1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 13:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

pipe.html
Size

235KB
MD5

0c1218c21d5f03592d06789897947806
SHA1

b6cfa8fbb964c3049de005a5d6db9b69b8dcc3f2
SHA256

1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209
SHA512

64feff90f58b6abaaee5fd4491d5ae2ebb087aa688eac0d86e6d6f87be94b5b3d334c80f1248c8e20d0060d1232d0cdcfd2dfafd74c2ae8f3f0afc470bd017d4
SSDEEP

6144:zI7mRVyEfCAQ9GWa+0KL13gzAetYq/ynpUs5l3qhKljVy44LTkC91cY4fj2YRfo9:E5a

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2220	DeltaInstaller.exe
4988	Delta.exe

Loads dropped DLL 6 IoCs

pid	Process
4988	Delta.exe
4988	Delta.exe
4988	Delta.exe
4988	Delta.exe
4988	Delta.exe
4988	Delta.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262988626987533"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{BF55666D-270F-4D79-A1C6-1B4768EF3851}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{AA705D0F-5057-4787-AB85-FA4EC9353E1C}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
1224	msedge.exe
1224	msedge.exe
1588	msedge.exe
1588	msedge.exe
5936	msedge.exe
5936	msedge.exe
5448	chrome.exe
5448	chrome.exe
4988	Delta.exe
4988	Delta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe
Token: SeShutdownPrivilege	5076	chrome.exe
Token: SeCreatePagefilePrivilege	5076	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe
1588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 4364	5076	chrome.exe	83
PID 5076 wrote to memory of 4364	5076	chrome.exe	83
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 2176	5076	chrome.exe	84
PID 5076 wrote to memory of 3752	5076	chrome.exe	85
PID 5076 wrote to memory of 3752	5076	chrome.exe	85
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86
PID 5076 wrote to memory of 2140	5076	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\pipe.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85c999758,0x7ff85c999768,0x7ff85c999778
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4916 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5044 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1668 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5236 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5436 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5280 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2740 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1756 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3244 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5084 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3500 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=968 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3184 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4932 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Users\Admin\Downloads\DeltaInstaller.exe
  "C:\Users\Admin\Downloads\DeltaInstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:2220
- - C:\Users\Admin\Downloads\Delta\Delta.exe
    "C:\Users\Admin\Downloads/Delta/Delta.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/deltaex
      4⤵
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:1588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85cce46f8,0x7ff85cce4708,0x7ff85cce4718
        5⤵
        
        PID:2372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        5⤵
        
        PID:1344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
        5⤵
        
        PID:632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
        5⤵
        
        PID:5192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
        5⤵
        
        PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
        5⤵
        
        PID:5564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4696 /prefetch:8
        5⤵
        
        PID:5928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4704 /prefetch:8
        5⤵
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:5936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
        5⤵
        
        PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
        5⤵
        
        PID:5832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15661775865486315386,8920227002123149689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
        5⤵
        
        PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beforeignunlig.com/redirect?tid=962340
      4⤵
      PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85cce46f8,0x7ff85cce4708,0x7ff85cce4718
        5⤵
        
        PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 --field-trial-handle=1308,i,9987906143844853036,9861596588031105283,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\215d92ea-3c16-48d8-ad38-d4dfcc11b024.tmp

Filesize
199KB

MD5
6ad5b5f0eb047784b0430776eeebebe6

SHA1
887c36777600efddf3fb787671432093063190e8

SHA256
4b989bd3b666a52cae0ec42dcf4e38e570499b67011d048c3cc691e34c347aa3

SHA512
b84f0d764539d65e603315285f22c84176f65326ccae908168cee41a06b710bf80699ad6dc4f0c314654245568ac513e48b35ae020ba89d977075ce1b0773a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c874295cefbc72d6ef0a875ac1640c72

SHA1
ecbe22e74906e907b7520e110e6c60d8372e00f7

SHA256
9df51b09572920de68e51ae48364aab0447e10268e245d1b59fc19b0c489f85a

SHA512
65c3cb5b91429457f700ee6b7f830592e07c4ce35db7f296941cfee1fa19c123e7654261f9c4d678cfac94a0e207c509f6ec1c2d0cc7340b8095929bb2932d1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
62c47aac11434e29f85e76d98df60a7a

SHA1
0eb21f1377d5ffa019d3bb5aad8db044a2f9362a

SHA256
ef6465d2752a3815cef498c1c6877ac38dc9d77fadfc181581467a30dafa1ddb

SHA512
4e52f97a95d7ee6f6e6ae3e3410affdc141d22793de38a7ca7aacaf780c9bdebb7a022fd36799ea4a7dd084cd90309a35cad2df1bdf3484f038d3a0f1a49858c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1ae44748126f5fc4096db664a06485d4

SHA1
5b268b1c157e4334516e8d698af56fa045c892a1

SHA256
1d8ba1fe9981896472a160ef6784d16bbc19f570a076ff93dc2aeb8d9fb5c59c

SHA512
8bd3de8130efef03dcf999ffb0b6c0afb7552a8f19307d0a6ab3cfa8abd40e3241173eb5adab80fd94b60864ecec394e25497fa0e97ccf784d98bad715739fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4362789d148bc6c977d9c6c26cb43262

SHA1
1873fd2b252aff4bcb59bd31801097d405377849

SHA256
4086e9fd6a75fa21332fa13a03e5fadbfadb124812ab7112f1ce7f9735f769fe

SHA512
593964ec16bfcd38c80e7c210bbefd712d53d03701a182c662ff2ecbf4cb5d9382eee76c486a6bdcd0933661bbc5e5fa5ad52c69c8ac765a036eab79b70ede0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5a7afa6dbdc66b59e6a7e9ad83ddc645

SHA1
df26b46ef0fcfe49488e4b263ac1955d56eb881c

SHA256
d3e552521deb7e8d13711d9fc0523fe89bb11e9acf47ad546745af397f0a319a

SHA512
1f81e96c023bf6002d9a3088ab72ae522161f564ba1bb8ff710dd894d9f790abae5ca4ad225c63edd4c6040faf316fde30f4222661992e639825550fe488e65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3b0a441bde3cd6accaeced4fd755d223

SHA1
c8e680dff6a3580b764c4fc9cc3108838c3fdaf0

SHA256
7438f36e64345d7f149104528e4baee70512d067d97739285af33b1d9293f1c6

SHA512
c9d181d94ba79f757a3e9d94c6d9c328eb014b2e9e20ff0d261f546f53e25cace3066a64c1405aa5322b26c1ace47b5507109fd67a4ba6250de4b7d57d1a13b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
d7847726f4d378ed00f6f806f9fbdb4f

SHA1
1ac7f36438d25db9d8bcadf3196dc61aeadcaa66

SHA256
b8a13146b12e9286f07c0f6fd467cefc5fcbd92454e862e769615a40184317dd

SHA512
e72359fad62d02402f0958a574894572428e91d4b02ccfcb4961b49eac8844aa85238558cc910c279bfb96c4ad9d325a3549036afa1c0398b3de7937a84a850e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e3084ed73a24ac73df06a872b3d8613

SHA1
80481faf3e00c9934e14187c38341300ba78b915

SHA256
f0158ab8bdb8bb593562ad9d5b40b19e5c806fbb9c370853810e24217e9fb549

SHA512
fbe27a03ce749824a291561fd0dc63df122fba2f8946ecbcf9538481f2eb477cf0252257eb9edaea6f525b6ee9fccd32b1d537ebaa30309a96380255846fdff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5ce17e119fa07d91d5276fb72553ea7c

SHA1
c4f40f65b375d92a3477f519d47ae44c510ade2f

SHA256
db353cc6346b79929881b91fb8120e6d82c6cb366ad542f443efa58f55252160

SHA512
53da0ddda4e003aecdc9af2c50e6930849c38b60a65ee489a6c898b620584d07cb53cd6c8aa1619fbdd5fe0774a47b418e61ac735d27f9cbc25714df3acccee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3a73152b5b341e8cd0108961f1d7c10

SHA1
6707cf9b10b17b6fdf8c9a600f0e3d3fbe779d2d

SHA256
64ca501fa6072999b8a310b8bd997ee017660dd8902244920c4be02eec60cbf2

SHA512
d442dd3c16f2b8aa4812f4c7b06eb7903c54c07d575c569486264ebe01394031d16997c0823a2c53a39b3620278d8498370a7ea547de5059fde2c824a43dffa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
adaab8754af26fb9b1b46c3d039c97fa

SHA1
9ad3394bf6c74e290204c1ea048cadbd15241bbd

SHA256
ee85b295597cd1456023c0290619def8b8d007f416891b433c82600fa66c7469

SHA512
65df9226d5124d192f36d40f25f53e9a3579c9390458ed38a298ec3a4e1049e36528583610ddc42f66e254d8202d513dd70a93080cd994e7c120e1d6920e2573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f29d4e4c2bc58024fe0871a1a2fb57b5

SHA1
5a09f387146b5ede9d5d92765690daa5ddf0665b

SHA256
b9876e97770b84b90aa517ddc0e2e5d43cc9e5332d3351fc0352bd8879f8bbea

SHA512
c954637fa8ad28f5b42c15a66017fb5e26a58cfe6d5c89fc85e2677410cdc988a38f19f6feb555918e490aad7462cb1ff9621168ab2b5e5c09c4e1d193f7114d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
afcc8cc62158277f20c7e3d8a9ab94a1

SHA1
a2702fb75b06b8e406b3b35a3373b3fbd4c39cab

SHA256
9550d87ba8e76f614ea449964e4f2c6e55764b0131237bbcab393834df3bf816

SHA512
b88a40506727d9bea5940089a04e990360a7f69fdf3bd09e600af774d7091149567689902d9793cd721893cabbc03b564b827cb6f12c0ada037533d1ed5d8c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
817764b5cf5918ff2e7d8e5d0d3f699e

SHA1
6ca824e1b79604fff904215143bef7b62860b7ca

SHA256
66a867420543e3fc85ace4e6f6cbe74e4501a6cd2a8325bfeaeb4eb8807f468c

SHA512
d9e4e4aec618b17aec085df119e1059e366ef503d6300eabf57289d6992f29a1ed04926855ff992f7fb4378fdf7a5b85c92bc16ec309e7a02adbcd65b487111a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bcdbac58dd5ef14d99801ba58085b5a2

SHA1
67af0875aefc78ac1b3e0a5f2c1ec7441f08f8ed

SHA256
54f1b15de96771a2ef9a50c82f93286940e9f56d1014aeb6a91bffc3f402c5de

SHA512
cf74295ee82b60dfec0939dca20addcbd49e3ecef8e6497cc0ab5553af8d782939bcde3b4abb72f684646bfc8461e642f6079701dbe00173bb0f4238ce341f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57c2c3.TMP

Filesize
120B

MD5
09d469d63cfc7d895191fe63d62c4ced

SHA1
396b3a0a9e43b7db1e8210eba6e98cc5c816aadd

SHA256
7bd6d0d2b62623774e9be29f84f96a4acfd3a6dffcb80d0c3cffc1ff810e074b

SHA512
b4c28b6502a285ed6a67099cf7307c25547cf906f81b22f348f3f2af3f7209507b014eedc1219a33911307053c56e4dfae88e592280a8c8f0b3c898a02c881d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
6ad5b5f0eb047784b0430776eeebebe6

SHA1
887c36777600efddf3fb787671432093063190e8

SHA256
4b989bd3b666a52cae0ec42dcf4e38e570499b67011d048c3cc691e34c347aa3

SHA512
b84f0d764539d65e603315285f22c84176f65326ccae908168cee41a06b710bf80699ad6dc4f0c314654245568ac513e48b35ae020ba89d977075ce1b0773a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
957165a4887703a82f1d16eb21118ca8

SHA1
9835b9f8c5eb482128c91db6d3a3c2cac3007c09

SHA256
31a18a2e7babf9affc9b80c92f49134b0367f63f271e2643a2ea820bdb4a4ac3

SHA512
aab5fe81ea6726c0d489233af7f49852bd334e195467e431af5ff5540bdd38cb3a7cb510cf0eeed09891598b5310660a15f94e049405242ca61279e4fd051fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e11f38cba75c97bbdfe821345b2643b6

SHA1
032ae820ee561e09e04099ffbe9934e810015f40

SHA256
bd1e8b8364d5efd0f7381cc2baa0e2adfc7f8cbbee4da87a9a9125d9c2db3ed0

SHA512
fa7110c342d3ce363460d14e90d1b7e63aad28ed24fb8fd91f054648beed822e4d23de83e5063080c5504187df1d7c665b1dc31cefda412b5be5a6712b306040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
93ad4747ff80d9d57e9fa92ce85bb935

SHA1
4d5fb71507e14d3b8419f2db678e227421e57caf

SHA256
386ca67351ac0919711607c88d477e28ce188a4744ecdb2e1bbb21073aaa7de4

SHA512
6291eacd47dcd2a24273057445b5bdde6c3d0d91698d9e6313a51cbc712f5c832e54efe4dfab41f9feb5e8f1733c013aa748a96258c740cf7d974189db02de27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
b50a67b67304f39a2f3268055d45ab7e

SHA1
7c9407b7f2ce6d1506704d40f88399b21444e0a3

SHA256
7c8411c10c29e24b5725c7835c65df4efccf10e8f4943eb52512ece325fd4924

SHA512
188c5e5afd72b4a51c27e6c93a97bda7f291290efe708a84f9ca25ced69b7cf8cfdff49d4aa98f771cbfc1376d41dfee2316d54ad01d616778bff142310bb012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5785ab.TMP

Filesize
96KB

MD5
5122ae56502b11b74f219dcf92da74cb

SHA1
4a737f4d459e2c1588308643e748856202a7d021

SHA256
574a1850f3a44bf2dab6fd1cdb0e86fc9de4798067e80ae4f364472b23bc43be

SHA512
26be372d7506292349d4a09e41541218d2785af9c892c992695600d3a85b637c3d5efc7fafd624497ef170689a22b5242150d76cdb17b3873488c0288778c007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
451f1946fc2a626d5c3a0b944a916310

SHA1
800bf991a873e700a04a19789890bfb8803e4880

SHA256
5c5cc65b3a9d94fbea501efe61067190d54073bd0bd9ffeac6b8e88f58a1b73c

SHA512
0a1713a7fae55f50d8e3aea57baa24950ac84a296d3945f526d1e43af797fe7efb81dc9b7ff6c4ab50fa9b4180bd815313bc0cab8a392372146b1d43bc49a97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
451f1946fc2a626d5c3a0b944a916310

SHA1
800bf991a873e700a04a19789890bfb8803e4880

SHA256
5c5cc65b3a9d94fbea501efe61067190d54073bd0bd9ffeac6b8e88f58a1b73c

SHA512
0a1713a7fae55f50d8e3aea57baa24950ac84a296d3945f526d1e43af797fe7efb81dc9b7ff6c4ab50fa9b4180bd815313bc0cab8a392372146b1d43bc49a97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
451f1946fc2a626d5c3a0b944a916310

SHA1
800bf991a873e700a04a19789890bfb8803e4880

SHA256
5c5cc65b3a9d94fbea501efe61067190d54073bd0bd9ffeac6b8e88f58a1b73c

SHA512
0a1713a7fae55f50d8e3aea57baa24950ac84a296d3945f526d1e43af797fe7efb81dc9b7ff6c4ab50fa9b4180bd815313bc0cab8a392372146b1d43bc49a97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
5a219ed5a9861e927672f1afe091039f

SHA1
5d688a4c53e22e93fbd0e7fb2bf6c01158bdfd2d

SHA256
37bba54294e7103d3104d46ba62a0f0646d81dfe766753fc09a291bf17a69335

SHA512
bd9e9e0adba5bc1d4e42f24e50c8f1fa4dc5b65989a13fa8c31f8d7d5510c175c114a19719668f18633f20378d76d8dac6725aaa82f785ff252304596064e816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
60079bf3c2035d569a65a2efd580475a

SHA1
bd3565fd6e963f313a6465ae2a141d75561abe0a

SHA256
26f7984483ceaf70cf3d62b5ed395d6a186d85acd9d843d84e3a106c40284690

SHA512
429c5d29deb8836165ebb2bd8db7f0da8e381bdbc8f92266e78980452e92c67e349e05e7bc9673fc666f99735fbfc41abe5226edc326817517bdb85aa62f6eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.gate.io_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
2ae4ba4dece903992331929e0798631d

SHA1
7cf7df77b8a1ee35dfa7ae476d022cc6bd4f0b70

SHA256
51155be6ddd8e11709593b725d3972671080e5e7c291db8e23eca45ed5b11c91

SHA512
e7c5a6fc1221784f55a460c03e5904cd7491cff4a13a22b0eb6c91430b1cacf534e77de825365edb5517a6b481d57c986034892380b5dd7c840e6d858e73fe49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ad790da47291bf8358610174fe2dd764

SHA1
42479128dd0c20e5d8d22c2c4b3a0930baab4c7f

SHA256
ff6dffeb836e1377689957b8d6c0ca4f758abe3db458a3602a9f4b950c2b24fc

SHA512
dc5ca817b1cdc0d1e0f095605cf087fbb81a14cb367405d88ab8e4c62a0a4658526a73289487413f3d8bfa5f17ed7bb053bc8ad30cfa239be2f85d6898604a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
28fea74fd9f1b30381a8460332622e86

SHA1
cf7ad0892efe43e864289a48d432e7d56c4616c6

SHA256
9d75c735c119aa390a6fc1187d5564139a71045394da0a1c28096c0d629ea055

SHA512
b48ca49eebd021bef33c5abba32dadeff9a63026c7245ad1fb1f6d266db391d69d52432968d156772c0231f4b9326923435448de611d8dcbdcb8aa249bbdd758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c6679cba2be1263a41d4a98cead4970

SHA1
7dff4fb71e78129eaca9030b68fd51e6166d7fff

SHA256
8b703b95520afe955b0daf0c5c6d39975fe0fb407b9bef0281946ed9cc662980

SHA512
a96d0719d7baee54bbc4f722916a215f5fe933c9047cdd9ff51ea47a234f851b33a054b6a7fda561314ad18907ee216430dbdd756284b290e4d4c53f78a17b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
311333bc11ad7afb44cd55fd1352972c

SHA1
effb7b5b5e390790418f62f3b2df22b6d0c44fd1

SHA256
07a9f086a3f43ee1372a7e361736f4d21c76ec8bd55bd2f53000f0aba21e13f6

SHA512
619717a3364199b34a9b3a4939f00f0981fe3a70c03fbcd99d2db50d2c9d0a484fa0ac0467c9839aae1092a8d72407ab9b4250819da3ceb9886d94c8dbf5b824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8563c8d0ab040ca615a07367d0dd6570

SHA1
fee9963447831a13c6c93fc7486f35ced52dd12b

SHA256
7b52c17a5dad44144ea24b461204962a138ddfc6a720c12091021d18c24e1910

SHA512
fd19274639d5ace2c72e8b50f5ec4d19acde4ebdfb6c75577fa46fd6fe1078dc557477b650251c0bc5c206c23f65623531867810210735f4a124e8b7e6faffa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a052.TMP

Filesize
370B

MD5
3347590d6deb8f755be5587dc9e6a4b1

SHA1
257176369a0dbfcdc9c8cef7a3cddf7199654667

SHA256
3a2f20f63cad12e12fce8418cee8598e99c2062c0ba0efe199d56ce41412a30e

SHA512
4a97273d75ff5781de94d1c947adfe78b367b3ff876671e55bda3918f989cfd3eb2a289601df657d1c35d18fe2552de25e1a88f79cba43332e4f47854b0e9386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cad0d1ce-4b09-4f2a-9165-a0a1b1d6d45a.tmp

Filesize
5KB

MD5
83670bb7e108742e64efda9b2cbf7775

SHA1
dc9fc520257653d91b54074dfe33e2d5b8075951

SHA256
5583af7a0d616b90e296ad1ac1228d8f8f9522092e5a576942a1a4419a577898

SHA512
f75eb0bb6cddd7b456dbd41498c775fdb2e85046533c43e65a20014f1d5e8c8860d04ff86cd4757f9904216ac9922275704918b78b46878bbd733505fd438b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
3ddd024b91f32e273df7c9daceccebb5

SHA1
9946e681a1e63d5f57cfdcbb3ac951602c38cdbb

SHA256
3fee4a250003a3d0167a37fa6f7612456317bb822551735304d346ca00c97577

SHA512
df75880abb04c105846555bada1838d84159cde335435388c0814ea49ade53da9da1c3e5e9e1f23db151ac38ea280f70315b99cf33f46e474edb133a22f49efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e68d69574f2c4bf260615759c4d7ec7f

SHA1
375261d65f17af3a6d32917230cbf4c2caf303b9

SHA256
a46aae8300259d36ca5191e439fb5cfa2f3409555f4863c1664d8ebceb05ea61

SHA512
007a721004e5b80f15220189b2012aaef38989abf8f54a2e45e438f49d446b07b30182681bffb6860bf52d1919d2a2b8a21d6b41e5ad181af9ef6ed1fa1d41f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
59d87cd715db2b8957202a03812ecd43

SHA1
d171d4c300aba34a54aa6a7db0e120f648f276fa

SHA256
82160296a1be5dec94059060474a35a2f56c784da7a7b1fb3088acb27bdf48d8

SHA512
7791352b44df6c5bf87bfee386b1ea2e28f5062f27820b48e7e0dc25f2210163754f7a871fbe4051041908ba312df75ac5e544d0f5d307fedba5b75e36f445f9

Download Submit
C:\Users\Admin\AppData\Roaming\delta_core\deltapath

Filesize
68B

MD5
4ded23f406167cb70019ab0ff27fb40a

SHA1
7b5fcd3e642a16728728bf4aac4897df57abfbe5

SHA256
c419ea27bb281cfba325d119c0a67a33f1a879ce4335b3e66244f14ed71b5d12

SHA512
884f4ec396868dc2daaa9b6ae0e3df51ba9c27ffba0a77a3432f0e6fb07136004ef3f50c35bff7814bff21fd8df340bee468850aabaa203ea996d54f0731e6f3

Download Submit
C:\Users\Admin\AppData\Roaming\delta_core\deltavers.txt

Filesize
92B

MD5
7fa4b9e376e0616b5f7ed9bb233e1915

SHA1
19a5ca2cbef5f914323260da916f7a071df02a65

SHA256
a034ced9893ae29002ddc84b5c637f28506087d0ec72a1c52d6b23a79ed02089

SHA512
efc59e924202603155cba7bd7e0ba3f698a8d55b67caae81ab422d4559f5d1ef386ea7a75729fdce8fadea5f46194d87be741ebd73f40be6efc99e361beab6dd

Download Submit
C:\Users\Admin\Downloads\DeltaInstaller.exe

Filesize
37KB

MD5
6d7260e7042b5509661aff3fe41c364f

SHA1
b254a7c6ed83244bad973fef55b46ab0a328281f

SHA256
eb5e83a9d69c155948a294b8691abd74fd6b5db75eae2ad3471934ad55fc47ad

SHA512
4687b25e0d579157c3611d50dd346b658f548db20f253e7d2dcb157a624c521c70eee29b1bf7b7c388a55ca3f7779cb01ee28d379e717df5f78cd051d1bf9568

Download Submit
C:\Users\Admin\Downloads\DeltaInstaller.exe

Filesize
37KB

MD5
6d7260e7042b5509661aff3fe41c364f

SHA1
b254a7c6ed83244bad973fef55b46ab0a328281f

SHA256
eb5e83a9d69c155948a294b8691abd74fd6b5db75eae2ad3471934ad55fc47ad

SHA512
4687b25e0d579157c3611d50dd346b658f548db20f253e7d2dcb157a624c521c70eee29b1bf7b7c388a55ca3f7779cb01ee28d379e717df5f78cd051d1bf9568

Download Submit
C:\Users\Admin\Downloads\DeltaInstaller.exe

Filesize
37KB

MD5
6d7260e7042b5509661aff3fe41c364f

SHA1
b254a7c6ed83244bad973fef55b46ab0a328281f

SHA256
eb5e83a9d69c155948a294b8691abd74fd6b5db75eae2ad3471934ad55fc47ad

SHA512
4687b25e0d579157c3611d50dd346b658f548db20f253e7d2dcb157a624c521c70eee29b1bf7b7c388a55ca3f7779cb01ee28d379e717df5f78cd051d1bf9568

Download Submit
C:\Users\Admin\Downloads\Delta\Delta.exe

Filesize
17.0MB

MD5
755d9515eac447bfd76e31a57e543bb9

SHA1
7fb4c37a8d4195923dff052379e0bc36238b8b85

SHA256
75a3925849f915d20656de6600a239d5e29284d668b9a3e4920454ddd6b523a6

SHA512
3873d15c9f5b7a1b3b95918a159ad283ecd2970799b50343dcef5310f6091fb202f4ab7692e6bd1339dc9f41f29353c4bf1fa58431ea9dfd791499b081825772

Download Submit
C:\Users\Admin\Downloads\Delta\Delta.exe

Filesize
17.0MB

MD5
755d9515eac447bfd76e31a57e543bb9

SHA1
7fb4c37a8d4195923dff052379e0bc36238b8b85

SHA256
75a3925849f915d20656de6600a239d5e29284d668b9a3e4920454ddd6b523a6

SHA512
3873d15c9f5b7a1b3b95918a159ad283ecd2970799b50343dcef5310f6091fb202f4ab7692e6bd1339dc9f41f29353c4bf1fa58431ea9dfd791499b081825772

Download Submit
C:\Users\Admin\Downloads\Delta\ICSharpCode.AvalonEdit.dll

Filesize
598KB

MD5
b6142f182a86adf382ea845935a327bc

SHA1
841367a389b4df1207224a26f9e201e593d551d1

SHA256
7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3

SHA512
a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068

Download Submit
C:\Users\Admin\Downloads\Delta\ICSharpCode.AvalonEdit.dll

Filesize
598KB

MD5
b6142f182a86adf382ea845935a327bc

SHA1
841367a389b4df1207224a26f9e201e593d551d1

SHA256
7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3

SHA512
a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068

Download Submit
C:\Users\Admin\Downloads\Delta\ICSharpCode.AvalonEdit.dll

Filesize
598KB

MD5
b6142f182a86adf382ea845935a327bc

SHA1
841367a389b4df1207224a26f9e201e593d551d1

SHA256
7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3

SHA512
a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068

Download Submit
C:\Users\Admin\Downloads\Delta\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\Downloads\Delta\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\Downloads\Delta\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\Downloads\Delta\WeAreDevs_API.dll

Filesize
607KB

MD5
0025193fb8ac07ab3bac031604fa4c2f

SHA1
1ca60ea4d0f3b8dab2cac98052d95752f62a61ef

SHA256
7ba0ffa49d4b1ab59b9b1293faf5bd021ab1a2172c2172e22042ab70b3489eb4

SHA512
0ebd381ba822fe5ac4f9dbaecec3469ddda83e1463a14cb73350072450c1cbe45c6eabede44258a51c4e888c5a46da81fa3a11f2cffd6e12528ca3eb0ea7b6aa

Download Submit
C:\Users\Admin\Downloads\Delta\WeAreDevs_API.dll

Filesize
607KB

MD5
0025193fb8ac07ab3bac031604fa4c2f

SHA1
1ca60ea4d0f3b8dab2cac98052d95752f62a61ef

SHA256
7ba0ffa49d4b1ab59b9b1293faf5bd021ab1a2172c2172e22042ab70b3489eb4

SHA512
0ebd381ba822fe5ac4f9dbaecec3469ddda83e1463a14cb73350072450c1cbe45c6eabede44258a51c4e888c5a46da81fa3a11f2cffd6e12528ca3eb0ea7b6aa

Download Submit
C:\Users\Admin\Downloads\Delta\WeAreDevs_API.dll

Filesize
607KB

MD5
0025193fb8ac07ab3bac031604fa4c2f

SHA1
1ca60ea4d0f3b8dab2cac98052d95752f62a61ef

SHA256
7ba0ffa49d4b1ab59b9b1293faf5bd021ab1a2172c2172e22042ab70b3489eb4

SHA512
0ebd381ba822fe5ac4f9dbaecec3469ddda83e1463a14cb73350072450c1cbe45c6eabede44258a51c4e888c5a46da81fa3a11f2cffd6e12528ca3eb0ea7b6aa

Download Submit
C:\Users\Admin\Downloads\Delta\bin\lua.xshd

Filesize
3KB

MD5
e2b537e027b3251fb82e213739e66376

SHA1
e47888a238dcf90097ecd3c8860b0f9b02ded0e3

SHA256
5c508701141f851aeb0ad9088759f7da15bc33f9e7459ea8c8d4e1ec7b4eaa60

SHA512
1e347301cdc75933d709eddeace7cc9d62a7e9685f5badde3e1ec6f3cdbb37bbb8b95c23632e11b283e0464ab4c84e79c644660a1f0c09f51729e30571555f7e

Download Submit
memory/2220-564-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download
memory/2220-574-0x0000000004D90000-0x0000000004D9A000-memory.dmp

Filesize
40KB

Download
memory/2220-575-0x0000000004DE0000-0x0000000004DF0000-memory.dmp

Filesize
64KB

Download
memory/2220-577-0x0000000005C00000-0x0000000005C12000-memory.dmp

Filesize
72KB

Download
memory/4988-633-0x0000000006F00000-0x0000000006F22000-memory.dmp

Filesize
136KB

Download
memory/4988-782-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-771-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-844-0x000000000EAA0000-0x000000000EC26000-memory.dmp

Filesize
1.5MB

Download
memory/4988-764-0x000000000C890000-0x000000000C922000-memory.dmp

Filesize
584KB

Download
memory/4988-761-0x00000000103B0000-0x0000000010954000-memory.dmp

Filesize
5.6MB

Download
memory/4988-887-0x00000000077A0000-0x00000000077A8000-memory.dmp

Filesize
32KB

Download
memory/4988-888-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-685-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-658-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-646-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-642-0x0000000007A50000-0x0000000007AEC000-memory.dmp

Filesize
624KB

Download
memory/4988-634-0x0000000007090000-0x00000000070AE000-memory.dmp

Filesize
120KB

Download
memory/4988-630-0x0000000006FF0000-0x0000000007066000-memory.dmp

Filesize
472KB

Download
memory/4988-629-0x0000000006F40000-0x0000000006FF0000-memory.dmp

Filesize
704KB

Download
memory/4988-625-0x0000000006E10000-0x0000000006E1E000-memory.dmp

Filesize
56KB

Download
memory/4988-623-0x0000000006E00000-0x0000000006E08000-memory.dmp

Filesize
32KB

Download
memory/4988-624-0x0000000006E50000-0x0000000006E88000-memory.dmp

Filesize
224KB

Download
memory/4988-622-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-616-0x0000000006080000-0x000000000611E000-memory.dmp

Filesize
632KB

Download
memory/4988-618-0x0000000003980000-0x0000000003990000-memory.dmp

Filesize
64KB

Download
memory/4988-608-0x0000000000520000-0x0000000001626000-memory.dmp

Filesize
17.0MB

Download