Malware Analysis Report

2025-01-23 14:00

Sample ID 240822-qcaxla1ekl
Target https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_33150624
Tags
defense_evasion discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_33150624 was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery spyware stealer

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Enumerates connected drives

Checks for any installed AV software in registry

Drops file in System32 directory

Enumerates processes with tasklist

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Enumerates physical storage devices

Modifies data under HKEY_USERS

Opens file in notepad (likely ransom note)

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Checks CPU information

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Checks memory information

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies registry class

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-22 13:06

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-22 13:06

Reported

2024-08-22 13:37

Platform

android-x64-20240624-en

Max time kernel

1749s

Max time network

1790s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.179.234:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 1.1.1.1:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 static.xx.fbcdn.net udp
GB 157.240.221.16:443 static.xx.fbcdn.net tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 216.58.201.98:443 tcp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.178.3:443 tcp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.201.110:443 clients1.google.com tcp
US 1.1.1.1:53 g.tenor.com udp
GB 142.250.179.234:443 g.tenor.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 142.250.110.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-22 13:06

Reported

2024-08-22 13:07

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-22 13:06

Reported

2024-08-22 13:11

Platform

win11-20240802-en

Max time kernel

262s

Max time network

263s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_33150624

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\setup33150624.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\hll1uq3i.ng1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\find.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688057281827546" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 193854.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Delta V3.61.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\setup33150624.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2136 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getmyfilenow.com/lp?id=Delta%20V3.61%20b_33150624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fb063cb8,0x7ff9fb063cc8,0x7ff9fb063cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8

C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe

"C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe"

C:\Users\Admin\AppData\Local\setup33150624.exe

C:\Users\Admin\AppData\Local\setup33150624.exe hhwnd=262700 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-KA1rz

C:\Users\Admin\AppData\Local\setup33150624.exe

C:\Users\Admin\AppData\Local\setup33150624.exe hready

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "PID eq 5116" /fo csv

C:\Windows\SysWOW64\find.exe

find /I "5116"

C:\Windows\SysWOW64\timeout.exe

timeout 5

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e808cc40,0x7ff9e808cc4c,0x7ff9e808cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4288,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,587261993187478764,8012119665811706933,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3768 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\hll1uq3i.ng1.exe

"C:\Users\Admin\AppData\Local\Temp\hll1uq3i.ng1.exe" --silent --otd="utm.medium:apb,utm.source:lavasoft,utm.campaign:lavasoftOPTOUT:ES_NA_63053a73342f17647bd2cec5"

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe --silent --otd="utm.medium:apb,utm.source:lavasoft,utm.campaign:lavasoftOPTOUT:ES_NA_63053a73342f17647bd2cec5" --server-tracking-blob=OWEwZTNiOWFlMDVhMmEwZmVhMzU0NWU0ZDVmYzEyYTE0NjYyMjg2ZGQ5OGU5NmFlNzc5ZjMyYmFlYTkwZGUzZTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUxBVkFTT0ZUJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1sYXZhc29mdE9QVE9VVCIsInRpbWVzdGFtcCI6IjE3MjQzMzIxMDIuNDU2MSIsInV0bSI6eyJjYW1wYWlnbiI6ImxhdmFzb2Z0T1BUT1VUIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTEFWQVNPRlQifSwidXVpZCI6ImFiMjQ5NWFmLTgzNmYtNGE4OC05YTVkLTUzMGY1M2JiMTg2OCJ9

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x7362a174,0x7362a180,0x7362a18c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2020 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240822130919" --session-guid=6f304337-b5fc-460e-885a-93a58dd65c2a --server-tracking-blob=OTBjOGVjMGU3YWI3NDExMWY3M2U3YjYxMjA1YTZiOGM2MDc5NWRkMDEyMzk5YjVkNDRhZGZiMWZiMzIwOWFmMjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPUxBVkFTT0ZUJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1sYXZhc29mdE9QVE9VVCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyNDMzMjEwMi40NTYxIiwidXRtIjp7ImNhbXBhaWduIjoibGF2YXNvZnRPUFRPVVQ6RVNfTkFfNjMwNTNhNzMzNDJmMTc2NDdiZDJjZWM1IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibGF2YXNvZnQifSwidXVpZCI6ImFiMjQ5NWFmLTgzNmYtNGE4OC05YTVkLTUzMGY1M2JiMTg2OCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6006000000000000

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS45CEB3B9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x348,0x34c,0x350,0x314,0x354,0x6d24a174,0x6d24a180,0x6d24a18c

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0xda8f40,0xda8f4c,0xda8f58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Delta V3.61.zip\Delta V3.61\Delta.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 952 -ip 952

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1388

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5436,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5408,i,4188916242910077305,17561577254490638817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:8

C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe

"C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe"

C:\Users\Admin\AppData\Local\setup33150624.exe

C:\Users\Admin\AppData\Local\setup33150624.exe hhwnd=132028 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-KA1rz

Network

Country Destination Domain Proto
US 8.8.8.8:53 getmyfilenow.com udp
US 104.21.50.104:443 getmyfilenow.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 dlsft.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 flow.lavasoft.com udp
US 104.16.149.130:443 flow.lavasoft.com tcp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 94.212.16.104.in-addr.arpa udp
US 104.16.212.94:443 sos.adaware.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
US 8.8.8.8:53 download.enigmasoftware.com udp
DE 52.85.92.77:443 download.enigmasoftware.com tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 96.136.73.23.in-addr.arpa udp
GB 23.201.65.195:443 package.avira.com tcp
US 104.21.94.230:443 www.freevpn.win tcp
US 104.21.57.28:443 download2021.pdf-suite.com tcp
CA 198.72.111.246:443 download20.pdf-suite.com tcp
US 104.16.149.130:443 flow.lavasoft.com tcp
DE 52.85.92.77:443 download.enigmasoftware.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
US 104.21.60.113:443 filedm.com tcp
US 104.21.96.72:443 www.ovardu.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
GB 143.244.38.136:443 spyhunter-download-v2.b-cdn.net tcp
US 8.8.8.8:53 clients2.google.com udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
FR 216.58.214.78:443 clients2.google.com tcp
US 8.8.8.8:53 a.directfiledl.com udp
DE 167.235.218.62:80 a.directfiledl.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
US 8.8.8.8:53 62.218.235.167.in-addr.arpa udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.111:443 features.opera-api2.com tcp
NL 185.26.182.117:443 download.opera.com tcp
GB 23.209.73.97:443 download3.operacdn.com tcp
US 8.8.8.8:53 117.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 97.73.209.23.in-addr.arpa udp
US 8.8.8.8:53 124.182.26.185.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
FR 172.217.18.195:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com udp
DE 167.235.218.62:80 a.directfiledl.com tcp
FR 172.217.18.195:443 beacons.gcp.gvt2.com udp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 www.google.com udp
US 104.16.149.130:443 flow.lavasoft.com tcp
US 104.16.212.94:443 sos.adaware.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 104.16.212.94:443 sos.adaware.com tcp
US 8.8.8.8:53 webcf.quickdriverupdater.com udp
DE 52.222.191.80:443 webcf.quickdriverupdater.com tcp
US 8.8.8.8:53 download.enigmasoftware.com udp
DE 52.85.92.124:443 download.enigmasoftware.com tcp
US 8.8.8.8:53 spyhunter-download-v2.b-cdn.net udp
FR 143.244.56.49:443 spyhunter-download-v2.b-cdn.net tcp
US 104.21.94.230:443 www.freevpn.win tcp
US 8.8.8.8:53 49.56.244.143.in-addr.arpa udp
US 8.8.8.8:53 124.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 package.avira.com udp
GB 23.201.65.195:443 package.avira.com tcp
US 104.21.57.28:443 download2021.pdf-suite.com tcp
CA 198.72.111.246:443 download20.pdf-suite.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b0177afa818e013394b36a04cb111278
SHA1 dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256 ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512 d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

\??\pipe\LOCAL\crashpad_2136_TRMPXIDYHRIEFZEC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9af507866fb23dace6259791c377531f
SHA1 5a5914fc48341ac112bfcd71b946fc0b2619f933
SHA256 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512 c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 937f8c43637582eaeb2b6e977e562c8a
SHA1 ca7b18d0e033dd19779107fecf8a1f70f15d4e6f
SHA256 70f0274a8bd8c778f7ef9d61dd9db3218ed68ff0a56da0700418a488e40c50b1
SHA512 c0240e7415552a45f257e31e7969d9b2ac0aec3ca124313dad557232f72fab066cfca2204b6a24b1035ca30aa03de77c4977c8f2a38785b16dc2bd525fbcc88c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d1d45f87956587a33c7fd88fbc53056f
SHA1 db620ae060344554631fa4ff312ee989b57b76f7
SHA256 f45809db41299d9185f81f2e19e590ae57d75320fa198852a124266d6e10cd5e
SHA512 1f160ce120b3f0d90437684954a22129ef377363705e87081382ad398a46cbbf04cbe4e108be6db328f714377fa13b51fb4e7d33181ab5522e72b6ae104fc9f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2620ded44d88bfba8a2712b806ddd36
SHA1 d0a998b80b801cbb0cd0d2fce51597a1aba9b527
SHA256 f9bfbd76a1b094590e5fa03ae8f2fced3de32f3907f144583ab1735ffdfc5a13
SHA512 81ff4138a6577044b1c3c8b8b5ee55daed1f28fe496b2644979de104a68511bce127fc812937c194457a66bc075393e0578ebd78b7d2a12d585d78de5dc535df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a444f0eebf2909654421bd2be26e4bca
SHA1 86518475ef7b35db3b4075bba9f30484d0922212
SHA256 77a636ae67fe9f5374e8734ee4eecb8dd30020b1cf0878aa2fb9820a46b62377
SHA512 6953ae212d97d6125a029d69ea77b3f093ffee6e60e4c0ed658588e5e89012c5ec9fbc560a6b8e4155acb66fe5eec23c802b85c2c241b099e27fee1fce415ef8

C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\Delta V3.61 b_33150624.exe

MD5 3d50042e3e3991be509f56a2951a2183
SHA1 f027790afe9d7ce2ddf17973f0778fb9e983ded1
SHA256 76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2
SHA512 120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873

C:\Users\Admin\AppData\Local\setup33150624.exe

MD5 29d3a70cec060614e1691e64162a6c1e
SHA1 ce4daf2b1d39a1a881635b393450e435bfb7f7d1
SHA256 cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72
SHA512 69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

memory/5116-125-0x0000000000220000-0x00000000005F8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

MD5 72990c7e32ee6c811ea3d2ea64523234
SHA1 a7fcbf83ec6eefb2235d40f51d0d6172d364b822
SHA256 e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3
SHA512 2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

MD5 1a84957b6e681fca057160cd04e26b27
SHA1 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe
SHA256 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
SHA512 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

MD5 8ff1898897f3f4391803c7253366a87b
SHA1 9bdbeed8f75a892b6b630ef9e634667f4c620fa0
SHA256 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
SHA512 cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

MD5 6e001f8d0ee4f09a6673a9e8168836b6
SHA1 334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38
SHA256 6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859
SHA512 0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

memory/5116-147-0x0000000005070000-0x0000000005084000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

MD5 08112f27dcd8f1d779231a7a3e944cb1
SHA1 39a98a95feb1b6295ad762e22aa47854f57c226f
SHA256 11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa
SHA512 afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

memory/5116-155-0x00000000050C0000-0x00000000050E4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

MD5 105a9e404f7ac841c46380063cc27f50
SHA1 ec27d9e1c3b546848324096283797a8644516ee3
SHA256 69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b
SHA512 6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

memory/5116-163-0x00000000050F0000-0x0000000005118000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

MD5 6df226bda27d26ce4523b80dbf57a9ea
SHA1 615f9aba84856026460dc54b581711dad63da469
SHA256 17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc
SHA512 988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

memory/5116-171-0x0000000005120000-0x000000000514E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

MD5 8db691813a26e7d0f1db5e2f4d0d05e3
SHA1 7c7a33553dd0b50b78bf0ca6974c77088da253eb
SHA256 3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701
SHA512 d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

memory/5116-179-0x0000000005180000-0x00000000051A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

MD5 b199dcd6824a02522a4d29a69ab65058
SHA1 f9c7f8c5c6543b80fa6f1940402430b37fa8dce4
SHA256 9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4
SHA512 1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

memory/5116-187-0x00000000051F0000-0x0000000005222000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

MD5 c06ac6dcfa7780cd781fc9af269e33c0
SHA1 f6b69337b369df50427f6d5968eb75b6283c199d
SHA256 b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d
SHA512 ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

memory/5116-195-0x00000000051B0000-0x00000000051CA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

MD5 9d2c520bfa294a6aa0c5cbc6d87caeec
SHA1 20b390db533153e4bf84f3d17225384b924b391f
SHA256 669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89
SHA512 7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

memory/5116-211-0x00000000051E0000-0x00000000051EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

MD5 be4c2b0862d2fc399c393fca163094df
SHA1 7c03c84b2871c27fa0f1914825e504a090c2a550
SHA256 c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a
SHA512 d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

MD5 17220f65bd242b6a491423d5bb7940c1
SHA1 a33fabf2b788e80f0f7f84524fe3ed9b797be7ad
SHA256 23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f
SHA512 bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

memory/5116-219-0x00000000052B0000-0x00000000052B8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

MD5 422be1a0c08185b107050fcf32f8fa40
SHA1 c8746a8dad7b4bf18380207b0c7c848362567a92
SHA256 723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528
SHA512 dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

memory/5116-203-0x0000000005260000-0x0000000005284000-memory.dmp

memory/5116-227-0x0000000005300000-0x000000000532C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

MD5 83d37fb4f754c7f4e41605ec3c8608ea
SHA1 70401de8ce89f809c6e601834d48768c0d65159f
SHA256 56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020
SHA512 f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

memory/5116-237-0x0000000005290000-0x00000000052AD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

MD5 f931e960cc4ed0d2f392376525ff44db
SHA1 1895aaa8f5b8314d8a4c5938d1405775d3837109
SHA256 1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870
SHA512 7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

memory/5116-254-0x0000000005970000-0x0000000005982000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

MD5 de90d5107779f7abeaf28d96fa331ee5
SHA1 27472ac9bebac7787bb2849b0000916869ae14e1
SHA256 564795427bebf14fe2439b1ab08d510ba804e87975a73809d00c2096f4305b6c
SHA512 7c2f43f18b0a817fd67dafe088eeedb4fc747f0f81e82faf48588b90ea3d4b65bdce892459cd770d59728c3ab95781b9fd5812500ba827b82adb8dcb9049d6e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D

MD5 03b6570f2f52c35691dee9197f540652
SHA1 89d298a4a0b35743bc0a1e25d3aed37a0bf730b2
SHA256 15812adbc7541d5ed7f049a3bfba3f9cad7bac3bf88d22e402e7016b4e42e5b7
SHA512 160a97c3b75f004fa5d36d4eb958190114a851009e3d6f312f0668dba5c05047618e62e14b879ff6873ec92cf84770c53ea0eb7073af9674adef31135977b991

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

MD5 21d18389efeedc233262dbe6019be5d8
SHA1 b78b85ee533d7cdb45f98ece1a10fd3f2fd8d2db
SHA256 e6aa2cfe4620b897ab4127b0814544f09af1937d57e7356c5852da46ac4d62d9
SHA512 f5cec86c597f332b2deb189499242936298f8cfbd76b50952a7f42208bfde537f2074e2f929d3b75f648c2b3d7ddd83c152853ea15ad90c25b08d71f538ad176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF

MD5 22e2fb11dad84eb8802c3cc94d23f0bf
SHA1 dcb1df747c20465c9d839c234ccde8b295dbd3b3
SHA256 b1e43a1a701632df73508856cd6d4670c30acee60508f507d2df0a87c8af0961
SHA512 28ec41811aa5d3b7f69feb20e5577bd3c177ba4b7a56ead54fff9f11772582aff712cb5841c6d15de497b1272896f3060e49b6714478d39ec01c230ce65aed7f

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

MD5 9de86cdf74a30602d6baa7affc8c4a0f
SHA1 9c79b6fbf85b8b87dd781b20fc38ba2ac0664143
SHA256 56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583
SHA512 dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

memory/5116-271-0x0000000006040000-0x00000000060CC000-memory.dmp

memory/5116-276-0x0000000005660000-0x000000000566A000-memory.dmp

memory/5116-277-0x0000000005FB0000-0x0000000005FD2000-memory.dmp

memory/5116-278-0x0000000006110000-0x0000000006467000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

MD5 554c3e1d68c8b5d04ca7a2264ca44e71
SHA1 ef749e325f52179e6875e9b2dd397bee2ca41bb4
SHA256 1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e
SHA512 58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

memory/5116-284-0x0000000006600000-0x000000000660C000-memory.dmp

memory/5116-287-0x0000000006BE0000-0x0000000007186000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

MD5 38cc1b5c2a4c510b8d4930a3821d7e0b
SHA1 f06d1d695012ace0aef7a45e340b70981ca023ba
SHA256 c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2
SHA512 99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

memory/5116-293-0x0000000007750000-0x0000000007D04000-memory.dmp

memory/5116-308-0x0000000006860000-0x00000000068F2000-memory.dmp

memory/5116-328-0x0000000006BA0000-0x0000000006BCE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

MD5 28f1996059e79df241388bd9f89cf0b1
SHA1 6ad6f7cde374686a42d9c0fcebadaf00adf21c76
SHA256 c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce
SHA512 9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ccce3be0efea6b8e8087df380a41fb5
SHA1 44787a0b3df3610bde06653a75521855da8ea6f9
SHA256 0e20313827ea6047384a7ed88e2e32c7dffb77005b860fd625439b26d83c2edf
SHA512 ce9c9c323fc3b5261bb44d7b6d280953411b7a62b0107973db3d0b3f5e3420d6c7c8365ebeacf0fe9df3c30e7d22ce19f729d2dd699014ff6af66ce091cea17a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e201cae240b16999fa46201100072954
SHA1 29fb3ba5d8635e439112813214698ad362eff6df
SHA256 165512e2c77719205e0fe25f72f6bf32bebfb57a14639480302b5ded82bd890f
SHA512 40a5bf390dec813ae98bb07276bff8455770593948efd99e9aa14af417393e0fe1a9dd116089b6e8ac747afe6680d6aa68e7893f94c0a8c7c052f883aa4ce3fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 48569c63d878a764948001581f5fc4d9
SHA1 e8f674db6104d4121719b6dd6fc00802fc96c1b7
SHA256 49b6bafc70e906c819f2224a397966b9ed9fec627199885d65021f55daf70dc6
SHA512 48ef9b0a0bcbf6bc48920a58bafb9feb1e4dec4f8146ed10ac0a63f0add360583d5cb8b1d6deac274b73c00327fdf4d04c125555f21013054cdd4852bfed9aee

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

MD5 9ba0a91b564e22c876e58a8a5921b528
SHA1 8eb23cab5effc0d0df63120a4dbad3cffcac6f1e
SHA256 2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941
SHA512 38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cb2253b88e95b8bad7c75f5f37366c69
SHA1 3a4ea7d2de96ac19c0b880e4138f38e6bc01897c
SHA256 79c36bb737ab16c73c0b7b18968c548a805609d59242bb6c2b2a711465e60092
SHA512 b858a20f3f92604531193e12277beb2b7826f4a3c7a792beb974031b9a7bd91f20ae1e85067339df331ddd7f972bebf6c9c3f418a336fb4ad882644228bc686e

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

MD5 bf5328e51e8ab1211c509b5a65ab9972
SHA1 480dfb920e926d81bce67113576781815fbd1ea4
SHA256 98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b
SHA512 92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

MD5 4003efa6e7d44e2cbd3d7486e2e0451a
SHA1 a2a9ab4a88cd4732647faa37bbdf726fd885ea1e
SHA256 effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508
SHA512 86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

MD5 cef027c3341afbcdb83c72080df7f002
SHA1 e538f1dd4aee8544d888a616a6ebe4aeecaf1661
SHA256 e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7
SHA512 71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

memory/1796-432-0x0000000000600000-0x000000000060C000-memory.dmp

C:\Users\Admin\AppData\Local\Adaware\OfferInstaller.exe_Url_1hem3jux35iv1vzfopbi55gu03hcnxpl\7.14.2.0\user.config

MD5 f3da41e2f01ec12a28efa662df2fa963
SHA1 9760227f497132829ec34fffec6184969043bba1
SHA256 a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2
SHA512 ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59

memory/1796-448-0x0000000006D30000-0x0000000006D3A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 f829bd66d8dc9c8e534814d835fe0cd7
SHA1 77fdd46df433cffa99ec7573ae2478ace9de4129
SHA256 1d3614a30f69edced7381bc27ea386f15f17be8b8e0d5fdd5e4ec0e002c750fa
SHA512 5c8223e2c4fbc7d41a1a8883ce1b7820ebf51b644469245a0143f24ed83d6122b256d25d45d4b55de0be53dad99474cb7bfeddc49f31ad76b9e42521ee9eb046

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d379c91e-6050-4b64-aec2-a440a13df5e0.tmp

MD5 56f1511e36597bc128ea8188ef296978
SHA1 3f9ac8c956149fc82dce6d052c6a65120bab72a7
SHA256 3d9262dea2269f53553b1631794715a0a3e9abd843e00bf3a7d781cf8c7253f9
SHA512 192981a88289cf583408ce6a6d941c75e5e4040475838851a621f585da3467d95dce9fab4a6c765db63809d7a0cc9ab0a426f958a607cd64de5f4f14fd6af402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 462052a788c1ba33df0a4b1c8388d2b2
SHA1 a6c982188aaf923d0e06ef126596e1a0f3625354
SHA256 ea215d06265b298e5f543bd14d622dccd3dcd5b8a0392f08af069154127e48cc
SHA512 72ec68cc8ac569fc33163d235a860bfc9fc9a3a521f18a79087f2cd3db79e82b2de18c2bdc11895e9ed39da3da19b551f2adab3fdce8dc58bb9a77b957493e9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8c6e9f3339d77b2863f032e1c9d1ed6
SHA1 dffe7a49e7c59b8c7ad48552d7a880b1bf11ef8c
SHA256 32b11b9983d3bd2f35c5272fd2e5b37491e6c319a7f009c0401d793295f41707
SHA512 4d97de9a475eab432e23f4b311fc091a29d55da9f66ef024ab3cfecf2887dcbb2a7e802bc149408b1ec615a9d4d8c1ac2daceedd61345e3adffa7f8a9cd04742

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ab77f23e02e9f92c11aed0f879e6bfa8
SHA1 42056d3b5cc3dde04dc82a527cd575adff7bff62
SHA256 621f9f1ec31fb61d3456709e73de34c6c3943b7623ad523ac2a0dc8a55f9e4d0
SHA512 c8ffacad1be1f00f95023343fec2ab2117b7c713e41e8989280cf6606b826473f9f7eba923359131e63a804db588966c26061df7f9173df0618c1b84ac702d22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7df1dabba4022913d5083714da64572a
SHA1 ca6e321ec06b5bf518d27359850a418402ca23ec
SHA256 c14d4b01f6ea08cbdb86c7c0a761d48b2ae14d4bbffb30ae047e4622dbb020ae
SHA512 2ce45eac0d159df2a9428f64c879c467b12699e3c8756fc55df4fdfae4dc6da2116435088d4359f57cc00aeb54863818964c8d0ffe4d3f00c61948a5157b0aba

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408221309192674484.dll

MD5 d7b7e0f7865a3cc624e95cefe2bc205c
SHA1 1352733bfaa54292d1457d3f7a87069c00a1f56f
SHA256 94028494f0c28a14f21179ef4096e0c52f1d022a5ad65b070f0d8584b500b597
SHA512 e5bced68446f702de4236a6f11ec005bc5233915ff689693a1894afe7ea924ca6d6d8ae722b12daa0ee0b4e35223606a55f13b34db648bfb24e96a76e834ff08

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

MD5 44908c157516d82119d84a3b1c4a31f7
SHA1 dea19891d14b4e3598844f624c919b0dc5ce236f
SHA256 be21539218a31ff278f218a172b9972f4d8978a281387acdadf9a25b86e30b1a
SHA512 5a83d45533202ba573941d041619bd7f17e997f352f73528029d1f07da9a26c4f50f1cf77c822f972b596fa75bd2eeb0bca8170d89343d8b590ba869be058106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 beef9a8c1891c56115388d83452925f6
SHA1 1d3289f9cdfe211d2575bb9a99383b4c5c17e860
SHA256 66f656f789361937ad3ea4286b9ea8ab2cc2312f72db662d642947f6bf0604c5
SHA512 59d3a64374b43e3901a328f25b078202493b7e108bcfb3862666d9eb3c3d240e9c6bc86a80009bbe53bb8ebcdc0a214cd4f40e8571bed27aab4012f55669895d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a5eec77297a117092a0b56028cc53ad7
SHA1 df7c06778c815da8f847384cb9ef8ce18f2cb453
SHA256 b38f0ee9c5419aa5569ecc40b3caf9ed73f721302f12870ca799320b835e94d0
SHA512 1c79e0335ff87841dc961b9b958e315a393e2bc1cb1820a2352f27b5a18e590b4a51c443e0598a06cfc8071e7695ba636b44e8fc6ecaf10648f8846871f3d8f9

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408221309191\additional_file0.tmp

MD5 1bf64fd766bd850bcf8e0ffa9093484b
SHA1 01524bb2c88b7066391da291ee474004a4904891
SHA256 58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491
SHA512 cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f411ab3f5cc60b7c0eeeb41a5344d3f
SHA1 f4d52e965f6379f85b10fac2fbc4b8c66fa2b585
SHA256 ba4662eaf2fac96f3a5fa36e42d0119ef94fd0c9203e4f0c59ef8fbfa96f39a8
SHA512 1d494838dc295ff7598eda5149a6731a6f1dbec88ecb4c6d575ac5e87b624bbbdbb08a2623a3537aabd051dc249f80e1c8da53cfdaa4856ff6b1566f61b3f44a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c532decefc084fdd74b056c25129dfb3
SHA1 1e2e249dc90199811c3bebdeda1037516b10d813
SHA256 9dfb8a414ce75df53f8d9a3f87b67f203ef52f5af1522a9ac4a3c3c860320b35
SHA512 6c94f5d69f04423e5f39833a7d3a4a90000fb30ca18ed8b61215afae9c9c4db466724d3bbd7487d5558ed08f24e53af333a4d9695cbcc11ec20dbf981e2a4082

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 81f92d2af0a9fb8090b3ee76462a5f7a
SHA1 e685bbdd89c8dc43215ac1fa18a52662a0e2936f
SHA256 26715c924354a7f5d1e7e7f1a74064a1ecd025a570031b8c8e2dd6827ba8ef45
SHA512 a573c62eed0341aca5e1aab474847407d6873cfe1d19541ef93aaf01a317ce3b925728fc1e942826f1b729eda65bf195c197f5d9d131ca37ff90a86b13e522d6

memory/952-664-0x0000000000E80000-0x0000000001F86000-memory.dmp

memory/952-665-0x00000000043F0000-0x00000000043F8000-memory.dmp

memory/952-666-0x0000000006DA0000-0x0000000006DD8000-memory.dmp

memory/952-667-0x0000000004400000-0x000000000440E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1a21c85a07e576d32dc81d5bd628fe6
SHA1 1434ffc87b5be62e84e4e7c1c79b0478c5a34007
SHA256 22c788258aaf27fea6a4f802a36deced85c7d36246e90d152983703e95c57226
SHA512 27a97a4f644776edf67fe4cae56fc71f3f7a8c4acbaa6da3c54ebb76b5b19981702da7ac927e20cc9aab47ab082fbf56a32650b14ef1e5b7138f90de5cffa23e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 560a292d2a128b2c6510d84861f190b9
SHA1 35aade8eb63b47558d9dd3818acfb0df05ce7bdb
SHA256 293c3ee0d5f9bfca6781b561a59132feb10ef203611506a57aa60a3408b546f4
SHA512 bc297eb3f0ca1ee82ac8f49aae218c0608b026705a97d45a94784d48edaa2c9f100529e7a8c9ff5f93b744c6a9fb4a6651511ddb6a6673c9630aa352f1037a98

C:\Users\Admin\Downloads\f95851bd-9803-492e-9ac8-76fc5a1556c9.tmp

MD5 d3c6a333eea0c097275f34fb29298ae9
SHA1 21baf11712800e5c4c05a496093ebe30d96031f6
SHA256 acdcff2f0d8813e67ffd33c8e746e495901336d7dac615b83d095f894bdfbe29
SHA512 09c97bb7645f768976a538a9be59a055dbec5c30ff7877284fea97a9261be1aa42ffd14137bd92b8d94ddecf52858f9261540c2abbf6dba4ab71e37b1acb554c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c2a66c1a3357bd258a9fa082ba80df2
SHA1 2b74afb9827bf999a1895c7145c443c9ca9ca600
SHA256 4d4489455380af653a16fdf872e4417acad597f408fc143cdee5a21ba2c5cfc0
SHA512 aae674cd39c1802b47d56d850dedca094e712c6a9e16a848cf2be085274cd100ac0357742fbe71d3d02fa721869f7a4ef84de12eb118f6b32deb8a873b436f4c

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f185423e2048bb8ea4d821cd728a570
SHA1 6df733cefdde66c87431aeb040aeb1edcd7df8d5
SHA256 ea86ad89f1139282c316f1cb27cf096d06c0f219ed10d6fef5d935086f343c00
SHA512 99a153ba6e04ae8c622f0ae89c53743d5a3f117a56e5e7d2e6687d356dc72fd75b3c4f92c01a429181f8770806a8a1efb719b2214ebe3f890b22c28abb912423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 803f1b149858ef2a3f47e5038d2c84d5
SHA1 db91a40b0f3ec34f509e4350970621fa331a43b6
SHA256 0958e4f4fdaba651188e48770e20892d42f68660374883a34980380af4a71f03
SHA512 3f71fa437f79f708ed551c22e3c255f8cefe7009ca5ca1741dafa81b9220d13901a5ddf11f3eb160a7387c103675394e6085b59c18abcdc9fbe92515ac789aaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 625bff231423083baca870dda67a178c
SHA1 d2b2f3e7c603a820ba50804cc52fd8f2082a2d50
SHA256 bc694e1e101ec460709b0a181f7eef4c67df54c463a672ed80fe37728d0e4803
SHA512 ddb54d741cb2608c89b0bfb20d8333a316a6009888f561aef95cf8c0c1ded932548dd6b0054b6755c868454110a8bebfbcc636f485762e6f3fe30c19dc36448b

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\TranslateOfferTemplate.tis

MD5 551029a3e046c5ed6390cc85f632a689
SHA1 b4bd706f753db6ba3c13551099d4eef55f65b057
SHA256 7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8
SHA512 22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Log.tis

MD5 cef7a21acf607d44e160eac5a21bdf67
SHA1 f24f674250a381d6bf09df16d00dbf617354d315
SHA256 73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7
SHA512 5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\EventHandler.tis

MD5 1116d7747130f4552a91e61a3a6000b1
SHA1 bc36996a664dab24b941ec263679c9d6322e61a2
SHA256 5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd
SHA512 af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\images\loader.gif

MD5 2b26f73d382ab69f3914a7d9fda97b0f
SHA1 a3f5ad928d4bec107ae2941fa6b23c69d19eedd0
SHA256 a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643
SHA512 744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\style.css

MD5 626313d8f4c859ba6473a8d94dfea5e7
SHA1 142a57c5e31d7317b7d52b2d4435df53d4123663
SHA256 989e5474b74fbdf5abe98b607870bb7f4757967c51412bc940ecab7dd9babd54
SHA512 dbaefd7f7409839971ec87bc0e49fbc4992de9dd319e28bea401b35b0a7952e56281084b123b6bbeb06080706ada0ffabcd0cf2fb3f75986d34f844d8cd50de9

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\ViewStateLoader.tis

MD5 85c33c8207f5fcb2d31c7ce7322771ac
SHA1 6b64f919e6b731447b9add9221b3b7570de25061
SHA256 940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a
SHA512 904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4

C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll

MD5 b431083586e39d018e19880ad1a5ce8f
SHA1 3bbf957ab534d845d485a8698accc0a40b63cedd
SHA256 b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b
SHA512 7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d102c21e5a599d9dccf31776b357d6ee
SHA1 2bd8056818ef6a79349e38d5ed60e5ae0978c6a5
SHA256 d9dd48ddcf8d9e6ffdbb448b82b103d87f57eb69d85601d9239939dd59d974a3
SHA512 33463b0f36192e5c34aca934c6aec956a5cb59341f5895665ab449fa542252a1971407c4c5e358e8e089c382b7722c3c3b4ee2d3aefba864b724983081985c0a