesize
665B

MD5
2570cf3f1445dd081227247189f62714

SHA1
b92ad0cd43d833db9192dca5b8118c4230fabb20

SHA256
8310f92de35a303f0a280c7d983e8a97b9ce11b9d4dd352a55faa42ad7027d27

SHA512
8a3c740d9198f3af859ab9c6ff7fda13b38794d5bf661ad844ebe102c0335dde0e6f6d93be2509345549b2bf1cf03e51dfecc892f4aca4ca2007d575d54a708e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\VisualElements\PrivateBrowsing_150.png

Filesize
7KB

MD5
9219f54c4b9d9b458461f269c6a02b95

SHA1
ecdb67295d72bcd60b4433c852d5b3a59f83b576

SHA256
dd4d1a59951c7654e0b621debc05da98f0f000d44bcdeedc9d5841f4077ac5d5

SHA512
d6235b3c69fb159736564827f64c74bdb255a955beb7c9c3d60769c517a1bd7d097e6a4164becaaaae772d15ed5b3ca81575d53374a44b7bdc26d41bc0c44227

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\VisualElements\PrivateBrowsing_70.png

Filesize
3KB

MD5
5b67016ce82086fe7d1c2d09f6c91fdd

SHA1
297f8681ff44a0f4ab72d42e7a5f21f75a4ea49c

SHA256
ed243d6267ac035c8501d9959f5d6cb74dd3cc2a8b779020aeb1734dd653c6ee

SHA512
0a4cd6c654ccb00a15947189b82de1e502ea32668f448fa8a09c277a0e4672928eeb9cc1c4233a5431740865928481876adf8ac912abea702100d8e46fd7bb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\VisualElements\VisualElements_150.png

Filesize
6KB

MD5
273a7837b378dffc994757fabcbe3338

SHA1
e192184ea0576fe0a8e829324ef31493491b689a

SHA256
74b1eb2b2127dd1261aacb7fb922cdb0d8987495b85f2bbc5830370d1e54a4ce

SHA512
222d40b8fe0032c39b303bb62293591888fe61803ec6a29dd4f19b97fc503fb4edd30f49996de6566853b647d40d708166330bebfb33ada931f118e117df5234

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\VisualElements\VisualElements_70.png

Filesize
3KB

MD5
4ef1b7fafcddc005446d100cd02a76d5

SHA1
b4195fa56202cb2d9f88b90a3b19b86a3a947718

SHA256
c27dc550d19f841ad07c22b9be30430c86f4b2670cd0bc6d363f11a8bc1e6aab

SHA512
579311637890f590895865e7e3ae5ee16ac15fc23cac296e4686e6709fd60fe5f419b7dcfe17cfa54d350310c1d39642c792c60d14ae66f1b746d0ddca979fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\features\[email protected]

Filesize
229KB

MD5
cd651c709fe1b26b68a7b2433b480acc

SHA1
5c2f057d1150f93503d7fbe142e5684cf721f20b

SHA256
c984f1d2c00a9e1fb7bed10fd262c2eb87fbcdc70ce59d56b9814baf83b1421f

SHA512
fd6598fef93991cb6dd7c7504b0bfed3603ce40971efc164301f6ab6794ea60e1158d7e9a3bcb11472b4e3126364309acbe77117cfa60f03fd8a83d96e3d9896

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\features\[email protected]

Filesize
67KB

MD5
dac8060ac5d8d1edab9176dcdb2c371c

SHA1
bf994d27141d85e746ac880830e708beba2bf763

SHA256
6318129a7b3db661b64d2aa5ab1e5cfa5221a6ffb221469d53a0bb638ba8a729

SHA512
b88f7a4129fde28dd98b03b42640eded3d854cc0e6577eda268bc0ce5a6fe6323e630253d8d339e8eb0e8ba09460f6322ad092f0d225f1d1919e2d5b4ef1e740

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\features\[email protected]

Filesize
167KB

MD5
a586708e13318846139d33b691a31e6b

SHA1
e18235e27dd76242c2bf2cac4038dec0bb8d5a3c

SHA256
850bb07c4439b61abb382856fbcf36533155fa81bac07231cdc04fdbeeee1964

SHA512
fdcec983054cb7ed8ecf670abe8e9236b7719af4e80ce7f7a10045ca07ae84c1cf585172e71840c27fdcc68d09d81b6c83ec4c0b3843dc3565af2e85150975ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\features\[email protected]

Filesize
19KB

MD5
7fba6d5e3fe5c4d42d95892dcab5dd07

SHA1
a691ba805a76edfb470f408ce8b9ae9a17e1a357

SHA256
b3ebc74794acd773a5b56ee6aae87023e04bb6b39f8ab0a26c5cb23915282fd3

SHA512
5764c5cd34acdff36178698bb4aaa9981f288954f6f7384a1d0b03526d5160d2d2f154a1eaf87ba225bbc4058b7af0844740314c0031bb44ea5e21cf70a80fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\browser\features\[email protected]

Filesize
433KB

MD5
3b9c829c1b7a3f55be6e8881a5140565

SHA1
78243c04002305d4749b0b789acf0dc0be7686c7

SHA256
bbddd9a035ae1a420dfe95a83fa8ed4c1f3e9e4a31511c05d38ef1aefc6b5f66

SHA512
66d934de2b381f9bc884803c1dff8678b903d19e1f2a7aa06d243acaa050ad25dd67761bb7587d71e9a940b2ae4908b53f001daed7094b74f2829cd0efe2e1be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\defaults\pref\channel-prefs.js

Filesize
427B

MD5
e44234f7fafcd73a246967ed7f4739d1

SHA1
dbac01b22dde7ccbe766be65aaaba5da2f355a59

SHA256
2f068ae56a6150bab6fc576c501ee7a9836475a93ae7b3f4296e9885b743d9ff

SHA512
83540974dba305fba9a75373b028d9aacf953c6de73bc103d87e9550add8b6eb8d49920d37ba236d8c5a8c92f0b3fc4a8de3af5e98023204570fae23f661bebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\dependentlibs.list

Filesize
55B

MD5
a515bc619743c790d426780ed4810105

SHA1
355dab227f0291b2c7f1945478eec7a4248578a0

SHA256
612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

SHA512
48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\firefox.VisualElementsManifest.xml

Filesize
557B

MD5
613815852a622ff9e54d697b9b3d2862

SHA1
a49149260f4e6d09412ce09d5847f15be65f527b

SHA256
dded8c3942e2d8eca65838e55379b1da5765c2dd6183dd5c3530c9976cb25a86

SHA512
64993969eccb8f75496b11cecab6f351a3ac659d8d6906cda2bfec8684b2d0d253f4c1bc23eefbec388939dc9ad0e898bec0a8f3e03c78d1b9c73d714fa5feb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\fonts\TwemojiMozilla.ttf

Filesize
1.4MB

MD5
aac75d901445bc0419d56e56dbc18891

SHA1
3ada434f3a727167ce6dce3b865fa6bfb70ed86f

SHA256
6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e

SHA512
83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\freebl3.dll

Filesize
832KB

MD5
a9f31304d75b547fcf9b9e689957b62c

SHA1
414985f7714259a2da1c9c84c2b82be0f9dff1d1

SHA256
1bec844eb5900a16707c79fe80d406deae2fbe9234567b00595ea0fc1719e238

SHA512
970adfaf98f45c839fb70bf8c2bdb3cc511c0e7c39f05199819cc8331ea79a212286abcdb47c909010d7efb231c7dfa079ab335c266afe67c4af9e1c26086fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\gkcodecs.dll

Filesize
8.6MB

MD5
fe282353f05b53b8ad25054dfbe5b091

SHA1
6dc27d3e31fee42f025ff78d0dff4d33c414d44f

SHA256
18a694f38ac693f424e7735e9142f08d6bff021d47ce0f852b9873c8bcbce87b

SHA512
5f722e6f07ae7039f52c96fbf428c978e07809e667ef2922c78e3c89ba2e9aed313b5a1b51df75115a7097f793abff1ed23eef5fa382de7336360ad7f5e7681a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\gmp-clearkey\0.1\clearkey.dll

Filesize
93KB

MD5
8d03a1aae89786c6eb7466b6c96f0ba3

SHA1
003c5fc1bc34492449b9fb8af6babdef4610c32b

SHA256
f130e0ba549fa490889c63a27a8dc27d9b14ebe17872b962399a1de5c28af63d

SHA512
d0cd169c76fbb61388a0d9ec4d67ae2acc28342df0417d79c0b7ae95ccfac4eaffdcce699885ddd6d0d379738229aa94731f0989966559d8746282118296c678

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\gmp-clearkey\0.1\manifest.json

Filesize
229B

MD5
cffdadfaeeaaf0a5a78e7f9a299aa7f1

SHA1
7a8f06d7c91877484301ce8474dfbb1bde08a040

SHA256
ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c

SHA512
5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\ipcclientcerts.dll

Filesize
194KB

MD5
185b7d22dc7135f4d709f7eed0f2bb29

SHA1
0a98e290790b7628b0ada37bed8187102d07fa36

SHA256
37e5fdfd041f347f42f73c7cba964ad14d35a997b48694b86b405a1b7f05600b

SHA512
9dc1a5bec81f091aca7c06116b0770a95d8201dbdfc69f9ff9b05b51c59d1b4b601fd0368b97f547246481b14c721437c9ec48693f909dbee99632c9610cc11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\lgpllibs.dll

Filesize
137KB

MD5
b72af112f8caa7e30654ec164b3e327b

SHA1
218abfa8553e2ec1901bf269082047c8aef2acf0

SHA256
5966af56d67a53f8ad3e65ef456ae7e84a303ea5d80421efb240377b016f982e

SHA512
dc890f98e8a469b9a46a48f950215dd862c1554ccdf8fa5bda2dff6b9cf4d036fc7414a6e6880b5f28f31894952d12818c2b4c48ca82173ef508055d10ace960

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\libEGL.dll

Filesize
36KB

MD5
930b208ce99adff575b441020026a06a

SHA1
27d59f4fccb11618bce9017c779d3e0b6f5bd152

SHA256
03480a62359a28254fcc82d1001c726f77fd55048ab044be5e9bcbeab96ff805

SHA512
732b1c3b293bfee7f0806227ef2754f6ac6d216b4218854f4ca2a78e30b187caf546b892a0e6e6569da40d6b16269b17d5142919e6adcf391dc9a9e1238a8745

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\libGLESv2.dll

Filesize
4.3MB

MD5
89b26c5345afbff59c79d149cf6dfc4b

SHA1
f37f1ea7d5c7513f78f89688603e92d496d168c8

SHA256
63ab1f49100280d55609dad22284ed2d4e5c938c201db4d781be01ab282225c0

SHA512
d52141c395f26f5886adc754c242431f4c4d3e61660f545a620ad33c8a20f17211af47056f85f393011a853423a51b5066539bf80cc5c008210b330b5c718acf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\mozavcodec.dll

Filesize
3.1MB

MD5
6829d3d451b8958ae7f24d5521d5ecc9

SHA1
8663720e022947e6b71fd69d6cd5fa2c401b44d1

SHA256
3ff6b6091c1f75945d2bdcb6d0ba73a744da4b3c5a57148d72b6fba5cf67bb46

SHA512
b8a999f3aa612dcfcaf8b68e5dce47750771e97c720b6a991d7319a1ff75cbdf16b4dbfed8e9cdb55fbd53b9e6fb8a8334db659c0d59a1ac5f98507df69cd64d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\mozavutil.dll

Filesize
554KB

MD5
ec6937980ed571c3ac2dde73b2e3c5aa

SHA1
c5c28d467258cba757d43718c182b95e1af0da8a

SHA256
34ac0f361b210569b41dab886e696b18f777a4aceb143d8d038365028938ae30

SHA512
9ab3d04b808de46327efd8e2567450fc2a7c85f3ae4ec2b6408740f35b40a072a37a4b99e50bb525210986bfc1d1d4c96645e712301a57e9b9e0ff40f85001b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\mozglue.dll

Filesize
739KB

MD5
12156c0a61a25f8a36bfe74bb44ccf43

SHA1
9e86c2f9dec700870d88ca6706542b4c1cddd2c1

SHA256
fe471dec98c4a0a1ade8ec87f138f386acefea18771065e392d85becb65c940f

SHA512
73551e4f136b4df3d24e325f0b3813541b41cbe8e4d6ef10100c8059075177e44845f827d4bc85be0525175464c99ca33ff742dcdf5442431378b4fa52dcecc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\msvcp140.dll

Filesize
559KB

MD5
c3d497b0afef4bd7e09c7559e1c75b05

SHA1
295998a6455cc230da9517408f59569ea4ed7b02

SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\nmhproxy.exe

Filesize
556KB

MD5
ea38623cd42ee438c6dd5980e05eade6

SHA1
03cd0272efb0f080e55bf98ccc9a0cc453a3bb71

SHA256
ca53fc4a663339d9334fe9fe40fdf86f316323ab6e0fbe1cf62d29df5e3738b6

SHA512
bb70820b9548de85e54bfef7e2fa25980dbb1a0b850eb4eb7c779d939b7e316a54d8a15946eb4026b6430e7a61a34a9c55451aa5dae1be5f5761164fe0324e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\notificationserver.dll

Filesize
49KB

MD5
9f4c190187145ce42a599f6e2bed323e

SHA1
1f00b6496f29e049bca63d5a1d8346238704e466

SHA256
68734556aad5769908da6a0b05d85dbf7dde0efd896f7bc8dd92dfb859e38f9f

SHA512
4e58c57c62ebe1761027bead5f8425f061fb3328a266451c19c31394f637b61ef4671652dc042c2e4a3466f5b54f5521c22e24d68e61bfd13c6d91c670484d1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\nss3.dll

Filesize
2.3MB

MD5
b929aa67e639e9043f891736c2d18d5f

SHA1
ade39deefaa4abd88ef1ad43a418d0e4f42d0ee6

SHA256
12e17f0bf1571973050ce314971a330b9914875de3f06e51b19084e71c7b111a

SHA512
13098188cf7ef78a518ec10b1e4e6120c984099020e3d9dfe77ca45c0abd327424f0a9e6efb8930206360fdfc521e4db6fabfb7b202ffdf6640c1e11977dd9a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\nssckbi.dll

Filesize
360KB

MD5
602be1a4aa1f5b097080d1d8cdac13f6

SHA1
4ec467d305a3efd0f6d68c19ff255db560e8fc4f

SHA256
6fd00f9fc1667e63be74143b886260fcfeaf533efaedd1cda566e8a1f8061df1

SHA512
9346b2930470bfadf67c919989f77d2870069bf6114ff229bab691db958575c003573019af415e4011717464d530ee2d412af58a69d61443470099fd6d048cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\omni.ja

Filesize
46.8MB

MD5
2786ac933683f40a50285940e166448e

SHA1
8588dc8e0cd26e867263eaadaaa6c7daf7dc9682

SHA256
31d996b22b8744965d6c347eb587bf356d4f76cedfa78507bd2bd3c7f2d3a80a

SHA512
4b5ffa2336f35524cd885702b7cb50310ff9bc190fbda51e06b031f71037fd58a43b4d48f9b54b7dc960f6de0a1e4f248cb2cc65971f4bf9f20e574ea296f005

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\osclientcerts.dll

Filesize
335KB

MD5
e8178a6be2f5e5981a69cccb727e36fd

SHA1
142958ee8d270cdbfd94c74d7d8c70078bc32600

SHA256
d71a482191de984b5baffba3f8e51ca5b6f71c27155f0b1df4907e89ad28de98

SHA512
b8fff057de57af0eb0be5e298cc876f86163378b12324565ab7809ef4035edbabacdc73bc2bc34e3a49d4e64910794368d798d8d5d25f11b614f48a4b0039ac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\pingsender.exe

Filesize
68KB

MD5
8fc4b095ecdeca09e6a67abf2a22e653

SHA1
786f5b6e83441a60141cdbc9cf90300f3166d1f4

SHA256
65603c1132f492827f4ee82fb3b8265c3c94529d5d3af5e911a44b98315cc319

SHA512
8686ed5b60af7bc4679956672223bf5e5d58e1ff42cee7ff7f76d2898aa1326d6144076c468441a11d1291996ef40c1e332692eabf4ad798c5f59f82c4b427c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\platform.ini

Filesize
158B

MD5
d3a22ef8c1f85fe7e1532084e4d31c7e

SHA1
f8720cc2ca89a572ffe6eec1313c32109a4eda99

SHA256
d709ec40a38eff20e289c2f9ec8c228d7fb9b68b99b01073aa9e0e2e0aa09583

SHA512
34bc5fa743df82d1615d88b7198549856736593c0e97321313edd3280f589ed730748ddca37dc1abcef2c9a09c1901d6fdf24882b876bb6cdb805016715ae469

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\plugin-container.exe

Filesize
272KB

MD5
e73f929ae36989dc99acb5b476808d64

SHA1
cc4b481d72f6480a4c1bb594ac223eef89cc4ec2

SHA256
e32b12ff491b1fb7fdd36995b631fe45f16b97583cf9a7a21e96bfcdf25d64f3

SHA512
58bac6aca8473c759e6068f4e4b35d4f8a6ea9d6832c86bd5f5eac5d0437abce87e8b989f5b7628c3a2f22b19d59731d075c6bcb102b47009b5af1dfcb3d6d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\precomplete

Filesize
1KB

MD5
66c8788bda3b85e7c8f037c9942a1168

SHA1
d44cdc07cfa1cb13f8674eac7b9d1e694260413e

SHA256
c30c701e40442526cc5870e31593fc5ca4a30de5d7dd62cbb01217f687262c03

SHA512
e465a0ff6e3c43601d8135555ed417b963e7db2f858487fd00f5bd28a24b715be3a055cc9f8e8b428947f7842a6f32f98f456e131c3473ed1944fc66b23bdbd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\private_browsing.VisualElementsManifest.xml

Filesize
559B

MD5
b499ede5c9228c742578086591193efe

SHA1
18e682ec73ed8fcea99893142fa8b08ee8a32b72

SHA256
9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae

SHA512
b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\private_browsing.exe

Filesize
120KB

MD5
d8fb7f67bbd1ece7c0e4db1d4d26abd3

SHA1
ff9f471010f9867f33424fffbf9533604187dd40

SHA256
ec4d5080c83b961707440c40519b8af12a5d6f5ed46daf0aec51cd9e286bdc71

SHA512
35c36249b02b1b4eface4ba3406d8b3e434048397349a622c70a72b08c7b3b009ba4e41a60d494169edb019e04080e202a377a1024c2b66ba0ef24e6b964dc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\removed-files

Filesize
16B

MD5
fefbfac37461bd30e05f5befaa1f7705

SHA1
74f9024662db06184e645cab76bfecb0e6897545

SHA256
52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f

SHA512
874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\softokn3.dll

Filesize
273KB

MD5
3568859d98a1921df14384edbc14512c

SHA1
3e1e6f5e501d71300a5635bb76522743da1c09be

SHA256
ed1545454a243c7eb413a5eb2be012ea1522b2e5f45a425d506a6a6ad70ab078

SHA512
e492d04f6dabc0f6d0ac8ca42f86cb96c4303c49a616877911888a94bd637e780df188867a537ee2af69371de5839fe39bed858206568e6ab61d3eeda4097c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\uninstall\helper.exe

Filesize
1.1MB

MD5
5e03584226a304172b3411e4d35fe7ed

SHA1
b672440276f43fdfd6d29bde5a3b4dfe52d91bec

SHA256
e08f7bcf408adf659ee7785722466604336959cdac80ff91593fdace395bd371

SHA512
db588bd51cd04d8638de66ca01507357949583d00808805fdb4cced5e59f3264506ac529b2bee2ea379f864db1d2dcddaf00a94aec8c4401c818609e6f784a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\update-settings.ini

Filesize
109B

MD5
b23537f22e0cca13ff93047b685ff046

SHA1
ec77701e8c49c1ab48256b93fe7504fb40b408e6

SHA256
e337a87d021fc25ac78f39d93fef709e51ca269c6e10d4d5c61b29b099f3b7d5

SHA512
9e8a86d70bbe4948290f3405d6f043f2d2baae0ec94dcdc759eae69f19bd6e0221405e43552c3da9a44b101e30c1a01fb2ef4288a386f234a9f73e8043f09735

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\updater.exe

Filesize
415KB

MD5
d2f4f1777b9ed8a6ee00f6587dc84b51

SHA1
bdd094ef45639c353ea7177c75a057cda8dd17c7

SHA256
dd5d7ada024b7c204a935c7c614ecd7e23817ad32a0bebc86f474d2ab482cbf5

SHA512
8f86a40025910e788810aa6b17a303c0ff656a4cfe7f48c7d37c68bee16057ba9c382fd8451c3eaa8452ab7094864b64d26ec7b995116ba517c7f037c59fca94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\updater.ini

Filesize
1KB

MD5
083c9abab084d134f8944451f1da10d2

SHA1
9cba8cd5d6085609b4d4de36720dfe20ab411c03

SHA256
0b135de7f379818ec55062dc000ef8204f628666e8a74549453e4e5541be90dc

SHA512
1b1a2dbf55f83ff85997f3d06eb290aacef8d570624d061fbf98f39b22792b85d35837fd0c4e2ee7015db4272d058e4cfda81884813aadc6be4201433842c814

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\vcruntime140.dll

Filesize
116KB

MD5
e9b690fbe5c4b96871214379659dd928

SHA1
c199a4beac341abc218257080b741ada0fadecaf

SHA256
a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8

SHA512
00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\vcruntime140_1.dll

Filesize
48KB

MD5
eb49c1d33b41eb49dfed58aafa9b9a8f

SHA1
61786eb9f3f996d85a5f5eea4c555093dd0daab6

SHA256
6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e

SHA512
d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\core\zen.exe

Filesize
931KB

MD5
8a6a043ef46ae55ce528533e53188e77

SHA1
e2141d22a05acbc416918077bf6996b657263a38

SHA256
87d92916fb7b08e740df28445837a0f1056f0191b9ee91057513de010be12f8b

SHA512
c5729a71fbc150fd824291c94b68980b1c00b1be4fa4d85a1c5b62ae08e863399f7491ac7b0a9d84b5445b248cb89fd57704ade348a5e2c8dd5ca972b4c5248a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFB05448\setup.exe

Filesize
877KB

MD5
35be114a00c11382299f6ca0598ca271

SHA1
ecd1d3b9c7f8c62c59a3618addff34179de31dd8

SHA256
3888f4bf7c4a02779bc3831a04821c4e239409a5b9032cccad2f9668488db719

SHA512
b65584e77adf30071ae320d03af40b1e7d871b4ed0f5c110e027bcfda8c5a1384d41ac82b1223426d2594f46b51af76eca81f15557fe5afa1030bb96e2228be0

Download Submit
C:\Users\Admin\AppData\Local\Temp\e599003f-b51b-4317-9f88-ed2697ee0083.zip

Filesize
3.6MB

MD5
b7ae305947326c0a23991f6563afb3ed

SHA1
bd8d8374d44bbe71048265c0ec767f09178d377f

SHA256
f44f0ed22e150a399403d19acce75426eb6ece3d405a0fde46335c3e633481a9

SHA512
f306bb8735fd7f51e97f566c9bbe08d5a7839e04016ef85b87639e8f77eed0ff213db2cd38ecda609df398f0ed16a51160f03383a7bbc530928cff55029455bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\AccessControl.dll

Filesize
21KB

MD5
eb7a540d0d2e28f6bf524d2cdbe0f478

SHA1
76204991c60913cffeba5595033c4f79e1e89bd8

SHA256
ef4b548b27a6edab3bcb25cff0598918c645795850d62f232909dee851e04c6d

SHA512
947132d07f7875dc99fbe8a87757f6efee0a8c6271f8a3bac6747f9f4f60ed7e203e28a588db8c55ee898ba8f3dcf640f6562c49c45d6c6d8fdbe2d2309b9984

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\ApplicationID.dll

Filesize
55KB

MD5
fdc0338e6faeaf6f7c271982e103473b

SHA1
9a41f7932abe8be7e32c6371f085cf14de355d00

SHA256
a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e

SHA512
a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\InstallOptions.dll

Filesize
25KB

MD5
fd249bc508706f04a18e0bc0afddec82

SHA1
b94efda9f41c89fc6120ed385867125d03f28bea

SHA256
c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad

SHA512
c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\PinToTaskbar.dll

Filesize
3KB

MD5
70016ab449dd0034333b0df88193cb82

SHA1
add0b693b75f14e7f9a063d0de1921c3bc8d1a52

SHA256
6bec8a69845fe9012a0622e79b63328fb611151fd24f198a779d781a36dce5a3

SHA512
1295dbe8596a37d0799b51c3be011b2aeb499d382bd860bba784dbe5a580f6d2e1116830c4c619ef32df9c5f7af0aceb600c2c7a29e321cf8e355c73627ffc71

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\ShellLink.dll

Filesize
14KB

MD5
fa94d120efb029b43217c66bbc8c650c

SHA1
1fcf2d76adf69b403b7400681ac91d50ed20385f

SHA256
5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db

SHA512
07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\components.ini

Filesize
44B

MD5
c9b5d86a9a0f014293b24a0922837564

SHA1
3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a

SHA256
775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4

SHA512
790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\components.ini

Filesize
618B

MD5
84a3e5b1bf9be8aba32bb194acab2175

SHA1
af004c132d752f354b2a2a897677798df223c61e

SHA256
0a822d68634231271022ecd33a4bbc56cb5f4b972c095f9e818d313d98e8b8e0

SHA512
d2bbec3a68f9f11705a5ffff02472682ecdd6df86e615ba02707635e903ec1462b98c5517511c92217da921349623bdb90a8aa4cafe4b0996b7d9cbdac131e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\ioSpecial.ini

Filesize
1KB

MD5
40b17631f2d22175943c05a7d7fdada0

SHA1
be178a35c4b0b3272d1d1e9d37398497c9cef1b1

SHA256
bb27b8740b542f94a1e0c41a0ae569c51f88b4cdedf9666878e103012036dfcb

SHA512
d22d52fb1c0845b8e25e03455e45eaa91004109290b207a934b2ee61ac02b46c85311ee0814928c2280a5750a610283a0ae2c513be19941ade783d2394f027aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\ioSpecial.ini

Filesize
1KB

MD5
e2e40faf1f74a8dd62711115d51ebb1e

SHA1
80d30e24a7c484fcdd4c384bbecdb41239178459

SHA256
3eec4275de45f728ee78006eabe85c6d9b97be83deccc0642f9c017a574eefba

SHA512
4a7739e38b926e8abfc8d132260fdaf9f7d82f05005f389aa1408d7a632b74d62c5ce282c64c1f94d4e21b9309a5d48623353ec1cdc94c6588cf81401aa68318

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\ioSpecial.ini

Filesize
1KB

MD5
6f5705d680f7516a391c0af50ea8a496

SHA1
a74ad7463e22cfd705d259200cd16ebade781394

SHA256
3c9d7e768a840e9d4bfc9d1cc055bf022653e2416053bc4f624182e1d3caa63f

SHA512
fde6c85794ae453c9f1b9a2a68978a157f72c211e2db7ca02e0f8aea737bd7d0572bac5cf9f22dfb75c3d3b6c50e59c5b4137a98a958c041337b9be89e4376b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\liteFirewallW.dll

Filesize
19KB

MD5
f31ba98a8d87faba153eea134968c854

SHA1
da0865cc1a86a39367f22897e1f9fbf4fb1f804f

SHA256
708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb

SHA512
d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\modern-header.bmp

Filesize
25KB

MD5
cb1c4da8daa79279041011b85f48c3e1

SHA1
40496c445e18eb28686ef1efdeacf39153a91062

SHA256
689ea80105f4e61ffc73062516c7d7053f92bae0c700c0673c3a9b445345df1d

SHA512
eaca5a8e4503c3b62a3b675de44698af80952708fc4ef19a1e0174e4dfd5d6d4af3a3a9f02c4c8ae2c8fb257ff15fd26798d5dc04cfbe727a2fe7050491ee5ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\modern-wizard.bmp

Filesize
150KB

MD5
b06b4bea1bfb48f82f1aee9a92535e5c

SHA1
bfa10ba432b8267bd5ae2c9d59ff44c9e748010e

SHA256
b1805e4132a0dc5ded71b822f6662530ab1965f997f91398e984db3240ee4b82

SHA512
b36a83b73a70ebebbcb9b9b53c412fc8ac58e317b8ee33702ca9c63811699e29f850b14979b0a832db67470f25f0cafb17fc1eda07e6a85b7f0904ecc0dd6318

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\nsJSON.dll

Filesize
33KB

MD5
e832077eaee06f3b2ac9a8d2e7264567

SHA1
decbc329257c9c7fb67d3c449b4c5dfc1f87471f

SHA256
705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf

SHA512
c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\options.ini

Filesize
1KB

MD5
2ed297c20c4529668ad2d01f06843a48

SHA1
92caf54520fea3c3ff49216e5a598d9e055188e7

SHA256
4add109aa305e5f1a528db1d81493c94daf6a298148757172b620b6a72727dbe

SHA512
e86bf0f9b94588c650e3cc06e8e7eab8e03bfb160faf821438e560910178cd0fd9dfb175a5cf2acac990c731bb7c1c77e8f7788338d66f89271e952fcd080f56

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\options.ini

Filesize
1KB

MD5
6b51bb7519d81bc38bc25bbef96e0c4c

SHA1
1c1f7a44c329fb685da31273fba99b61b53c61d1

SHA256
f1b25b2125143618d78b746bbfabaeb5106ee8be568c00d03a5e215fce222726

SHA512
60a69fe32750632b329a2d8256d1ee048e664aaf8e9849f721d44719fbfe5c458bac036df0e3ed9b99405c5ce2df8ac7fcaa86919b5621f1a2a310f5042b812c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\options.ini

Filesize
1KB

MD5
ee8d591d1b3c62273915ad62db4f6896

SHA1
dba3fe699915deeed537d72dfe21893c3171694d

SHA256
2fc4f55aa4699ca3af6c19cb4773e608a2b2f6986d89c0f6e53021900d40f6a3

SHA512
0ebb3db77a64d4b0374884ec53c4566443967136ddf96cc17c15f5479822cd0a4ab573bff02c76215e719f5c6de2c64ff51d1dc0eea6d303ca28974f6a98cbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\summary.ini

Filesize
826B

MD5
905356d1b61a4dea6d2b92dd4cdb8f79

SHA1
440e49b4567e2cefd20c6536585ef4a12befe91a

SHA256
d66084fcb4b8dc05a924de5c7f12ab376b009060b810c062e27fd1cb103298dc

SHA512
f7601ca497e8a87cb98908bee2e813490447e4a0939b3d346e9b22865fd7c13ad7e7e5e0d580e6dafe418e8d2ec8c15575be870f8a76cf4f58facf9ef1b1efbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy6667.tmp\summary.ini

Filesize
670B

MD5
680798f1f5a49b1068b55e7e3763db2b

SHA1
d7a5f31e76205e83b6c8f58b0214e1925ae4626a

SHA256
44923470d302563a95fa837fb284e85ffc8aae4e9862ae0fa56f4bb0e4fb2b52

SHA512
d2c382eb1d76ff3f5788e503ccf9498af0e2c318372580e0d6a6341bd5451396a5b4d421668effbb39c7e42e2cba7db087e1365aa6508d7aa2a08ea3b875c74c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
13.8MB

MD5
3db950b4014a955d2142621aaeecd826

SHA1
c2b728b05bc34b43d82379ac4ce6bdae77d27c51

SHA256
567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

SHA512
03105dcf804e4713b6ed7c281ad0343ac6d6eb2aed57a897c6a09515a8c7f3e06b344563e224365dc9159cfd8ed3ef665d6aec18cc07aaad66eed0dc4957dde3

Download Submit
C:\Users\Admin\AppData\Local\zen\Profiles\lh0neu86.Default (alpha)\cache2\entries\1799007856A9D53EE1FDCD01A316215CC4F68AAF

Filesize
1.0MB

MD5
04dd1a2bd816ebf052e85802408f7434

SHA1
857e2afae64a86a4d18ebf5f07551784abd19b73

SHA256
8dc67e6f937393368f2ea4b60258d43acf39e2ba4173d94c4601a1bb622a2e9f

SHA512
5048b76d853d07bbd26235fc0596529c4d95d66e5d78be67df89bf4cb841f5d9904f41b50b5a62dcc0ada65c197fec3e071f3e748a56ea5d56c3e2776b434e28

Download Submit
C:\Users\Admin\AppData\Local\zen\Profiles\lh0neu86.Default (alpha)\cache2\entries\AFAA423221811477FFC6684F0920FD6801913B5E

Filesize
17.3MB

MD5
e6398faccf2764507f755852acd92e80

SHA1
3d60e7e51b7f0fba6dd6a11483fba576d755fa35

SHA256
7b0562ac5d9b89538a8c9533ef4ec96ab725ca8b9628e077cc4e40f38686c77d

SHA512
486f11581a077d78668edd5e39e6e47052eb997311e60cc39cd100e8fe159c105e32769f752f709c0acadd18cef8b7b7249ac87c015763fe813eccf6ee95df95

Download Submit
C:\Users\Admin\AppData\Local\zen\Profiles\lh0neu86.Default (alpha)\cache2\entries\C324C7F51E119C78B299FAA71BC2F97BF4E2CA2C

Filesize
13KB

MD5
0a18854c9c318c689398f355dd5ba541

SHA1
4332d1271fa8af40464b5bf97f74d42282190e98

SHA256
93691a9d37f8e27dd3033f4d3b7e7d04810d8b395888e9cf58156a057ef244fb

SHA512
74ae1e97b38a23b9e8a8641ccf476d1df397e414759c3c5c5f8337d5eaf4045360871108bae788347f17cf6b9bd4ce734b8813fe234c789c4d0f4de925ce52f4

Download Submit
C:\Users\Admin\AppData\Local\zen\Profiles\lh0neu86.Default (alpha)\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\AlternateServices.bin

Filesize
7KB

MD5
6993b7edaa7b6864ec5bb42752d67d3b

SHA1
0daa679617f1cdf0bbf0c16f7de1fd2ca7aabe25

SHA256
862925b0c809383c88ba42fb23fbbafd1966e21fcd5aa56651e534e70f5f1136

SHA512
12eb04e0d6bbb6d57ff3b37f35e3fdce3ea29fc5bf9c62f6111687f122181bd5822954d4f4e59a887ff5d8ab194cbf9ad9d71d61df1f46eccdf8dc3499845ef1

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\addons.json

Filesize
24B

MD5
3088f0272d29faa42ed452c5e8120b08

SHA1
c72aa542ef60afa3df5dfe1f9fcc06c0b135be23

SHA256
d587cec944023447dc91bc5f71e2291711ba5add337464837909a26f34bc5a06

SHA512
b662414edd6def8589304904263584847586ecca0b0e6296fb3adb2192d92fb48697c99bd27c4375d192150e3f99102702af2391117fff50a9763c74c193d798

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\extensions.json

Filesize
12KB

MD5
1f1fb23e4f348c45dac2f80b5c2de602

SHA1
ed5db576a7568a9069a0cd41f84b6829d771a314

SHA256
6281e3fe86dc69543819d14831e072bf96a54e39d452c8393d977fabec12c3bc

SHA512
704274ca10ce84494d05041dfeba2b842e9c3a8776bdb2b08ebcbc114904f8983b36525637d68f46a706a1303ee827d7176d5f5f66eb601fee4c1e5bc605b408

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\gmp-widevinecdm\4.10.2830.0\manifest.json

Filesize
1001B

MD5
2ff237adbc218a4934a8b361bcd3428e

SHA1
efad279269d9372dcf9c65b8527792e2e9e6ca7d

SHA256
25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

SHA512
bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\gmp-widevinecdm\4.10.2830.0\widevinecdm.dll

Filesize
18.3MB

MD5
9d76604a452d6fdad3cdad64dbdd68a1

SHA1
dc7e98ad3cf8d7be84f6b3074158b7196356675b

SHA256
eb98fa2cfe142976b33fc3e15cf38a391f079e01cf61a82577b15107a98dea02

SHA512
edd0c26c0b1323344eb89f315876e9deb460817fc7c52faedadad34732797dad0d73906f63f832e7c877a37db4b2907c071748edfad81ea4009685385e9e9137

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\prefs-1.js

Filesize
6KB

MD5
2338ca2db34541d20de1d7720a7553cd

SHA1
71ee6615795c829f46ac758a1a0241eef7f806f9

SHA256
84530ef83c731af05fcc1ae7a50fd50bd41897f6c827f4182e4423a9561c13e6

SHA512
e2d142764323909c2840678adfc57c12482818d7bdca0faee2de8d065c2e11f95583c85e78930df0964dcb4a4e5f092190037307b465c052a7e9e81de008404e

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\prefs-1.js

Filesize
11KB

MD5
73d91d7c80438f5547914601f2a8de97

SHA1
8284648c331570758a542c9e1daff7a5189273a7

SHA256
59b988e5a3451079dcf0c09780316d2d51fde001239e28606566c4172d74dd7f

SHA512
42af7f7732ed5602de02ebf7347582fff871151a75bffc33e1105d27624843fb540b08364477336c93cca1cba5a9b0dc3c5e9024dd2d99394a60fcb77665c87d

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\prefs-1.js

Filesize
6KB

MD5
c24a46390e3d709537af9e6a69fc0ee4

SHA1
00b2bc7989197b4e8e3026c92b1ebf103f623528

SHA256
2f0e3d9c27441897763e2ff33c1c7a9bb70c909fd86999ab0d1d11950766e5c1

SHA512
41d9907cdc5aeba1b331451feacb8a4ef4f9d179fb4898bf98cc25588dbb5e326fc94b0fa4785d789811ae05f4759950bd6b03e8d5921fba397d726920e71271

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\prefs.js

Filesize
8KB

MD5
c324f6d82c9b51c37a5543920d966895

SHA1
fdeaf8d390724552c0699b44292cfb99282bd71e

SHA256
86ae5a6ce743c89f88b5f3de04924534d3f7fd16865bda7e22214cf0c33bd922

SHA512
fdce761f6bb588a52cefa1be1c7627d158f502fc807ea954128c6357c5c98c3d102c966a67f652abdd6cace80d67c9ea32a6e5028dd17d90070830422f956397

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\prefs.js

Filesize
1KB

MD5
15568b5758fe68179852133a31788192

SHA1
9f9c9726a5b30e8935de9fe47c521a6951d3874e

SHA256
0fdbe4719338b7f8dbcda694815a29a42969d5a2ae1a8695000279e1d37a99ea

SHA512
0b8baaa6bd0b0853c2a6927e5ffc7aea97a469a424fcf1a8ca331f790e87fe93239c480fb753003c428433f6b2d7b7b4f78c664878e5ee5f9c6137d401700bcd

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\prefs.js

Filesize
6KB

MD5
e08d9f6a71182696222aa0dfcb38b0b6

SHA1
c7039028df4f4d09d291d376741c267e63eedc32

SHA256
4d5bfa35ba6f2ad54c4989360be6ed2a1e1af820bbf8dd91d8bbfd9b989e2d60

SHA512
7d92f4f2e78adac9e25d1a309fd864cab9b8869db396eaf8b76528dcf6bec67afa0ee66b8942569c46881e445ca4c82d8c284e2222b74af4dbb474677586039b

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\sessionstore-backups\recovery.baklz4

Filesize
418B

MD5
8bce8961ab6d9cf515156783f736f406

SHA1
0b6566031f254e933c644239bf1d9566a320b669

SHA256
543d6c7cbd1a560d989d41e8ebe822ec7ab5efff4d0200b435d6f6a4f34c05dd

SHA512
6c760367f9e84b518d1ab323e33e28eb88d91d34aef21d400a594648d41842cbd4a340bcf8353ccf711fe87427ebd149ab5bc18204e5415a8293242b9e1cc737

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
300775e82c3216589c973208d0b354b1

SHA1
ca437ef55a7a2f0d4e4cf899705a8afb14a58043

SHA256
b30787dba62e573e58cd9ae1dbc202c277c0d680d502fb74cba4ac3ce4da01b4

SHA512
837f8ca579428b56290e46e897a60b9d6daa87c838198e53537945f3763b9b645a723484f2856cbd54ab8f1a72b850d316923015e3b3c76e0751903d8dab1ed9

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
48KB

MD5
2f7326b8f87d0796879c1ab2ecf809a3

SHA1
36363ceb4632be89320eb19b8d3b2d0ecf0b87a8

SHA256
e1c4132460836f789b1dacba06c6a9dab5b35ba92977983965a34961bd9b6086

SHA512
77070c75a8d943db7a2d2724df1df3800c1b07b358dba0635b2718b05b426c4284bbfb59a1c059ec97bd823f46e8d7a7386a349488bb3953b02c49ab2328e288

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
4a6233270766ff56c9e79341f63f3542

SHA1
f201a7771ba83e4e79b9cd9769248680818d9b1b

SHA256
c26eea46bc635ff47140d819df6f4e0653a437b696fc4e5c9ea79d3c973526ef

SHA512
91c6a93e2c627ad74e3c04e05b7184753ddfd59e799f365e5d264311df30581aaa805de604eaecd71ea755718aea3ad0d0f92603017926fd97295b1d049aec28

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

Filesize
64KB

MD5
c2917bcab7d80ddb8a96e61195c9b5b3

SHA1
20e781d423ea3a8726103e3deb3db2fc2ed2206e

SHA256
6bc43f606fb8f22017939bb5e802cdc6e234aac4850ee18e24ee49f7beeb9018

SHA512
bcaacb236183ee98dfca0f4c7cdfe9b568811951bb99e48f1620a52ab69cee950349916488b81a8aaac0f1955ac736bb83636763909b996f97eb131b567f6e0a

Download Submit
C:\Users\Admin\AppData\Roaming\zen\Profiles\lh0neu86.Default (alpha)\zen-workspaces\Workspaces.json

Filesize
118B

MD5
1fed06afd602e38bf23fcf59b6db0754

SHA1
3fa1002c897f1d1340fa70563e1b78ffb2a67973

SHA256
f216165bcc7325661bcb9e4a984d64f093e6f3d809e70055afdaa0b4b7394c46

SHA512
a9133c2e9ed4755d24fca459146ac79dc6e2e69e281284eac8db7d770a47b80b7b31299f82f7e3e28e3006aca4504aec0f99c76291f840f9434114b64fac0444

Download Submit
C:\Users\Public\Desktop\Zen Browser.lnk

Filesize
948B

MD5
b5d6efa004aca7e945e03e1dac85f91d

SHA1
10399d179376444e3072afabfbf7b93ae3663ea6

SHA256
53672d8c79f138b476bc6f07b731f4f61434989648eb46dff72a587630924332

SHA512
a4599712d26d704d2f26c695b01c461200c07694f7d9e9fde60703da3d516ba0a44d60dc5fe6fb4048b755819bea46b68fe3e27d1816495082a0065766435215

Download Submit
C:\Users\Public\Desktop\Zen Browser.lnk

Filesize
850B

MD5
8259191cea415570a3d044627d014e68

SHA1
a3fd6ef56af35e21f9a996bed4533eba3a094db8

SHA256
171f1f732051aa75797b6a03c141765ac5be31655547b8fb769978c9804fd8ca

SHA512
349cd5041f891266c8bf378a653a2a9ca7a951c00dd2a346d8b5015d95fac03d98bf2fe2aa82cc3af551381f9196e1818acbbeb263f1d6f00216282acccee9cc

Download Submit
memory/1400-1727-0x000002A1A41A0000-0x000002A1A4262000-memory.dmp

Filesize
776KB

Download
memory/1400-2345-0x000002A1A41A0000-0x000002A1A4262000-memory.dmp

Filesize
776KB

Download
memory/1400-1558-0x000002A1AEE80000-0x000002A1AEE90000-memory.dmp

Filesize
64KB

Download
memory/1400-1752-0x000002A1A41A0000-0x000002A1A4262000-memory.dmp

Filesize
776KB

Download
memory/1400-4807-0x000002A1A41A0000-0x000002A1A4262000-memory.dmp

Filesize
776KB

Download
memory/1400-7764-0x000002A1A41A0000-0x000002A1A4262000-memory.dmp

Filesize
776KB

Download
memory/3068-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3068-453-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads