Analysis Overview
Threat Level: Likely malicious
The file https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_33150624 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks installed software on the system
Enumerates connected drives
Checks for any installed AV software in registry
Drops file in System32 directory
Enumerates processes with tasklist
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
Program crash
Browser Information Discovery
Enumerates physical storage devices
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Checks CPU information
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Checks memory information
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
NTFS ADS
Modifies registry class
Modifies system certificate store
Analysis: static1
Detonation Overview
Reported
2024-08-22 13:06
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-22 13:06
Reported
2024-08-22 13:37
Platform
android-x64-20240624-en
Max time kernel
1749s
Max time network
1790s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| GB | 157.240.221.16:443 | static.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.178.3:443 | tcp | |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.201.110:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | g.tenor.com | udp |
| GB | 142.250.179.234:443 | g.tenor.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| BE | 142.250.110.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-22 13:06
Reported
2024-08-22 13:07
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-22 13:06
Reported
2024-08-22 13:11
Platform
win11-20240802-en
Max time kernel
262s
Max time network
263s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hll1uq3i.ng1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\setup33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688057281827546" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 193854.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Delta V3.61.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_33150624
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fb063cb8,0x7ff9fb063cc8,0x7ff9fb063cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe
"C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe"
C:\Users\Admin\AppData\Local\setup33150624.exe
C:\Users\Admin\AppData\Local\setup33150624.exe hhwnd=262700 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-KA1rz
C:\Users\Admin\AppData\Local\setup33150624.exe
C:\Users\Admin\AppData\Local\setup33150624.exe hready
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "PID eq 5116" /fo csv
C:\Windows\SysWOW64\find.exe
find /I "5116"
C:\Windows\SysWOW64\timeout.exe
timeout 5
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e808cc40,0x7ff9e808cc4c,0x7ff9e808cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4288,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3768 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\hll1uq3i.ng1.exe
"C:\Users\Admin\AppData\Local\Temp\hll1uq3i.ng1.exe" --silent --otd="utm.medium:apb,utm.source:lavasoft,utm.campaign:lavasoftOPTOUT:ES_NA_63053a73342f17647bd2cec5"
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe --silent --otd="utm.medium:apb,utm.source:lavasoft,utm.campaign:lavasoftOPTOUT:ES_NA_63053a73342f17647bd2cec5" --server-tracking-blob=OWEwZTNiOWFlMDVhMmEwZmVhMzU0NWU0ZDVmYzEyYTE0NjYyMjg2ZGQ5OGU5NmFlNzc5ZjMyYmFlYTkwZGUzZTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUxBVkFTT0ZUJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1sYXZhc29mdE9QVE9VVCIsInRpbWVzdGFtcCI6IjE3MjQzMzIxMDIuNDU2MSIsInV0bSI6eyJjYW1wYWlnbiI6ImxhdmFzb2Z0T1BUT1VUIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTEFWQVNPRlQifSwidXVpZCI6ImFiMjQ5NWFmLTgzNmYtNGE4OC05YTVkLTUzMGY1M2JiMTg2OCJ9
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x7362a174,0x7362a180,0x7362a18c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2020 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240822130919" --session-guid=6f304337-b5fc-460e-885a-93a58dd65c2a --server-tracking-blob=OTBjOGVjMGU3YWI3NDExMWY3M2U3YjYxMjA1YTZiOGM2MDc5NWRkMDEyMzk5YjVkNDRhZGZiMWZiMzIwOWFmMjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUxBVkFTT0ZUJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1sYXZhc29mdE9QVE9VVCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyNDMzMjEwMi40NTYxIiwidXRtIjp7ImNhbXBhaWduIjoibGF2YXNvZnRPUFRPVVQ6RVNfTkFfNjMwNTNhNzMzNDJmMTc2NDdiZDJjZWM1IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibGF2YXNvZnQifSwidXVpZCI6ImFiMjQ5NWFmLTgzNmYtNGE4OC05YTVkLTUzMGY1M2JiMTg2OCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6006000000000000
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x348,0x34c,0x350,0x314,0x354,0x6d24a174,0x6d24a180,0x6d24a18c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0xda8f40,0xda8f4c,0xda8f58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 952 -ip 952
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1388
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5436,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5408,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:8
C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe
"C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe"
C:\Users\Admin\AppData\Local\setup33150624.exe
C:\Users\Admin\AppData\Local\setup33150624.exe hhwnd=132028 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-KA1rz
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getmyfilenow.com | udp |
| US | 104.21.50.104:443 | getmyfilenow.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | flow.lavasoft.com | udp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| US | 104.16.212.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | 94.212.16.104.in-addr.arpa | udp |
| US | 104.16.212.94:443 | sos.adaware.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| US | 8.8.8.8:53 | download.enigmasoftware.com | udp |
| DE | 52.85.92.77:443 | download.enigmasoftware.com | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| GB | 23.201.65.195:443 | package.avira.com | tcp |
| US | 104.21.94.230:443 | www.freevpn.win | tcp |
| US | 104.21.57.28:443 | download2021.pdf-suite.com | tcp |
| CA | 198.72.111.246:443 | download20.pdf-suite.com | tcp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| DE | 52.85.92.77:443 | download.enigmasoftware.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 104.21.60.113:443 | filedm.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| GB | 143.244.38.136:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| FR | 216.58.214.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 185.26.182.111:443 | features.opera-api2.com | tcp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| GB | 23.209.73.97:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 117.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.73.209.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.182.26.185.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| FR | 172.217.18.195:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.16.149.130:443 | flow.lavasoft.com | tcp |
| US | 104.16.212.94:443 | sos.adaware.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 104.16.212.94:443 | sos.adaware.com | tcp |
| US | 8.8.8.8:53 | webcf.quickdriverupdater.com | udp |
| DE | 52.222.191.80:443 | webcf.quickdriverupdater.com | tcp |
| US | 8.8.8.8:53 | download.enigmasoftware.com | udp |
| DE | 52.85.92.124:443 | download.enigmasoftware.com | tcp |
| US | 8.8.8.8:53 | spyhunter-download-v2.b-cdn.net | udp |
| FR | 143.244.56.49:443 | spyhunter-download-v2.b-cdn.net | tcp |
| US | 104.21.94.230:443 | www.freevpn.win | tcp |
| US | 8.8.8.8:53 | 49.56.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | package.avira.com | udp |
| GB | 23.201.65.195:443 | package.avira.com | tcp |
| US | 104.21.57.28:443 | download2021.pdf-suite.com | tcp |
| CA | 198.72.111.246:443 | download20.pdf-suite.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0177afa818e013394b36a04cb111278 |
| SHA1 | dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5 |
| SHA256 | ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d |
| SHA512 | d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db |
\??\pipe\LOCAL\crashpad_2136_TRMPXIDYHRIEFZEC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9af507866fb23dace6259791c377531f |
| SHA1 | 5a5914fc48341ac112bfcd71b946fc0b2619f933 |
| SHA256 | 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f |
| SHA512 | c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 937f8c43637582eaeb2b6e977e562c8a |
| SHA1 | ca7b18d0e033dd19779107fecf8a1f70f15d4e6f |
| SHA256 | 70f0274a8bd8c778f7ef9d61dd9db3218ed68ff0a56da0700418a488e40c50b1 |
| SHA512 | c0240e7415552a45f257e31e7969d9b2ac0aec3ca124313dad557232f72fab066cfca2204b6a24b1035ca30aa03de77c4977c8f2a38785b16dc2bd525fbcc88c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1d45f87956587a33c7fd88fbc53056f |
| SHA1 | db620ae060344554631fa4ff312ee989b57b76f7 |
| SHA256 | f45809db41299d9185f81f2e19e590ae57d75320fa198852a124266d6e10cd5e |
| SHA512 | 1f160ce120b3f0d90437684954a22129ef377363705e87081382ad398a46cbbf04cbe4e108be6db328f714377fa13b51fb4e7d33181ab5522e72b6ae104fc9f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2620ded44d88bfba8a2712b806ddd36 |
| SHA1 | d0a998b80b801cbb0cd0d2fce51597a1aba9b527 |
| SHA256 | f9bfbd76a1b094590e5fa03ae8f2fced3de32f3907f144583ab1735ffdfc5a13 |
| SHA512 | 81ff4138a6577044b1c3c8b8b5ee55daed1f28fe496b2644979de104a68511bce127fc812937c194457a66bc075393e0578ebd78b7d2a12d585d78de5dc535df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a444f0eebf2909654421bd2be26e4bca |
| SHA1 | 86518475ef7b35db3b4075bba9f30484d0922212 |
| SHA256 | 77a636ae67fe9f5374e8734ee4eecb8dd30020b1cf0878aa2fb9820a46b62377 |
| SHA512 | 6953ae212d97d6125a029d69ea77b3f093ffee6e60e4c0ed658588e5e89012c5ec9fbc560a6b8e4155acb66fe5eec23c802b85c2c241b099e27fee1fce415ef8 |
C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe
| MD5 | 3d50042e3e3991be509f56a2951a2183 |
| SHA1 | f027790afe9d7ce2ddf17973f0778fb9e983ded1 |
| SHA256 | 76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2 |
| SHA512 | 120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873 |
C:\Users\Admin\AppData\Local\setup33150624.exe
| MD5 | 29d3a70cec060614e1691e64162a6c1e |
| SHA1 | ce4daf2b1d39a1a881635b393450e435bfb7f7d1 |
| SHA256 | cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72 |
| SHA512 | 69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b |
memory/5116-125-0x0000000000220000-0x00000000005F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll
| MD5 | 72990c7e32ee6c811ea3d2ea64523234 |
| SHA1 | a7fcbf83ec6eefb2235d40f51d0d6172d364b822 |
| SHA256 | e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3 |
| SHA512 | 2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll
| MD5 | 1a84957b6e681fca057160cd04e26b27 |
| SHA1 | 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe |
| SHA256 | 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5 |
| SHA512 | 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll
| MD5 | 8ff1898897f3f4391803c7253366a87b |
| SHA1 | 9bdbeed8f75a892b6b630ef9e634667f4c620fa0 |
| SHA256 | 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad |
| SHA512 | cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll
| MD5 | 6e001f8d0ee4f09a6673a9e8168836b6 |
| SHA1 | 334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38 |
| SHA256 | 6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859 |
| SHA512 | 0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6 |
memory/5116-147-0x0000000005070000-0x0000000005084000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll
| MD5 | 08112f27dcd8f1d779231a7a3e944cb1 |
| SHA1 | 39a98a95feb1b6295ad762e22aa47854f57c226f |
| SHA256 | 11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa |
| SHA512 | afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb |
memory/5116-155-0x00000000050C0000-0x00000000050E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll
| MD5 | 105a9e404f7ac841c46380063cc27f50 |
| SHA1 | ec27d9e1c3b546848324096283797a8644516ee3 |
| SHA256 | 69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b |
| SHA512 | 6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940 |
memory/5116-163-0x00000000050F0000-0x0000000005118000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll
| MD5 | 6df226bda27d26ce4523b80dbf57a9ea |
| SHA1 | 615f9aba84856026460dc54b581711dad63da469 |
| SHA256 | 17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc |
| SHA512 | 988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5 |
memory/5116-171-0x0000000005120000-0x000000000514E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll
| MD5 | 8db691813a26e7d0f1db5e2f4d0d05e3 |
| SHA1 | 7c7a33553dd0b50b78bf0ca6974c77088da253eb |
| SHA256 | 3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701 |
| SHA512 | d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f |
memory/5116-179-0x0000000005180000-0x00000000051A8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll
| MD5 | b199dcd6824a02522a4d29a69ab65058 |
| SHA1 | f9c7f8c5c6543b80fa6f1940402430b37fa8dce4 |
| SHA256 | 9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4 |
| SHA512 | 1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1 |
memory/5116-187-0x00000000051F0000-0x0000000005222000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll
| MD5 | c06ac6dcfa7780cd781fc9af269e33c0 |
| SHA1 | f6b69337b369df50427f6d5968eb75b6283c199d |
| SHA256 | b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d |
| SHA512 | ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3 |
memory/5116-195-0x00000000051B0000-0x00000000051CA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll
| MD5 | 9d2c520bfa294a6aa0c5cbc6d87caeec |
| SHA1 | 20b390db533153e4bf84f3d17225384b924b391f |
| SHA256 | 669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89 |
| SHA512 | 7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15 |
memory/5116-211-0x00000000051E0000-0x00000000051EA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll
| MD5 | be4c2b0862d2fc399c393fca163094df |
| SHA1 | 7c03c84b2871c27fa0f1914825e504a090c2a550 |
| SHA256 | c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a |
| SHA512 | d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll
| MD5 | 17220f65bd242b6a491423d5bb7940c1 |
| SHA1 | a33fabf2b788e80f0f7f84524fe3ed9b797be7ad |
| SHA256 | 23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f |
| SHA512 | bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e |
memory/5116-219-0x00000000052B0000-0x00000000052B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll
| MD5 | 422be1a0c08185b107050fcf32f8fa40 |
| SHA1 | c8746a8dad7b4bf18380207b0c7c848362567a92 |
| SHA256 | 723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528 |
| SHA512 | dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599 |
memory/5116-203-0x0000000005260000-0x0000000005284000-memory.dmp
memory/5116-227-0x0000000005300000-0x000000000532C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll
| MD5 | 83d37fb4f754c7f4e41605ec3c8608ea |
| SHA1 | 70401de8ce89f809c6e601834d48768c0d65159f |
| SHA256 | 56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020 |
| SHA512 | f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f |
memory/5116-237-0x0000000005290000-0x00000000052AD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll
| MD5 | f931e960cc4ed0d2f392376525ff44db |
| SHA1 | 1895aaa8f5b8314d8a4c5938d1405775d3837109 |
| SHA256 | 1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870 |
| SHA512 | 7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0 |
memory/5116-254-0x0000000005970000-0x0000000005982000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
| MD5 | de90d5107779f7abeaf28d96fa331ee5 |
| SHA1 | 27472ac9bebac7787bb2849b0000916869ae14e1 |
| SHA256 | 564795427bebf14fe2439b1ab08d510ba804e87975a73809d00c2096f4305b6c |
| SHA512 | 7c2f43f18b0a817fd67dafe088eeedb4fc747f0f81e82faf48588b90ea3d4b65bdce892459cd770d59728c3ab95781b9fd5812500ba827b82adb8dcb9049d6e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
| MD5 | 03b6570f2f52c35691dee9197f540652 |
| SHA1 | 89d298a4a0b35743bc0a1e25d3aed37a0bf730b2 |
| SHA256 | 15812adbc7541d5ed7f049a3bfba3f9cad7bac3bf88d22e402e7016b4e42e5b7 |
| SHA512 | 160a97c3b75f004fa5d36d4eb958190114a851009e3d6f312f0668dba5c05047618e62e14b879ff6873ec92cf84770c53ea0eb7073af9674adef31135977b991 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
| MD5 | 21d18389efeedc233262dbe6019be5d8 |
| SHA1 | b78b85ee533d7cdb45f98ece1a10fd3f2fd8d2db |
| SHA256 | e6aa2cfe4620b897ab4127b0814544f09af1937d57e7356c5852da46ac4d62d9 |
| SHA512 | f5cec86c597f332b2deb189499242936298f8cfbd76b50952a7f42208bfde537f2074e2f929d3b75f648c2b3d7ddd83c152853ea15ad90c25b08d71f538ad176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
| MD5 | 22e2fb11dad84eb8802c3cc94d23f0bf |
| SHA1 | dcb1df747c20465c9d839c234ccde8b295dbd3b3 |
| SHA256 | b1e43a1a701632df73508856cd6d4670c30acee60508f507d2df0a87c8af0961 |
| SHA512 | 28ec41811aa5d3b7f69feb20e5577bd3c177ba4b7a56ead54fff9f11772582aff712cb5841c6d15de497b1272896f3060e49b6714478d39ec01c230ce65aed7f |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll
| MD5 | 9de86cdf74a30602d6baa7affc8c4a0f |
| SHA1 | 9c79b6fbf85b8b87dd781b20fc38ba2ac0664143 |
| SHA256 | 56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583 |
| SHA512 | dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641 |
memory/5116-271-0x0000000006040000-0x00000000060CC000-memory.dmp
memory/5116-276-0x0000000005660000-0x000000000566A000-memory.dmp
memory/5116-277-0x0000000005FB0000-0x0000000005FD2000-memory.dmp
memory/5116-278-0x0000000006110000-0x0000000006467000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll
| MD5 | 554c3e1d68c8b5d04ca7a2264ca44e71 |
| SHA1 | ef749e325f52179e6875e9b2dd397bee2ca41bb4 |
| SHA256 | 1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e |
| SHA512 | 58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6 |
memory/5116-284-0x0000000006600000-0x000000000660C000-memory.dmp
memory/5116-287-0x0000000006BE0000-0x0000000007186000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll
| MD5 | 38cc1b5c2a4c510b8d4930a3821d7e0b |
| SHA1 | f06d1d695012ace0aef7a45e340b70981ca023ba |
| SHA256 | c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2 |
| SHA512 | 99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298 |
memory/5116-293-0x0000000007750000-0x0000000007D04000-memory.dmp
memory/5116-308-0x0000000006860000-0x00000000068F2000-memory.dmp
memory/5116-328-0x0000000006BA0000-0x0000000006BCE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll
| MD5 | 28f1996059e79df241388bd9f89cf0b1 |
| SHA1 | 6ad6f7cde374686a42d9c0fcebadaf00adf21c76 |
| SHA256 | c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce |
| SHA512 | 9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ccce3be0efea6b8e8087df380a41fb5 |
| SHA1 | 44787a0b3df3610bde06653a75521855da8ea6f9 |
| SHA256 | 0e20313827ea6047384a7ed88e2e32c7dffb77005b860fd625439b26d83c2edf |
| SHA512 | ce9c9c323fc3b5261bb44d7b6d280953411b7a62b0107973db3d0b3f5e3420d6c7c8365ebeacf0fe9df3c30e7d22ce19f729d2dd699014ff6af66ce091cea17a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e201cae240b16999fa46201100072954 |
| SHA1 | 29fb3ba5d8635e439112813214698ad362eff6df |
| SHA256 | 165512e2c77719205e0fe25f72f6bf32bebfb57a14639480302b5ded82bd890f |
| SHA512 | 40a5bf390dec813ae98bb07276bff8455770593948efd99e9aa14af417393e0fe1a9dd116089b6e8ac747afe6680d6aa68e7893f94c0a8c7c052f883aa4ce3fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48569c63d878a764948001581f5fc4d9 |
| SHA1 | e8f674db6104d4121719b6dd6fc00802fc96c1b7 |
| SHA256 | 49b6bafc70e906c819f2224a397966b9ed9fec627199885d65021f55daf70dc6 |
| SHA512 | 48ef9b0a0bcbf6bc48920a58bafb9feb1e4dec4f8146ed10ac0a63f0add360583d5cb8b1d6deac274b73c00327fdf4d04c125555f21013054cdd4852bfed9aee |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html
| MD5 | 9ba0a91b564e22c876e58a8a5921b528 |
| SHA1 | 8eb23cab5effc0d0df63120a4dbad3cffcac6f1e |
| SHA256 | 2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941 |
| SHA512 | 38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cb2253b88e95b8bad7c75f5f37366c69 |
| SHA1 | 3a4ea7d2de96ac19c0b880e4138f38e6bc01897c |
| SHA256 | 79c36bb737ab16c73c0b7b18968c548a805609d59242bb6c2b2a711465e60092 |
| SHA512 | b858a20f3f92604531193e12277beb2b7826f4a3c7a792beb974031b9a7bd91f20ae1e85067339df331ddd7f972bebf6c9c3f418a336fb4ad882644228bc686e |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis
| MD5 | bf5328e51e8ab1211c509b5a65ab9972 |
| SHA1 | 480dfb920e926d81bce67113576781815fbd1ea4 |
| SHA256 | 98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b |
| SHA512 | 92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico
| MD5 | 4003efa6e7d44e2cbd3d7486e2e0451a |
| SHA1 | a2a9ab4a88cd4732647faa37bbdf726fd885ea1e |
| SHA256 | effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508 |
| SHA512 | 86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
| MD5 | cef027c3341afbcdb83c72080df7f002 |
| SHA1 | e538f1dd4aee8544d888a616a6ebe4aeecaf1661 |
| SHA256 | e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7 |
| SHA512 | 71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf |
memory/1796-432-0x0000000000600000-0x000000000060C000-memory.dmp
C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\user.config
| MD5 | f3da41e2f01ec12a28efa662df2fa963 |
| SHA1 | 9760227f497132829ec34fffec6184969043bba1 |
| SHA256 | a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2 |
| SHA512 | ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59 |
memory/1796-448-0x0000000006D30000-0x0000000006D3A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f829bd66d8dc9c8e534814d835fe0cd7 |
| SHA1 | 77fdd46df433cffa99ec7573ae2478ace9de4129 |
| SHA256 | 1d3614a30f69edced7381bc27ea386f15f17be8b8e0d5fdd5e4ec0e002c750fa |
| SHA512 | 5c8223e2c4fbc7d41a1a8883ce1b7820ebf51b644469245a0143f24ed83d6122b256d25d45d4b55de0be53dad99474cb7bfeddc49f31ad76b9e42521ee9eb046 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d379c91e-6050-4b64-aec2-a440a13df5e0.tmp
| MD5 | 56f1511e36597bc128ea8188ef296978 |
| SHA1 | 3f9ac8c956149fc82dce6d052c6a65120bab72a7 |
| SHA256 | 3d9262dea2269f53553b1631794715a0a3e9abd843e00bf3a7d781cf8c7253f9 |
| SHA512 | 192981a88289cf583408ce6a6d941c75e5e4040475838851a621f585da3467d95dce9fab4a6c765db63809d7a0cc9ab0a426f958a607cd64de5f4f14fd6af402 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 462052a788c1ba33df0a4b1c8388d2b2 |
| SHA1 | a6c982188aaf923d0e06ef126596e1a0f3625354 |
| SHA256 | ea215d06265b298e5f543bd14d622dccd3dcd5b8a0392f08af069154127e48cc |
| SHA512 | 72ec68cc8ac569fc33163d235a860bfc9fc9a3a521f18a79087f2cd3db79e82b2de18c2bdc11895e9ed39da3da19b551f2adab3fdce8dc58bb9a77b957493e9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8c6e9f3339d77b2863f032e1c9d1ed6 |
| SHA1 | dffe7a49e7c59b8c7ad48552d7a880b1bf11ef8c |
| SHA256 | 32b11b9983d3bd2f35c5272fd2e5b37491e6c319a7f009c0401d793295f41707 |
| SHA512 | 4d97de9a475eab432e23f4b311fc091a29d55da9f66ef024ab3cfecf2887dcbb2a7e802bc149408b1ec615a9d4d8c1ac2daceedd61345e3adffa7f8a9cd04742 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ab77f23e02e9f92c11aed0f879e6bfa8 |
| SHA1 | 42056d3b5cc3dde04dc82a527cd575adff7bff62 |
| SHA256 | 621f9f1ec31fb61d3456709e73de34c6c3943b7623ad523ac2a0dc8a55f9e4d0 |
| SHA512 | c8ffacad1be1f00f95023343fec2ab2117b7c713e41e8989280cf6606b826473f9f7eba923359131e63a804db588966c26061df7f9173df0618c1b84ac702d22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7df1dabba4022913d5083714da64572a |
| SHA1 | ca6e321ec06b5bf518d27359850a418402ca23ec |
| SHA256 | c14d4b01f6ea08cbdb86c7c0a761d48b2ae14d4bbffb30ae047e4622dbb020ae |
| SHA512 | 2ce45eac0d159df2a9428f64c879c467b12699e3c8756fc55df4fdfae4dc6da2116435088d4359f57cc00aeb54863818964c8d0ffe4d3f00c61948a5157b0aba |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408221309192674484.dll
| MD5 | d7b7e0f7865a3cc624e95cefe2bc205c |
| SHA1 | 1352733bfaa54292d1457d3f7a87069c00a1f56f |
| SHA256 | 94028494f0c28a14f21179ef4096e0c52f1d022a5ad65b070f0d8584b500b597 |
| SHA512 | e5bced68446f702de4236a6f11ec005bc5233915ff689693a1894afe7ea924ca6d6d8ae722b12daa0ee0b4e35223606a55f13b34db648bfb24e96a76e834ff08 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
| MD5 | 44908c157516d82119d84a3b1c4a31f7 |
| SHA1 | dea19891d14b4e3598844f624c919b0dc5ce236f |
| SHA256 | be21539218a31ff278f218a172b9972f4d8978a281387acdadf9a25b86e30b1a |
| SHA512 | 5a83d45533202ba573941d041619bd7f17e997f352f73528029d1f07da9a26c4f50f1cf77c822f972b596fa75bd2eeb0bca8170d89343d8b590ba869be058106 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | beef9a8c1891c56115388d83452925f6 |
| SHA1 | 1d3289f9cdfe211d2575bb9a99383b4c5c17e860 |
| SHA256 | 66f656f789361937ad3ea4286b9ea8ab2cc2312f72db662d642947f6bf0604c5 |
| SHA512 | 59d3a64374b43e3901a328f25b078202493b7e108bcfb3862666d9eb3c3d240e9c6bc86a80009bbe53bb8ebcdc0a214cd4f40e8571bed27aab4012f55669895d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a5eec77297a117092a0b56028cc53ad7 |
| SHA1 | df7c06778c815da8f847384cb9ef8ce18f2cb453 |
| SHA256 | b38f0ee9c5419aa5569ecc40b3caf9ed73f721302f12870ca799320b835e94d0 |
| SHA512 | 1c79e0335ff87841dc961b9b958e315a393e2bc1cb1820a2352f27b5a18e590b4a51c443e0598a06cfc8071e7695ba636b44e8fc6ecaf10648f8846871f3d8f9 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\additional_file0.tmp
| MD5 | 1bf64fd766bd850bcf8e0ffa9093484b |
| SHA1 | 01524bb2c88b7066391da291ee474004a4904891 |
| SHA256 | 58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491 |
| SHA512 | cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f411ab3f5cc60b7c0eeeb41a5344d3f |
| SHA1 | f4d52e965f6379f85b10fac2fbc4b8c66fa2b585 |
| SHA256 | ba4662eaf2fac96f3a5fa36e42d0119ef94fd0c9203e4f0c59ef8fbfa96f39a8 |
| SHA512 | 1d494838dc295ff7598eda5149a6731a6f1dbec88ecb4c6d575ac5e87b624bbbdbb08a2623a3537aabd051dc249f80e1c8da53cfdaa4856ff6b1566f61b3f44a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c532decefc084fdd74b056c25129dfb3 |
| SHA1 | 1e2e249dc90199811c3bebdeda1037516b10d813 |
| SHA256 | 9dfb8a414ce75df53f8d9a3f87b67f203ef52f5af1522a9ac4a3c3c860320b35 |
| SHA512 | 6c94f5d69f04423e5f39833a7d3a4a90000fb30ca18ed8b61215afae9c9c4db466724d3bbd7487d5558ed08f24e53af333a4d9695cbcc11ec20dbf981e2a4082 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 81f92d2af0a9fb8090b3ee76462a5f7a |
| SHA1 | e685bbdd89c8dc43215ac1fa18a52662a0e2936f |
| SHA256 | 26715c924354a7f5d1e7e7f1a74064a1ecd025a570031b8c8e2dd6827ba8ef45 |
| SHA512 | a573c62eed0341aca5e1aab474847407d6873cfe1d19541ef93aaf01a317ce3b925728fc1e942826f1b729eda65bf195c197f5d9d131ca37ff90a86b13e522d6 |
memory/952-664-0x0000000000E80000-0x0000000001F86000-memory.dmp
memory/952-665-0x00000000043F0000-0x00000000043F8000-memory.dmp
memory/952-666-0x0000000006DA0000-0x0000000006DD8000-memory.dmp
memory/952-667-0x0000000004400000-0x000000000440E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a1a21c85a07e576d32dc81d5bd628fe6 |
| SHA1 | 1434ffc87b5be62e84e4e7c1c79b0478c5a34007 |
| SHA256 | 22c788258aaf27fea6a4f802a36deced85c7d36246e90d152983703e95c57226 |
| SHA512 | 27a97a4f644776edf67fe4cae56fc71f3f7a8c4acbaa6da3c54ebb76b5b19981702da7ac927e20cc9aab47ab082fbf56a32650b14ef1e5b7138f90de5cffa23e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 560a292d2a128b2c6510d84861f190b9 |
| SHA1 | 35aade8eb63b47558d9dd3818acfb0df05ce7bdb |
| SHA256 | 293c3ee0d5f9bfca6781b561a59132feb10ef203611506a57aa60a3408b546f4 |
| SHA512 | bc297eb3f0ca1ee82ac8f49aae218c0608b026705a97d45a94784d48edaa2c9f100529e7a8c9ff5f93b744c6a9fb4a6651511ddb6a6673c9630aa352f1037a98 |
C:\Users\Admin\Downloads\f95851bd-9803-492e-9ac8-76fc5a1556c9.tmp
| MD5 | d3c6a333eea0c097275f34fb29298ae9 |
| SHA1 | 21baf11712800e5c4c05a496093ebe30d96031f6 |
| SHA256 | acdcff2f0d8813e67ffd33c8e746e495901336d7dac615b83d095f894bdfbe29 |
| SHA512 | 09c97bb7645f768976a538a9be59a055dbec5c30ff7877284fea97a9261be1aa42ffd14137bd92b8d94ddecf52858f9261540c2abbf6dba4ab71e37b1acb554c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c2a66c1a3357bd258a9fa082ba80df2 |
| SHA1 | 2b74afb9827bf999a1895c7145c443c9ca9ca600 |
| SHA256 | 4d4489455380af653a16fdf872e4417acad597f408fc143cdee5a21ba2c5cfc0 |
| SHA512 | aae674cd39c1802b47d56d850dedca094e712c6a9e16a848cf2be085274cd100ac0357742fbe71d3d02fa721869f7a4ef84de12eb118f6b32deb8a873b436f4c |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f185423e2048bb8ea4d821cd728a570 |
| SHA1 | 6df733cefdde66c87431aeb040aeb1edcd7df8d5 |
| SHA256 | ea86ad89f1139282c316f1cb27cf096d06c0f219ed10d6fef5d935086f343c00 |
| SHA512 | 99a153ba6e04ae8c622f0ae89c53743d5a3f117a56e5e7d2e6687d356dc72fd75b3c4f92c01a429181f8770806a8a1efb719b2214ebe3f890b22c28abb912423 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 803f1b149858ef2a3f47e5038d2c84d5 |
| SHA1 | db91a40b0f3ec34f509e4350970621fa331a43b6 |
| SHA256 | 0958e4f4fdaba651188e48770e20892d42f68660374883a34980380af4a71f03 |
| SHA512 | 3f71fa437f79f708ed551c22e3c255f8cefe7009ca5ca1741dafa81b9220d13901a5ddf11f3eb160a7387c103675394e6085b59c18abcdc9fbe92515ac789aaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 625bff231423083baca870dda67a178c |
| SHA1 | d2b2f3e7c603a820ba50804cc52fd8f2082a2d50 |
| SHA256 | bc694e1e101ec460709b0a181f7eef4c67df54c463a672ed80fe37728d0e4803 |
| SHA512 | ddb54d741cb2608c89b0bfb20d8333a316a6009888f561aef95cf8c0c1ded932548dd6b0054b6755c868454110a8bebfbcc636f485762e6f3fe30c19dc36448b |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\TranslateOfferTemplate.tis
| MD5 | 551029a3e046c5ed6390cc85f632a689 |
| SHA1 | b4bd706f753db6ba3c13551099d4eef55f65b057 |
| SHA256 | 7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8 |
| SHA512 | 22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Log.tis
| MD5 | cef7a21acf607d44e160eac5a21bdf67 |
| SHA1 | f24f674250a381d6bf09df16d00dbf617354d315 |
| SHA256 | 73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7 |
| SHA512 | 5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\EventHandler.tis
| MD5 | 1116d7747130f4552a91e61a3a6000b1 |
| SHA1 | bc36996a664dab24b941ec263679c9d6322e61a2 |
| SHA256 | 5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd |
| SHA512 | af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\images\loader.gif
| MD5 | 2b26f73d382ab69f3914a7d9fda97b0f |
| SHA1 | a3f5ad928d4bec107ae2941fa6b23c69d19eedd0 |
| SHA256 | a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643 |
| SHA512 | 744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\style.css
| MD5 | 626313d8f4c859ba6473a8d94dfea5e7 |
| SHA1 | 142a57c5e31d7317b7d52b2d4435df53d4123663 |
| SHA256 | 989e5474b74fbdf5abe98b607870bb7f4757967c51412bc940ecab7dd9babd54 |
| SHA512 | dbaefd7f7409839971ec87bc0e49fbc4992de9dd319e28bea401b35b0a7952e56281084b123b6bbeb06080706ada0ffabcd0cf2fb3f75986d34f844d8cd50de9 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\ViewStateLoader.tis
| MD5 | 85c33c8207f5fcb2d31c7ce7322771ac |
| SHA1 | 6b64f919e6b731447b9add9221b3b7570de25061 |
| SHA256 | 940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a |
| SHA512 | 904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4 |
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll
| MD5 | b431083586e39d018e19880ad1a5ce8f |
| SHA1 | 3bbf957ab534d845d485a8698accc0a40b63cedd |
| SHA256 | b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b |
| SHA512 | 7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d102c21e5a599d9dccf31776b357d6ee |
| SHA1 | 2bd8056818ef6a79349e38d5ed60e5ae0978c6a5 |
| SHA256 | d9dd48ddcf8d9e6ffdbb448b82b103d87f57eb69d85601d9239939dd59d974a3 |
| SHA512 | 33463b0f36192e5c34aca934c6aec956a5cb59341f5895665ab449fa542252a1971407c4c5e358e8e089c382b7722c3c3b4ee2d3aefba864b724983081985c0a |