Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 07:00

General

  • Target

    2024-10-18_a1b338a63169050613156d09be5eae22_bkransomware.exe

  • Size

    20.6MB

  • MD5

    a1b338a63169050613156d09be5eae22

  • SHA1

    0a809cc73336ee42fdeda5a89bc4e1cf5e60a1ad

  • SHA256

    8da5da5c220ea0228bad20687c5accdd926df12bc2ed7cc7b3d71eea07bdc455

  • SHA512

    fa27d1ea4ebfcc483143757cdd7077b127cf3c541a58c006f365f200845337e4776e601cd3738ffa667424741d15dce0bf9740804a016890a981a3d8b43c4630

  • SSDEEP

    393216:jDvjrBGFgxTX996+r32F+rDxSPv4OYcYdkc3lGWOTrjLxdYpi6uY8:jDpb/GFqIPv4Xcbc3cJjL36

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-18_a1b338a63169050613156d09be5eae22_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-18_a1b338a63169050613156d09be5eae22_bkransomware.exe"
    1⤵
    • UAC bypass
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2104
    • C:\ProgramData\HugeStone\HSKeyClient2\ManualUpdate.exe
      C:\HsUpdate\2024-10-18_a1b338a63169050613156d09be5eae22_bkransomware.cab
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2876

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\HsUpdate\2024-10-18_a1b338a63169050613156d09be5eae22_bkransomware.cab

          Filesize

          13.7MB

          MD5

          e58e2b0de7ed9be7cbabbf00ffdb50f4

          SHA1

          71932a92c954c8cc7e9c90ba7e4090091b69a64e

          SHA256

          fe6aef7af0ede8f742457601447181eda9ff36ad75b8f0c8dd2702440387861b

          SHA512

          634468e62e3cda01d2d00f1937ce9a1b43fb0caaf99926ac03cda63d4ff68b8e51c5cef067ad8890627fad1beb7f11884b62f4e77043667585aa11a8f7b287cf

        • C:\ProgramData\DelayClient\FileMD5.bin

          Filesize

          35KB

          MD5

          465b645e0a4f000d176fba29adef7c1c

          SHA1

          3eac18f778ff5360fcfe0c976dbe8b640215ba92

          SHA256

          75be1d7c713f48750c6fe0508e8932c2e5b4665b0ee6771de952137964c4111d

          SHA512

          08939cf3750b856c06d6c0591c5eca8cbf48f8696961be736c37bb828a68061c59c4dea1e636567409cf8c14c75a105455c21f512af194b1e581afe3c5a4da75

        • C:\ProgramData\DelayClient\MFC71.dll

          Filesize

          1.0MB

          MD5

          e2eecc12865c227ba99c705679f7722e

          SHA1

          bb2bf17aeebb8d7680917f04678a7a7f6f4094f3

          SHA256

          50e19f17e89bdec93aa610b0a66ba6aa94403cecf8852cfedcbd2221d774d67b

          SHA512

          0d975a425c5c5090d42af5edfa5db1b217e75c0d1056e042cb54ac8d61d8aa2388b58f398ea6d2f670602ab8c721ea91d5b84bbcaeccc11b9907eaedb5d7f6fe

        • C:\ProgramData\DelayClient\MFC71CHS.DLL

          Filesize

          55KB

          MD5

          332f3f416f19321ffee6d693d426733e

          SHA1

          9645cf337b8f512f259c6cb7864a48a9effe208a

          SHA256

          22d322485bcb1f3a224f3183f376150e5315eaae901c77ec64b5bbb2898c88f1

          SHA512

          d4b656e2bb5266694086f3533d071cc927af0680a597c1986673f0e0cd86080496155cd9ce7653f4c1bc7d32b5b31c6451c1664d8f3d6bd58afecd2f0096995c

        • C:\ProgramData\DelayClient\MFC71CHT.DLL

          Filesize

          59KB

          MD5

          40df327db7b8bd31c33d24a80ab79d59

          SHA1

          952e6528774e05709b4158fdba79137baa0d67b5

          SHA256

          61f1af40b7ded6f5de94c71dae66f762eb65e82c54f0f4da1ef900d236c183b0

          SHA512

          a847dba46922c64f7fbc360559a6a9de08bcaa7c1f64b230a4a5fbc2e36b5dc97b05b0b945f206bc689fe604af1473d1338713197c64446254bbbf99d0c66a4f

        • C:\ProgramData\DelayClient\MFC71u.dll

          Filesize

          1.0MB

          MD5

          249944dfc853b99dfdeaa365790c9146

          SHA1

          ed98d153cdbfe85d8efde83456592e18e3563e8a

          SHA256

          8ecd2edbe4f5adeecc0a3423a770ef1582d8047674481b8a70c992568640c242

          SHA512

          46ff993d8e9b660cb7e9984887f7f1e9e8937f8acf04475401d5be9f81b8499fb8fa7e8df0340118b48685da21fd5c43ff6f5bd0bc06570e73fe25abf1c9f5db

        • C:\ProgramData\DelayClient\MSVCP71.DLL

          Filesize

          507KB

          MD5

          2ac2a759a4f996854bd32a5fd28411b2

          SHA1

          9357bc6bec8c1f861e968347c5f0b2888ef95033

          SHA256

          3f932f613c652f973a2ee4a191e126caff6966447f1990b295d6866157351cf3

          SHA512

          fc229a333ebb2a7a545087ae74f21cfadd7c75e32080512a2fe9416546a00b5cce67eb59918822fc4f2fb3ff48bcc6288338a865ed96fc6fd80461acc4c4cf85

        • C:\ProgramData\DelayClient\ModifyOutlookConfig.exe

          Filesize

          55KB

          MD5

          38d321c02f8adb8213aeab5b1a8a7639

          SHA1

          ead6971cf83deb1ad72a3c3b3090de3640b1f8e1

          SHA256

          dea75a3dcabaae30783593e060bb0b27f8bbcbd07e01fce5c02fad84be3f044d

          SHA512

          d237118cc1e8d7ddbaa660383dc3b882a3416197d182f9cff6c3380bd0b2f0fb33ec4cf2881c1d4c137f7af9e3e2e9cb24b48e7a1f66d6a21269f2ae861b415b

        • C:\ProgramData\DelayClient\NatDbgDE.dll

          Filesize

          707KB

          MD5

          684d5a710fa9c26693191746044453f9

          SHA1

          e3baf16766d32d68da965d013e12d5b5889a1b69

          SHA256

          7de211724a479762993a2e8163d43cb102a70fc89c1655566dc0a23ad5586c12

          SHA512

          55067c56381d8f994adb47b9ff59cea902807045b4aac7388df73a091e9a1d782e44d4dfaffbcd3d8726c8d0504ab1eb65a3134967786e3c119c0661fd1dce53

        • C:\ProgramData\DelayClient\NatDbgDM.dll

          Filesize

          175KB

          MD5

          489b5c7c0607e2f9100dad2097f1b430

          SHA1

          e04c62397d70785a4f0227e28c891c454ed781e1

          SHA256

          d394c6936e0c08b081cbef15fb80445352f1e702c90008a45d4d5519a2ccb751

          SHA512

          646d7cef99c64e24cf0626574f78cd072053545a590107037a664098a6586952750ced604e004043584e298543fc7b88984b69d3ba08def5f430fae5ba3c9869

        • C:\ProgramData\DelayClient\NatDbgEE.dll

          Filesize

          247KB

          MD5

          1dfec17979176d1716018637e979ff65

          SHA1

          96d122e5e9e932e45f9827fa334c35b969c39550

          SHA256

          2d4348f88f2d5cf3d4de00b5eb37ccc0c33c4267eb67f29e53e38f2e19705e6e

          SHA512

          ca312d79cce2d84b11c98682f73a0c27030d293246aec2534e9a8dbd96f2dfbed30453fa0374a7ef9f812b5d5b79681ffd5a5165fd932e6984c21945c79dd5b5

        • C:\ProgramData\DelayClient\NatDbgTLLoc.dll

          Filesize

          35KB

          MD5

          0f45fbf412986ef2e95aab798a1eeed1

          SHA1

          a4e4ee3686ba411fdb03c81b2cb93bf7772a3160

          SHA256

          d0064c4979712bc5075f5e0ccb400888adc828d61db7ae502ffbd80ed48e95f2

          SHA512

          e24692896e4d5a4df7b4ed37b64fd76de44cf8b42cf5284b4a1ab92e0a1e3751dd545b77081f128eec6fcda3627a4daf3242e710a0d69569b01e49be98c4d6ee

        • C:\ProgramData\DelayClient\NatDbgTLNet.dll

          Filesize

          55KB

          MD5

          eba6e4548677d9c0ed1298d3ccf7889e

          SHA1

          9b134ac858ea54f49abd48ed48fe0198b30f5a69

          SHA256

          ebbbf6d000aefd90405381df522cb8634723d89db7e002ff3c0fd2ebdd6df094

          SHA512

          fb3b07d406f0ea3dfc017fc930056451263b76d7858c4692267f2d731eae5e6096a7ddc263d1faf633756bf0a5787727cf839411f7e900f1627c4d71ad3604ff

        • C:\ProgramData\DelayClient\NetrabDecrypt.exe

          Filesize

          589KB

          MD5

          c15a9582b6390df14c8fb0841b96958c

          SHA1

          f8d845d48cd7d8af6aadf659bb36376124215079

          SHA256

          1b873cd075fd7fe25ea73aa81609be5f2074c177ea9a3e58e5d08ff8ec560af3

          SHA512

          21f81eff2cfd38932890a9683ca0cf04b0293e85300a5a6a7daa654c36e708605bed3bd910876f3b4161770d9d99237ed168dea3231e66b1c1c6c2d721f91915

        • C:\ProgramData\DelayClient\NetrabEncrypt.exe

          Filesize

          581KB

          MD5

          44b12fb2fe6b72f41b1758e9d0cde8d2

          SHA1

          452ac4b18d9c976c02a5f4c9c738d9522ebb4986

          SHA256

          3c82d576b4d92b4d0a822661845e78b5bd324deb7e280e5b0ee5eb7855dfc177

          SHA512

          e9f62f238c88dda7fc9422fee7ceabf62cfca7f21c93aad441cef3f079cb3056fb0d0e65089adf6df6ed456d658d65530f4fff6825307e2ac57d5e42ebc644d4

        • C:\ProgramData\DelayClient\NetrabSwitchUser.exe

          Filesize

          232KB

          MD5

          6fa5d86da720c595e2ccdf0f03624a74

          SHA1

          134f22d0054c005ea4fbe047ec3ef13c24d450e6

          SHA256

          3411365c5ba4091b3dce865ca181dc617e5ebd2d11fd256e651b5149b3e9c2ce

          SHA512

          6992a30944e913d8b9f223a8bfe22a5427106750127063491ac07cb4edbb703b3a46b5004e1cae37b93f855338eafa6d926fb8578399d60a70a2a734c6aa0276

        • C:\ProgramData\DelayClient\NoOnLine.ico

          Filesize

          1KB

          MD5

          f44a644861701474aeb3e744886b3c7a

          SHA1

          1705524285764dd6b6dcf2118e247d5cfbe83dbd

          SHA256

          2669296b8df92279e7a69b2f0a026d0b3a5bc117ccf68f24407c224c8b3b26d8

          SHA512

          aef65e9df9872b6df3c795e0ca61b930f1ded574ab90bddbcbbbf3a4094a7875623c0130d6934b7a829878171f6d7503ee10470c3f5e1f09aa5595ba08055f11

        • C:\ProgramData\DelayClient\OnLine.ico

          Filesize

          1KB

          MD5

          90ca66e468f73c9f099715191aae0148

          SHA1

          f9ff4fbc5cb74d71fbaf3f2f63ddce458b4814a2

          SHA256

          c817411e310901ef2de333e1a369493eb7da869542944a9854cfc081ddd19a73

          SHA512

          1afc118d4fec7478187d2f939fa4ea5c344c030830cff5539ca60e45b08e28d581c79b653cf8de4de489a1b6933882d5fcf7e17e785d7e8e9d077d1f9bc78ee6

        • C:\ProgramData\DelayClient\OutApply.exe

          Filesize

          467KB

          MD5

          d5fb869844a94ec8501d8c8aa1e1d404

          SHA1

          85e83bb4929f0b6113f47e03bb8d58ba749ac735

          SHA256

          866ceb0fa2304e7ea6e48ffdd92370cad7f3151e8dad38649677f76644f93c30

          SHA512

          cd6446d3700098713556ec7937d48196e4d36a2604f53aef91f6bb1b8d7c9fa8c96b126daf274e728f4b5ab38f1afa84ee57a9d27e86721b144d11a894e8e2f9

        • C:\ProgramData\DelayClient\OutProposer.exe

          Filesize

          436KB

          MD5

          31923949209ec07b10ca1c9a82ef1749

          SHA1

          bdc4347ac87e6bca0fc83331b90439aafbdbe526

          SHA256

          185323fea0c6f48c0a655a3db91884cf75740c16dd413c85631c10db2da2b18e

          SHA512

          5aa8b8c24865c997be5afc2da3d0dad89d5678bdba8043c1f7da8813faa4c1b7ed5e9facc80aa463d4aefe245a76882541ebede9be41e0164a217166cdb51f68

        • C:\ProgramData\DelayClient\OutResponsion.exe

          Filesize

          412KB

          MD5

          ce7202478f37df52c7dfb8c23893c983

          SHA1

          c330a1bbf15c1d52ff5106512e94e3c804f73109

          SHA256

          e0a054878571cb86465b754e8ef29c06598ef822783b59cf3e222a2c5951046e

          SHA512

          f335501f858d5b8718d7f3d381fcc92b16381e36c69b0c53ba653178337c7d96ded7338d43805facd072d84103fda08e6aa2ebfe83a849cd44eca0c7089e98c6

        • C:\ProgramData\DelayClient\ProgressBar.exe

          Filesize

          128KB

          MD5

          b894ad2efcac36bceff2edab5c512aa0

          SHA1

          c7bf6cebb9aa5396b0585222b616671e07e5daf2

          SHA256

          0aebfaa24fda48658b0bdbfefdba6b042017d8c16fc5ddbb5c31bd5bcbb352f1

          SHA512

          e5126c6b47c7a0ce11f3b04df280da74f6422ea52945aa375f89ba14a613dbbc747734128bb57b17fbe7edf43b088aec62155f4af09783611a1e6c91ef2d22f3

        • C:\ProgramData\DelayClient\SetOutUser.exe

          Filesize

          145KB

          MD5

          d60e1ee799e8331869e258e8096c8145

          SHA1

          491b920a1dc9cb267a4f59e4e56dc6accf740abc

          SHA256

          fd652ec4b7ec349d2bb1bffff810788eb4579421adf2c42c3575585b0c899b96

          SHA512

          1a46813a06156112fd3163a9677c1fe2fb07796aeab765a34e0db81e61e88eec869dc2fdfa0f4fd30661a6cfd946e51ee7b1bf7475f622a9fb9941d4b52cf8fc

        • C:\ProgramData\DelayClient\ShowFileRightUsers.exe

          Filesize

          144KB

          MD5

          e67ceecc517666c33205c8da745bacdf

          SHA1

          60417c7921339482d9337f60e5224909f81ca7d8

          SHA256

          6e1f06f79c0672180fa8935666d672c4daa8f9eca5af4c1e0e115bd8a5d4adf0

          SHA512

          b2ba3e9a55363abcf1940668f4dcb603069a01c9531f0f46dd00aab791c82c64dcaeffd2530bc10219cfd00f2493bf7d0c891e61995d989936ab9c475ede63e9

        • C:\ProgramData\DelayClient\StmAlDll.dll

          Filesize

          18KB

          MD5

          618147f08cb37e913dafb276a41a1c7c

          SHA1

          aa73977b61b3414a4cd85d7c94fc2590b70ae698

          SHA256

          231ee29261de7fb7190ff47bb43b9c9a5d94cb5057349c46018e2566062bb665

          SHA512

          b834b22420a37d2045c5097def3580616ac514728534a1d8c5a4b5d576e861ea7c8ae9a261bbf06394c205c3fbbf3c2801ceebc72ac60a8f6b1e053f3741077d

        • C:\ProgramData\DelayClient\SwitchTeam.exe

          Filesize

          135KB

          MD5

          99811ca33e48af7f3deb22b03657f58a

          SHA1

          347e1b33bfe08cb320b58ba04b1d75bb04924af6

          SHA256

          4c697d40725c48bb5e97250f5b27bf901e7f670662f2b750bff91495782a2484

          SHA512

          169ec56c9efd69f455bb134945da48882d410f0d0d1b2ea2176d6737af22a09f812d168f67766bd9b9638f6af510d9367f836648c00240491916ea9e28d1634b

        • C:\ProgramData\DelayClient\UpdateMsg.exe

          Filesize

          136KB

          MD5

          cbb4026ffdf79be2c2e259fb96725fe5

          SHA1

          dfe18fd68586fc31f5c1eab425f793566467c0f2

          SHA256

          abb30665ed92aaf781b920a6bd8eff170bd84bfe9c267258451549ce361918ce

          SHA512

          960412ef826771e73c64bc99c936727b584e32695c754053ed88c214b0f6729472179f2f12795a674a0bea8de75240261f1bacadb3e0dd106c8a4ae956422083

        • C:\ProgramData\DelayClient\_msvcr71.dll

          Filesize

          355KB

          MD5

          04108151c2be46faab5b99b50a6a796a

          SHA1

          74f630d1fc57e287d71b4546bffcd9e4b8126463

          SHA256

          ff2a05d03e3810c0f1c599193fde499fd8f001b8240e67657064d9f5b5e45aea

          SHA512

          4a24d554187028b47924b0dadaf5b3e192187f50c10e76fc6ec4d3520dce8ef794f980b207dc2d8099e6a062e92e17be69c129a080f3e7d735a7741f5314b9d5

        • C:\ProgramData\DelayClient\msvcp100.dll

          Filesize

          421KB

          MD5

          da82bcb71b84389fb3e933bf55467d22

          SHA1

          4c6983bd0df81e6b4d1c12c123ea11a2debd31ae

          SHA256

          1c88436118795ee9f506f6549dbdf02503437350a6f33ea556409766d5b43081

          SHA512

          25af247324ac27b2226cf36059544e9279cbb9f0737a2eb5aa5a45412386bcf59dc4dd347f562cf1b5b47205376d550b13ed007a0a2772222e9afd3f35eca353

        • C:\ProgramData\DelayClient\msvcr100.dll

          Filesize

          765KB

          MD5

          177c1ffeef9c77977fed89a56ab957da

          SHA1

          aef637819f177d01ab8561937d73af91f541d138

          SHA256

          916527b720e4b6c8ce9cb3581796439c8dfe30ecdbe8a2c09a322bcc43d062ec

          SHA512

          24ca5f3b7328b52f2c74757f9059f0489eb7ccf2ebe02613600d14ad2b98ee071281898ad880b923ba7e73f963443b549c8d2101ff6f0c5e0903f9adaff4354d

        • C:\ProgramData\DelayClient\msvcr71.dll

          Filesize

          355KB

          MD5

          d671fe7d85c2bb4ea19c189ac5facd5e

          SHA1

          a78aaada25ed1840cbcd503d0320054bcd3c2610

          SHA256

          5ed3919c7dcc0b94207259571f15602b080e813e73f22271ea0a55611d17383a

          SHA512

          3b50159478310ef636a2770400a1954616c7129041bcf0262fb7383e81d6cd64652e41b75a0cdbeeb167c192e44705816f69ef70b769874c78e219fef7379443

        • C:\ProgramData\DelayClient\msvcr71d.dll

          Filesize

          547KB

          MD5

          78d397df5ff2df6b4d086b6cef136c6f

          SHA1

          331920550da6c651cb613ba1e8c7ebe3fc156895

          SHA256

          ebafaee7e9ec4ecd2b6f00609d0ea2a425989c63eb4963421f7f885667242b88

          SHA512

          6e96e0a055f2209789e03c38dae7fb49fe7a00475f7effb018139c6e119219461dd3423abb03f261e5ba986df1e4227f50afb8a9f590a6021438771704bee43f

        • C:\ProgramData\DelayClient\rom.dat

          Filesize

          2KB

          MD5

          d164bf4c7d8987af151dea8957c94ea7

          SHA1

          9cd1fd9d62ccd89a28c34d9aa43c4e53a1385a40

          SHA256

          0afa878e6ce8f43370cd710ccaa1824076851f9116d49b20b9ca2e1f185cd5b2

          SHA512

          e038c5370ee162284fdcd9cc382098aef9ba301b390ccfbb4c98722c255de4bdc64d0354d3d00d0b0767aeaa301534adfedef1a06a8fcf9fc0565c19f88d1a31

        • C:\ProgramData\DelayClient\scriptle2.dll

          Filesize

          135KB

          MD5

          12f760366313a3642a7d839bdf7efed5

          SHA1

          8cd3cf10c36aa6efbd893b6a535cf542fc13c081

          SHA256

          ff73c84c80e33b6e56fb450cf73c315f456980a76325a1267744463194ee2160

          SHA512

          0597fb8b51044d954a42f4c6e51a0e2968b1b0e3c0dea93f54f9953297c7be9460ca5bd9b4feba651776be3e0d9e946ff74454dd48614317782fb73c26ed2c21

        • C:\ProgramData\DelayClient\shellext_config.ini

          Filesize

          3KB

          MD5

          3884df11ac17f49ac3ef43c71d1047d1

          SHA1

          12aea82588e17f3d1ca0019395c166c486bacb78

          SHA256

          053ce4a33c8ff64aeaec786f1d3308d4dd7707fa9ece6aac0d7320cc742267aa

          SHA512

          f9dc6fccc1713cc5ea579e79e0ff3b161ebaf49e358e29a71b5db6a364694d11aff7ef218423c931bbf461cab1aecc285244bfb5555549d7677335747370934a

        • C:\ProgramData\DelayClient\sysX64\HsDsk.sys

          Filesize

          29KB

          MD5

          bfdf6380b3e3e39a587169c251f69efc

          SHA1

          8b6da2acdb0235d4837a94586338e6da89a2e38c

          SHA256

          720aa7ea64178435a13eb01762216b99a7486dd43c029387d1fc492488118196

          SHA512

          8773e27e3209d4d0b68283b922f737c8fc41eb0352308efdb739906b9a3bfc144f0d763ae49d4fe171dd291a61268a15ac308484634e4eae60f26bd6e79f9e4d

        • C:\ProgramData\DelayClient\sysX64\HsFltEx.cat

          Filesize

          11KB

          MD5

          2eb1486fc70ff57fd58a5ffc9b26c181

          SHA1

          a0168b4a2b8fdf6aef428ff17a88121f60df9a79

          SHA256

          f48a21d839f604e31de22820a49bc9757524da35c8a36e127bb424b7e8c6354e

          SHA512

          bdb9d069a69071a34994deac2fa3592002dba5fa2decf1da7152e316d3efa85a428c3132af2a408ba8b250d2866b660701b4e6741eff1af711c85ef2cff70689

        • C:\ProgramData\DelayClient\sysX64\HsFltEx.inf

          Filesize

          2KB

          MD5

          d05d6aaa639cb5767e67243bdc4b9b37

          SHA1

          d5a1ceec34c830aa2551096cf04761d24eb31915

          SHA256

          496ac7fcc8a296275e2d44221dcbcd83c64e7aae55b01f859d9d26df4022f7c2

          SHA512

          b4f2262dfc2ff10ff22681500b5bd52987bd6ec3b90a56d6363506304ce610d9ddfa21e344dcc7d6b4bae3e77f4ccda88fcb25523229687069c9965658050227

        • C:\ProgramData\DelayClient\sysX64\HsFltEx.sys

          Filesize

          115KB

          MD5

          a7791f17387c72ac1a4621b2e7f2bf61

          SHA1

          05cdb2b3e7f2ff36ebc910abe4e51941e6d42d6e

          SHA256

          8b5c808282ef364644ad45b95a4f11829b26cf64324f137e80c18abe3b76a11a

          SHA512

          37513301a975e4bad1082fb3c77ee143b94329f3dd9fa234508a4fce68d1fab7a1838bcebe6e6a98526607c83eae823c95e99a03f4fecaeef2feccf39a8c1c85

        • C:\ProgramData\DelayClient\sysX64\HsFs.cat

          Filesize

          11KB

          MD5

          cb35c2efcaddf33c7c522c60b7409c51

          SHA1

          a2d01430405a26e468b53ea8209a0f081de02e3c

          SHA256

          ac25b8082a617f2a17751c30e97a38fb50a7ec1c4cae0876530c5ac6699afef5

          SHA512

          daf15089d004ad97cdb10c2398082a824c56feb29b48983a48901da636208986ab79d1a5b41bde94fd64ddc795537e98df00e2a59ee8766a10579b6cf7a46808

        • C:\ProgramData\DelayClient\sysX64\HsFs.sys

          Filesize

          116KB

          MD5

          9c5533fc907911b1491935285029e94d

          SHA1

          1a3e4a5ad5c50a661149e24d2f9b2b87529db99c

          SHA256

          e1773a992a610446a2529043a306cc6a9876034f245c2fb86fa91daf16372c93

          SHA512

          486d3d38ab057908b19f4443e1b5751ed04b4f09d9becb79afea87583d5de86addf3f2ecf7d87a5adc73427a5ef3e1e4032afac1576da93f850fcbffd43ffaaf

        • C:\ProgramData\DelayClient\sysX64\MemFsFlt.sys

          Filesize

          36KB

          MD5

          45d1860d90fcf8efe1c9b5f5d83ad302

          SHA1

          ce1241a8526b45caf06341b2be9b2634a38acb85

          SHA256

          cea38500bb2c99878bfd3fd064a23936b89be029ffe4eb847b2066c3f0dd67be

          SHA512

          9091bc2a63c0fdee60949edcb06527224569becf7977b4b0f9eddb3eae81bd25150a83f4e178678f812ee568a6216caf08802ad0578c1070d8fae04ae6c6d35e

        • C:\ProgramData\DelayClient\sysX64\MemFsLaw.sys

          Filesize

          39KB

          MD5

          b5a756af37c927002e090fd495df2494

          SHA1

          bd9b1557c59660004f5c105262da9384715d1391

          SHA256

          04ec8d81a83039d31d1fecdc368e7ab3949b742e8db67aeba224da62c116b63a

          SHA512

          01e2f0008753a86fd83620bd71b3ca078ab0347bedcddd94387400b3b7123b6839ffceb0edf0d18e2758fdb978b68d11b077ff3287ba0c51dfc2aaa78e5a2fd7

        • C:\ProgramData\DelayClient\sys\HsDsk.sys

          Filesize

          23KB

          MD5

          a2299f696c1107a516f856030dde9ad8

          SHA1

          3a98ea9252028a9b782dcf5f4efe7cb9ca6064bf

          SHA256

          4b5eec172d0b6a41a04e382c0bc5d4a3d55410151e1a552e8664fd6b24942353

          SHA512

          e3b2bca48acfb7ace2561c8c7e3ebd92263f6cee034679c067c822c7b00b03e4f251884b9d31315c69d2d04e0942d928365241c2dc1986237527d49f17beb671

        • C:\ProgramData\DelayClient\sys\HsFltEx.inf

          Filesize

          2KB

          MD5

          a27feed9c2f0863bc8924d6f719b1ffc

          SHA1

          a6e6ea4fe43b8b7b681a9cb3d1ec97381ab17d6f

          SHA256

          879edd82ee65ffa74fce967b0002009ed72e21ef4f921056f7949a0352126a20

          SHA512

          b47983dcad0e45e236da69b83c15b7c17b0fb09c7f900b631246135587df9d8ec8ad5f4b432e3b95aebe127e9fe608100898c0de8676d567b4c8326b8ac30549

        • C:\ProgramData\DelayClient\sys\HsFltEx.sys

          Filesize

          102KB

          MD5

          e0c92afe4c7d2414ed52f98e88d545c5

          SHA1

          af772deeda4bd57c66cc1db4d7fde742660af7fd

          SHA256

          5a42c3dbfbd3f549928689e7517dfe781e033e48aeb40c695e2be7f7be09b528

          SHA512

          77b6817727c162b3462e898dbf5eeb373485d654c639e691d68bebce4a4d4a04359a2b0f1b38b47fdb338c34813b2076472743a9689217fa8c24d51df32d07d3

        • C:\ProgramData\DelayClient\sys\HsFs.sys

          Filesize

          97KB

          MD5

          1e5efd9c091da6076669db4a4f9ba986

          SHA1

          9a8c9134edd31a80ded02d0882c6664de7c1fefd

          SHA256

          5f1671e17fa3cae15ecc222d71b4b83b626db98a3bced80178f1d31aae467e92

          SHA512

          921760d87b20d1023a69e784b82bd17894c8d5cf1535a1e5f9d6fe1980dc6e53da8d618d1f9bdc110e56422acdfb2aaf259d92f9d60b1c589d8ebd615a356486

        • C:\ProgramData\DelayClient\sys\MemFsFlt.sys

          Filesize

          33KB

          MD5

          dbc9b8f2f63f6e30548d0bfe6cc0fa77

          SHA1

          4e66459bc2c77905271bb2a5b501db41b92b3a89

          SHA256

          3772435aeb53600d4c8477d6bf3200b49ab7e39e68b0890e6450272918030224

          SHA512

          c64caedec0618834e4bc98c91d84ab0749524640b421b107f68a4c7d7eb68a8f285565fb0b9ae8f6b0b8fc3b9a7b00f17b82d0622f5070e4c81c813848435725

        • C:\ProgramData\DelayClient\sys\MemFsLaw.sys

          Filesize

          34KB

          MD5

          cda26e45c15816c7d33fcac19b2b3920

          SHA1

          7056796d22995d2cb1a50820f02dfc9a0d4a4dde

          SHA256

          500a09942f30addabb8ca4a03ba02f7dbaea39f7fba9671626f2736b4ca496c1

          SHA512

          52d3b110d8e3981aca6a0cac7d2901c04b10ba06e1cda7136239136b95e305b95efbea449ef438a46483171fa248a5fce87fbcf84b09af4d32d0d12cc75d7933

        • C:\ProgramData\DelayClient\tcping.exe

          Filesize

          265KB

          MD5

          a254ffcf85560a63d7a8cd39ce36301d

          SHA1

          613f8195b2e22e7484e4d2c449510651e4216e08

          SHA256

          95b4e633ccb4dab01e9081b0cc9b3bebe56dd0478d51f0d0555e297cee5559bb

          SHA512

          e866c178d40307959494905cdedcc6c638bfe4be646c7f18770a07bc52337d1ae893e422e9effb61b5e4f988e2510bb9c6875bc34ee89f9fcefae82596b7bfd0

        • C:\ProgramData\DelayUpdate\ADSdkApi.dll

          Filesize

          331KB

          MD5

          d53bd2ac6dff9f1b1230494a4e3c689b

          SHA1

          bb4bcd6cc3852684060660310141e74461516007

          SHA256

          1b73bd8c0330aa9eec4871cc247bce2989655d3177519448a0acc5bd767c61d8

          SHA512

          bde932d71df19ab90576a2e06845b02f8707b12d827a7b4fd38069424fdec3014ad451432a638950377c7b5bb894acbb2c021cf2819418888e2d8dc7c3f20448

        • C:\ProgramData\DelayUpdate\AssistProc.exe

          Filesize

          81KB

          MD5

          9a06911ffa2ce428f8f4dac71c968eeb

          SHA1

          6701c6789750aaac4136edc4ca9a657cf8f62f11

          SHA256

          2356d50ca9a377491d447fae1c1f5c30e0f9607336b12b55a450c55e6c7fae34

          SHA512

          4a5d43554030c178ea90dd6f3ba611f781f1633a05904833cfb24a35e5c237e09f0e1dc5e7f52c2a2fcf0a118406c5e0880ce482a44b2d7b578490caeff9f243

        • C:\ProgramData\DelayUpdate\AutoMsgDlg.exe

          Filesize

          65KB

          MD5

          65c14fe73fccab5d7a4370bffcab92d3

          SHA1

          478c472c3be783cda9e9f60b59f977f71ef127ab

          SHA256

          e88795dcc0d296021a7f63245048cf7b615cdf7116cb368424cc112f1a02cb38

          SHA512

          fff5f0c2f4cf324d849e30a6906a664a08290331de1770996448fee629f9d22e8a593ed66a27ee25164c44a7bb77b178da784cb4ca1790e8da4ebba7ebaad237

        • C:\ProgramData\DelayUpdate\CheckClient.exe

          Filesize

          152KB

          MD5

          766cb3608a0848d59b8908f0777da00c

          SHA1

          42c724a11ac1fed3b570d8545cd96cc147ae2813

          SHA256

          925a823eaaa56d7b2d39c1b7cb878a06e4649bf2512e02b261e552f6fc663b14

          SHA512

          2bbd4370a7da1b8f1b11173d74368f09143184ce08ae82ab4017bfbb74490af10329d0810af212e5d52c0388864332a3efc583954a9795f6b54ed87d417fe456

        • C:\ProgramData\DelayUpdate\ConFigFile.hs

          Filesize

          168B

          MD5

          a627531e583b7149b3b337d952176cce

          SHA1

          254da4d7a177d8d3936af8824d0bf40b42de7455

          SHA256

          74f71ace818a7cca683aab81822756b462c7ac3f25e0cc7c132f284e22735c02

          SHA512

          45c8f0a9bc8ddbae88f99a29b5fce19056055c56115cecf65f5af911ed90bcb68551e1befd662093379cb17205009840d1f1f3692777c85150de02ace0c78919

        • C:\ProgramData\DelayUpdate\DogPwdVerify.exe

          Filesize

          284KB

          MD5

          5ac333f26278e2147380fd2118da5b04

          SHA1

          b570586001a09e62971926d80ee6d77da96bd18d

          SHA256

          b74f867f309d27a1b97fc1d80c5b2fd4907612f09a3da45f7a8f18c1592d6171

          SHA512

          507019f92b1bc7096045cd319864aaaa0d15f9e4d00c9b53945ee3f53141b9d2ac27a26f8d1232a98d9757446393ede61c4c3e0d3bc95aec1e8c6b561bdd9930

        • C:\ProgramData\DelayUpdate\File ClientData DLP monitoring\File ClientData DLP monitoring_Config.ini

          Filesize

          91B

          MD5

          ff57ef23a439aab75a3dc293b437f79f

          SHA1

          a9f9f9b11fd65ae10b01f5dfe724b8effbbf2090

          SHA256

          59e018fc4c1a54154e5f50cc780f1249cab7ca83b006f8807fd34dd4e89be67d

          SHA512

          a12de409a52307b677fafb23f4be790e42a7c9d78b7ad41184ff96a61ca7115ed93dd02e9d9b589a69a6e638df4b6ff6ab5d79af7ee746875462cc6d2e7e1e3f

        • C:\ProgramData\DelayUpdate\File ClientData DLP monitoring\Newtonsoft.Json.dll

          Filesize

          541KB

          MD5

          9de86cdf74a30602d6baa7affc8c4a0f

          SHA1

          9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

          SHA256

          56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

          SHA512

          dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

        • C:\ProgramData\DelayUpdate\File ClientData DLP monitoring\hssvchost_x64.exe

          Filesize

          50KB

          MD5

          2b4f0b3553b11da999f952cebd406379

          SHA1

          560a577330c5211c7190dff14fbde823ec824d1d

          SHA256

          daaac1e093d43528dbe2f19cdc29d63c852338ca57d0364a950d522784228e05

          SHA512

          92d4fb4d4ca14286a3f6369a3033be70fad69b7006650b0c28bc290d1400ea5af7352b04cff2892d8948bf310305b38b0c7bc6a2b7702508b6dfebdfb0696991

        • C:\ProgramData\DelayUpdate\File ClientData DLP monitoring\hssvchost_x86.exe

          Filesize

          51KB

          MD5

          4f9602ce264cbcc0f310fa9a1474ba0e

          SHA1

          f6dd209f4e87ca76606784d157bb6dc0952444f2

          SHA256

          f740b36ecc8ccea9dda957f733fcdac8396ffbece5b52b1935708df19bb65561

          SHA512

          5440ea409c1ef5213d1f04d0f53e62f75a9a8cfc4da2fdf6fd7bfde9017e112d7def5b5d6b35d9898856063133be53c690837a17ecaff6631120fffd7ed213ef

        • C:\ProgramData\DelayUpdate\File ClientData DLP monitoring\安装本服务.bat

          Filesize

          649B

          MD5

          53bb6f1acbc99147e60837cecfd03656

          SHA1

          c1770f3e5d90d087be38be9d26b2fbf6ed7ecb8d

          SHA256

          4b5c4cf787c4b6ccfded0773374cf02401491ce22fe7b9552fe6baa166508724

          SHA512

          946b7b1f02bb6c2cf6efc018a854aede65ac5e2008298751513967b68143674bf5ce3928566f2b8b903a56d0657751edf35e78ac3f91571ff4a740826b03d320

        • C:\ProgramData\DelayUpdate\FileOut.exe

          Filesize

          168KB

          MD5

          3eade5f67ef4ec302fa58a6b85cc6935

          SHA1

          93067aed371ba00986c56cca7d8711966ac72a62

          SHA256

          e0b7b680b4ef8760dc65cd26fc9cc356f96de37289f020fc84095babeaaeb5a7

          SHA512

          27a8f818af882dcfa6239122039e097e76c01b404dd4fb79b060730a0900f909a97f12e2af623f7947489554a32d3041f43933f2d374abca30724aaec3bad647

        • C:\ProgramData\DelayUpdate\HSX64\AssistProcX64.exe

          Filesize

          30KB

          MD5

          0b513c5ecaeb38576d2211dff758192c

          SHA1

          0b5db2338e9c8f3aa4d9b2e0d0dca103a42e62d8

          SHA256

          6300e2e8a3bd498a231abb5b98658976d1e6238738a2427d2a8a54911209ccb3

          SHA512

          d9e6c1bd7b46500d7243449d65462448a45f4dea3bc0cebc964dca16167baf0e9baceceac12aba6e1e93de164b095af2c8d8a0052d040523fa35ecbc382974d0

        • C:\ProgramData\DelayUpdate\HSX64\HookerX64.dll

          Filesize

          2.8MB

          MD5

          bc3ce4a92fd55a7b4302bfc5f08530d2

          SHA1

          3e3e5576861bc13c2ee52ea13b5546a8276e119e

          SHA256

          92ba6976a2091ca91af94cc561922d797e5751754c0aee756019625fdb0c31ab

          SHA512

          243a5e7277bb09deea74f805fd011d07f2d8fb1a793579702284fc049a33a038aca89d9e453dafba4ca486602ad2cfbcb1fcf6500550ca8fce507fb863e53ed1

        • C:\ProgramData\DelayUpdate\HSX64\HsAuditDllx64.dll

          Filesize

          150KB

          MD5

          3ab25225d6597bd0c5de65cf648bb1e7

          SHA1

          46e1768079f0e71b6cd10aafcc4878fbcd41bed1

          SHA256

          83d568a12668539b5fcfe8fb2b1ebd90eeb9ce81765a07f43e1a8ee3dfec6483

          SHA512

          f087878898e4064666f4255464b4dc71d5eec58f3fab228114b2a36f80dfa07a6f3a9e477a3891051a393ab5a031fa49e41ab071e21b2d83d70ea750d4291231

        • C:\ProgramData\DelayUpdate\HSX64\HsKeyAuditDllx64.dll

          Filesize

          115KB

          MD5

          e21194795643a422edd27fbbf696c6fc

          SHA1

          a86c9c91e51f8e55c13b2cf14e6d6be7f2fd0495

          SHA256

          937d40eb6f616d979ed7937ae8b305388b63fcef296906a968c76be1523b4dd0

          SHA512

          6eba7c38878e2ae2a33ccc86668ebdb3c3894ee5c8a2b6b4ed6ec0538482394aea1c486f7c5527c2d7e16b79a12fbb0d37aea85abd10cf9bd1e11c21b79fcd91

        • C:\ProgramData\DelayUpdate\HSX64\HsNewShellExt.dll

          Filesize

          212KB

          MD5

          7c6438495e22fe2a257e18306724209d

          SHA1

          e1b74aacb2b6367f69cf11bcf67757f4698fbe2e

          SHA256

          2e6629fc3520a2572ef34640d02f5540fff91059298ae7eccbb6f25a65cfda8e

          SHA512

          10c412232a4cca812eefab5fc51d62ab0caa60c9ceaee3e099963cb9b0ce531c90988bd48de8b30cb3d884c903542188a00d9f0d23e2aacae5f407347bbfb6e5

        • C:\ProgramData\DelayUpdate\HSX64\HsPMO64.exe

          Filesize

          46KB

          MD5

          0a48d4a44069d4dcc5dfdc7a8b9f59d2

          SHA1

          192743325d582f894831b7ad1cdb1020e90dedda

          SHA256

          6679225cebd41e5f6e857b717d38114f66ca8f67faf8944a00d343ee1da9fde2

          SHA512

          42f3d9245c6937ddd0acade3572960233768f5676fa1b6e6ccf6cad6f7d171de355a53fcd6fb213be004b0d6102231484dcb093cb7617b867db203e95a42669e

        • C:\ProgramData\DelayUpdate\HSX64\msvcp100.dll

          Filesize

          603KB

          MD5

          c2710f5d16a2c2fc346b6bf77e7af630

          SHA1

          4773227db24540c27d06c664c254a2cf91a84b8c

          SHA256

          bdbf3b292c82d1bc1c182c41197e19cc46bf4955d86fb4a1276cf3cabb50d223

          SHA512

          0f29466c93d5064d01de15e7a2ab9343d3c3fe878b28b0674fec4671027cd92ac1d2658ffb02259fd05e658e47979fb4a05a421f8eea85c3a33a421e57de7bae

        • C:\ProgramData\DelayUpdate\HSX64\msvcr100.dll

          Filesize

          819KB

          MD5

          ea9ef77a424ab8d6b7da16b1b4c1b708

          SHA1

          cc8b916e71465ba5fee60289ccb57ff9cb6d66bd

          SHA256

          83ae1528214cb919ef98e15d862d2b106a4e2759a0cb18f6535edfc4980e7ca6

          SHA512

          8084e6dbceee6c028c472eff4570ae17671b8a84435270ba29bdab421e0d570c12c4cfdfe5ae7b91d52480e9feaeeb3e08d506ff3d90d488aad2f5db8fa0e0ac

        • C:\ProgramData\DelayUpdate\Hooker.dll

          Filesize

          525KB

          MD5

          81ff369656051b5d328fb0fbdc3fd95e

          SHA1

          923f29e57a873bdc205593d58edcd16f69100c2d

          SHA256

          a0a9ec38991523e3b0625b40ab77c0cba59ce503e51156a0d49b4039c88f7b82

          SHA512

          c8191b12540149431f41874147a00fc2a7a4f921cce515ca3f92ed9da3305e7740cc8d95d81ca0b041c04f09a0b532500a86df7742b33dc36d62985dd9907a0a

        • C:\ProgramData\DelayUpdate\HsAuditDll.dll

          Filesize

          350KB

          MD5

          b5eba2083ee51599893318f507e60447

          SHA1

          4b9c6210b889b320e1db2e04b6525e5a399a3ffe

          SHA256

          6dfa796fb1a734761417ceb14585e5f62b2f89e4123b0c1a64d7404b45545b37

          SHA512

          bac7e4b82511811b526bb9c3fb2360b65c936ded6c4c39d08ca17a577b6ff587fcc3d3ba04862a27bd05150bfd3242cee81146c10723c8e4e55db845e05e2f62

        • C:\ProgramData\DelayUpdate\HsDiagTool.exe

          Filesize

          131KB

          MD5

          672b98183aee6c28a5d7c96eb1ec9459

          SHA1

          60cb203df5ffcf82687250a0039685ec1f69ffee

          SHA256

          a8b14b94e5858578887a85163bcf5f66e3068ac491b8d016a857846cf8729ee1

          SHA512

          27bc8f2d9bdd24021bb426df39c475de02d2a784736d1a5e75d15ef64232d61da7049ef05f0b50a0991aedfd6b1428b305b7ac1facc4afddab6317baeada1209

        • C:\ProgramData\DelayUpdate\HsEncryptionState.exe

          Filesize

          325KB

          MD5

          c581846265a84a1679968799d0955039

          SHA1

          b2daa473899ba6d5e34e67ece7c049d576aad33c

          SHA256

          44f70ea7abe1c5e0da0f45b67486a01c1cb5127aa6643f022815a8134ac1fce8

          SHA512

          1cc6bb6f95c163038fe7a10296089780fc8d041f126782cfb2f2ab4c35b8c93475928f1bf74b75d9fb84996d9ce61cb4a438eaa02e5ea58c904b20b129b7dbb8

        • C:\ProgramData\DelayUpdate\HsFileBackUpManager.exe

          Filesize

          203KB

          MD5

          8283b4511415ec882171cef412c0901f

          SHA1

          6e62a81b3381b69ab06d5f7ed48e0ddcfdca469b

          SHA256

          fd229b2a55ec478b771272aa8458c25991ee168c63a5c052e59c080e9a0d1bc7

          SHA512

          af7e9b77efa933be4b571b27b504359cbcbc2bf96f8f17f33bf0966d185ca852fbb8e9d7c51e602436b3c0213a65c7a2ee6bc9df36103519710e9a1bdc4df585

        • C:\ProgramData\DelayUpdate\HsFileOutServerInfo.ini

          Filesize

          49B

          MD5

          81a55a4a36bd5710e3adef1ae01fae24

          SHA1

          ea787c4c6dbe429ce222fc4be16615c1a1aa4430

          SHA256

          8fce8e8377b70ef7d938fcd56f64cc0090b2a04d4cbeca74ddd1a3bcd1244c68

          SHA512

          b79bfd667773c21bf5aec8edae9afd7f06ea40e886e072ee9310fd27561e0c734eea577bd3f7f692c02c12b1f87b3418ad49d421772f18d7f50af0a4e662a4ba

        • C:\ProgramData\DelayUpdate\HsGetGroupAndUserInfo.exe

          Filesize

          176KB

          MD5

          62de1d00319426294508d9874c60524b

          SHA1

          3a6314b3cc19fe76cb703b7faa86ae6e9d35e008

          SHA256

          6ba45d3e11a13177afb88fa6e1cd74c814f5cf89157b5a99649fcfb84acb4dc8

          SHA512

          1f7d669835169f11a70e7c9d9b39a19be4687d329af30492711959e47706115d97991db45b7b4ced6e262fdacd57f8fc3be5c725c3a5b077527cbe5f5ee5bdcc

        • C:\ProgramData\DelayUpdate\HsKeyAuditDll.dll

          Filesize

          102KB

          MD5

          cf996acbd264d03d5986d56ec63da230

          SHA1

          f36801bf92c8415f240fd98cee6a8129f911d959

          SHA256

          b33e688f8974669b39db264ebfe391f8e40bf1a203d726921289c1b9632abe52

          SHA512

          d671c63873c81fc2a9c7293008a006e97aa5e13a6669c10e511566c058de39dcef4fdf021d3773e12763cd4315bb0a91e3658871e02715d8830eb9976c3fc89d

        • C:\ProgramData\DelayUpdate\HsMachineCode.exe

          Filesize

          375KB

          MD5

          cebaabf967cfbce4bfafa42f0860035c

          SHA1

          8a8d3ab4c63dc69ca767e2f3e200e7410fe83d43

          SHA256

          214cb5788709b47f664a755f26f0093980ab76965ce96daf4b7373f6362f2bf2

          SHA512

          c38150f157b0a48fcb09b3bdf574f287893ae01d0e607beda5c077649ea733e01750b00d374dea9930326764fbc1ce7837efb1ae22dca2c076ba916bb977a99a

        • C:\ProgramData\DelayUpdate\HsNet.ini

          Filesize

          33B

          MD5

          3cd6f4a3a5031670ab913ac36b5e8729

          SHA1

          96d99008b94dd1a1481e75027f6e428d98408fdd

          SHA256

          463691dd02a6550d32125764ed77cbeb74c9e145f3cec3ad06703ed112c8c99a

          SHA512

          2c5e0e635acde8ce3447f9a536f30555c20f8eaf841bae4a7ab46b9d909684859bad9d449307b2243026618cf08cee2e744ec649f6c464b4916c935eef2ead92

        • C:\ProgramData\DelayUpdate\HsNetService.dll

          Filesize

          760KB

          MD5

          f5a08f52632b2019f4692fc08170182c

          SHA1

          887fba9cb8f38db5adbacc31b8afbe28fa123789

          SHA256

          2ce98c01312bec8ae6a3c8b9ff24866c6b090256a5b237af067a7ecc5c7cb0dd

          SHA512

          14f61c1dd6d4c58fd13bef744cce95a2c1f4686fe2c1ab3a6642f715eedd5a347da6503318550993d97f628345ac101a6c2186f01e028cf000bfe6426e7c0902

        • C:\ProgramData\DelayUpdate\HsNewShellExt.dll

          Filesize

          177KB

          MD5

          016385e4679e0259984330e0b3f7780e

          SHA1

          a1e2bfa88ceb2ba12d752b59da112c024eed6618

          SHA256

          73f924f8f5edd7dde3bb2029af809429245eea2d4cb69e05de9205344b7e300f

          SHA512

          98e25f1b794364c39bd2cfb4a3ecc7453ca9b0b33ba093aeea964e3fc1fba6559b13f0f414ef75ab44a51f32dd7eb5f80d7489adde98d7db01b43af24bc1279a

        • C:\ProgramData\DelayUpdate\HsOutlookSelectCC.exe

          Filesize

          128KB

          MD5

          e3c0ff058f33710b78a9500e738f8564

          SHA1

          d7ae26499df4219b4e26f63711036563e75f92d2

          SHA256

          17d1bb8f99693df6f2609f751356acde4449dd860d61417bd7a2f4aee2d3d8d8

          SHA512

          5bbdd6514b6a07220eb9835fcc49667a3579c914fbb065674238aa3d8e24b04a40256f30e24a728fd5a23f424d27942ddc5ba70354bc2efc5173aecfc469b389

        • C:\ProgramData\DelayUpdate\HsPMO32.exe

          Filesize

          40KB

          MD5

          08b68e7ecde918d0ad72637b9e14126f

          SHA1

          3ec6334ee7ea5e29ffca64a292d676d225e7ef13

          SHA256

          d6f342b09977d355cbc9411ee076492e4160d2f496168fd83a958520abd4729f

          SHA512

          78499eca765252766960565a4f102ebbb1eb4715f50fd382bcf5d6d0d17e63f5db3d2c298b7edee4ae81f59a4037f0c86ae2c9fa66ae0a00ef4275681cdb0d15

        • C:\ProgramData\DelayUpdate\HsQueryLog.exe

          Filesize

          176KB

          MD5

          c42fc36d86782d62b80b0c585fcd2921

          SHA1

          9a7b2018cd45ce9ce7f321791f5a08de44072b4e

          SHA256

          0d4fd47b8fa967b21528d83a6aa6acd78e90c4c728e42430a0b0f224a5d66779

          SHA512

          8638b4b128da28b162308bb92465267b9b576cc74043e417a2e0228758be20f9a8f4bca981860fba8c741468aa8e70b47249aef2d91ccf7a7637716a9000ac68

        • C:\ProgramData\DelayUpdate\HsRightMenu_SwitchSmallIco.exe

          Filesize

          64KB

          MD5

          49e119b04a3d47b18a259fe030a5bd8a

          SHA1

          d4c5e4a43040ffe8bead3cd30655b1d79c5cb754

          SHA256

          fa86e48e43ffad537d83c37ba379e4ad01542c2e33bc9ad4c2dbd086cf83d5d2

          SHA512

          7976c724e2a9b67afb6bc78df0be7e4056df9dd5da2b783d7386ddbc308da86d76e2facf0887994155fc74f42c80f2e70b7bf10007829fa3aceebbea979c63bc

        • C:\ProgramData\DelayUpdate\HsSelfCheckSrvx64.exe

          Filesize

          5KB

          MD5

          78e0361f9924325153b62006e19db5ae

          SHA1

          537c69bee2829fac6c61375002b213149d30f517

          SHA256

          40e004fd9fb7199ebb5b4a56dee6f1f68edef00085cdc92353e6d4aa1c6a3ad6

          SHA512

          cfb01d25555b43428ee23507278bbf5f116fda1c67408d605c18bb9c7a652ba4abd29cd6f38fbc28a83aa1d0380d3db499a216d102032337361678c107b376cd

        • C:\ProgramData\DelayUpdate\HsService.dll

          Filesize

          764KB

          MD5

          47cc36db25d2734d2448a525492419a6

          SHA1

          2f1d95b00c1f79a8f40075f696d1052ab4410c50

          SHA256

          4f3082d3a439f0334826f8c690fcea85f6bc9fe4b253acba5471a91731849d7b

          SHA512

          239c9fd74ecba0eac4dfe0e663471c777bf2b8fcf86a784a3c147f99aa60703f8b7386756887b23ed05abc092115707cfe902757b80f2ed1b88f4780329212f6

        • C:\ProgramData\DelayUpdate\HsTray.exe

          Filesize

          919KB

          MD5

          a91d9b4786bc872ba227246446e0b404

          SHA1

          13526c6ca119f2d9e644b9b5ba5d4eaf18b598df

          SHA256

          1609d70d917940ba202b4bd30dade1749e682d2421867d70cc1b0966b34b1407

          SHA512

          c3dd6de595247380c7dd9127293508e368e21ed65bc5a43557f2f391fe687a853db55abd912659a04698accb7b0b136a6677b4eadf783843bd99cd697c1ae105

        • C:\ProgramData\DelayUpdate\HsUnpackage.exe

          Filesize

          2.9MB

          MD5

          8eb189f200009f833f0dea5ed8ff0760

          SHA1

          4eb3735e6eebfccf958ff743c208043ff9f7837c

          SHA256

          8da32ed7825226565a12ba450db8944ad9935e9e3c061a5f6dfddf3b341168ab

          SHA512

          8a0e16cfb3b4ad5ef56b44bc187e2e89579bb345efcb7380c3be553283318ec5b428da401e3d01949487aad8bcb6a50d6eb92700b67764ce05dea0a74d695b86

        • C:\ProgramData\DelayUpdate\HsUpdateLog.ini

          Filesize

          32B

          MD5

          05c76347b40c9da6da7db7675c7dc54d

          SHA1

          2ba2c239b6b28fb0c1d76c3940ec89e5cb58b2e3

          SHA256

          f4bfd260a488e992b8fbc9fe3f8eaddf22e590088c2da080adf21baa4d6b5a0f

          SHA512

          1d8168497eb716aa92f8aaca2eade23df3f439efd02009fa51a7a6423b8088e36f3823c3b98581547c881c2c21788164d649a754952b71cb95c239b3842c26bf

        • C:\ProgramData\DelayUpdate\IfShowRightMenu.exe

          Filesize

          64KB

          MD5

          ee3de767edfdbb112a2371b5227db7c8

          SHA1

          6b8d324c28e7e1ded94d92e4baea052cc932cc68

          SHA256

          2aad1fcda102750bb570e6a841cbaee0ca49d7c5594e7d03d9e148add5bae7dd

          SHA512

          5eb61b4906f369ee1532f1dc7bdc749b1f6192872449e95daac48411ace9414928f590142b7bf953e2fc1d5a30ed7841116bd2d54b723a2d1df9634edd6895e0

        • C:\ProgramData\DelayUpdate\ImportStrategy.exe

          Filesize

          184KB

          MD5

          a11f926a4d356f70f0c3301c5afd94c8

          SHA1

          5c7437d2808fb483037c5df899ea632cc7fbffc8

          SHA256

          6530d31273ac8de5a3d80f8ce0bcb8fd0776c070006922f2883c35aff382fcc3

          SHA512

          061102ece74e41964788acd660306aa71e077e450bcfae99ee11945a43c5c07180e83e99bdedfa8f3a55daea03db897fde1155dacd204a65b8d4f3f8d92e9f90

        • C:\ProgramData\DelayUpdate\LeftDownDlgProposer.exe

          Filesize

          72KB

          MD5

          2a5a331a364bb487f2a30cbf890372ed

          SHA1

          6673dd63ad7d43ee38aa59b33ab0fefc6c929cf6

          SHA256

          d33d4753b2e7dd7f96a69318ea4c94104fb0bf4633cb6871101cc1f6a7e3d7e0

          SHA512

          313763e3f2fd8a45f961457aac7672245ac20eee6b4504c0bdf81a07d1d2602ea3d5e27957662aba7b9d9cdd2f3ee644fdf0bd7a4939c4f214ca75b19cbca517

        • C:\ProgramData\DelayUpdate\LeftDownDlgResponsion.exe

          Filesize

          72KB

          MD5

          d2b2e010e73aee4b8c0c6a6e0dc3ace8

          SHA1

          8092fb3128327e655c62355f241fbaea32736079

          SHA256

          d4521419c391b3fe96870751111c14fe615dd2783815829ca9e48e939bec41b5

          SHA512

          3b6a1fbff4559402eae89d3e3748c58cae4bf24a1c96d380c13fa7d8da6bfad1d67e21a86da73d16473e23fdd2743d22a9184c31a5a575ad1b12c3a547f5c621

        • C:\ProgramData\DelayUpdate\LeftDownDlgTip.exe

          Filesize

          72KB

          MD5

          bc7f619eeeb8ab9c86d3a6656b3f7ffd

          SHA1

          6d7d50f456aceea9ba411545e177f276f49459d3

          SHA256

          ee42d40072846e0e7c829079cac8989fd7e8bcd3bc8f633fd121883713ca81b8

          SHA512

          f18dbf452ad670e63f38b896117e10a81133dcebc26a052eced46b78c6d126dfd3020e1dba9f0de3ccba661d1e764e792ccaa2ef6b8531bcc12f104d23ddfa33

        • C:\ProgramData\DelayUpdate\LogoffMonitor.exe

          Filesize

          276KB

          MD5

          fe1601be693b1dfed46c46e555446863

          SHA1

          02b913b9b5f6bc298d60be044887405e8b44a265

          SHA256

          9fb86670dd09971c95c7a9d6bf846416379decbb12ccc6732b013038ee25a766

          SHA512

          c8e9d865db7cfabc1ea0de3e693f4fec76d7b44ad8b0855022744f136f1047cf0181a67bdee0c7dd680aadcfb25f2f27bc38378c8d36b4a07af922aa7f36b947

        • C:\ProgramData\DelayUpdate\UpdateCfg.ini

          Filesize

          102B

          MD5

          27b2bd0c2c38df8f2f124698b17ed5e5

          SHA1

          0983f2c5edde95120d4f5a8a08dc1acae4a5bd80

          SHA256

          edd5d9e4f680c8f275e6899fa5329c83bc111b5788343477739a89080ff72e90

          SHA512

          ee7c7a13e286366ee8001b9da3ead9c0bde98bcbcfbecb9a36ee39cfcf58000820e3591af0dae0386aa1a335ea79254a95c67f81681e27ab70e4d7520bd996f3

        • C:\ProgramData\DelayUpdate\atl.dll

          Filesize

          73KB

          MD5

          2faf0f57c2baab96c578998515c26959

          SHA1

          496234ffdc85506986a39cbfbcd3e50e59f75d51

          SHA256

          2e96d983e26fdbb294a63e66997f50d5158d681db5df358556cca27e34c71bb2

          SHA512

          a4ce2b776d33c6b6aa2e9a434e02f89306e62210520f584bf57258f3ec98041744b6d90ade6bd73f10e9081e1fdcb71e0f8f3d85c772e281c774330cedb44531

        • C:\ProgramData\DelayUpdate\atl71.dll

          Filesize

          102KB

          MD5

          43ab669d0d8472b92016b9d4caa68550

          SHA1

          c185df66356b0c6fb8a620dac4a43b091eedb8da

          SHA256

          a969b9d130dfad7d6ccbf4b4529b84aed7c90f3518024dabe5564acc864b4da4

          SHA512

          4d5b6f85892e277024d9260c540bda178ee61538914ffb654975c58e175f422fa72017563c8c0f0087a23633a06a9e6b883d3190b636184e24426f42f9daef6a

        • C:\ProgramData\DelayUpdate\atl712.dll

          Filesize

          87KB

          MD5

          454562b46cb45aaf3e5b55ea14ab22db

          SHA1

          5501967abd7027d9c9620f0c67117eaa8ce8821c

          SHA256

          38ffc8f2641d8da00d405d0955919881eefa4fa263fa64ed0862cc5899536a0b

          SHA512

          03d63995cec1470ba0eeb613c605b4322273448f0631bf480afe3ad0c4f3383e5dc96448304e5a9b926e771a96fc2da7f73a991eca93a8574e35bd49890329fb

        • C:\ProgramData\DelayUpdate\config.ini

          Filesize

          501B

          MD5

          0d1838a9e34493f113e7065aeba62b1a

          SHA1

          64f4dc2af1a6bc2c02b211fd66c5847ec134b00d

          SHA256

          f741b0e36db5d647471dfa4169b4f00f5cace94dcc8931272c090da3a336a345

          SHA512

          6c1195ce12e58637f1766595f9e74058132d5b55a6d5914b115a0309e4ddb6c4485f293125d0bc42132a26b94206dd0fd19c21e12e1c91c82124e5bdc2f7bce8

        • C:\ProgramData\DelayUpdate\configex.ini

          Filesize

          22B

          MD5

          a99c837df56b5311cd17889bfbad7cab

          SHA1

          fee697d5406711f3079dd0f5ac450c5d1de1db84

          SHA256

          71b23414a9f4d5c5b3f4e5ccbd6f59e98f15443545c2ff9fa9b579a2de51dadf

          SHA512

          7d0959ccc25e20b9d0fd6758db04a75bf331938f452b09fe9ff709b5a96ddffd7aa092f0e8f454340d218204c210b85ccb640ca499e72a8ef6bd31ce47179102

        • C:\ProgramData\DelayUpdate\detoured.dll

          Filesize

          19KB

          MD5

          f41f6709174fe80c7fa2823a9bbff47a

          SHA1

          1de4ab244860fee58eb66af73591b3dec47b48aa

          SHA256

          9142e9d6f9595341d83d9921614d2cb3c38550a37f40e212353e3c632054c395

          SHA512

          476dbc523d8e20c94e338b9d4a85e78419781828c670bd232b2ba28db41578b5a5e8364ad8bfb2ca2e7396f73743bfc04748e6ae2f583a10f6d12631b55322ea

        • C:\ProgramData\DelayUpdate\hsmonitor.exe

          Filesize

          733KB

          MD5

          57fe760af622868f58144721ebdc4fc6

          SHA1

          e5d5e2bb56660184d5134ed6296a330b04e55008

          SHA256

          138388c8bc0b203fc18142493bde010e4bbe52c92572af50013adabfeae25172

          SHA512

          be33e8471e47cfb4d9cdedbe279bffcb8f50f37698c1b9d29d2a03abfff2aaa9fdb7d685f2a83aaf5894abd3e4bfa5f91b8cd39ff2d1035601fb29011f105ca1

        • C:\ProgramData\DelayUpdate\ico.ico

          Filesize

          14KB

          MD5

          ad4a7031e54f1673b153e7b819a50747

          SHA1

          b8ddeea88db75faea33ec7dc734b1ced2a8a6d81

          SHA256

          079dafc0deeaeea24f65a8b70ce6c292e6a02f09c9d8937f33d576a41565f28a

          SHA512

          f13cac6c4470294122a4b007d4f80242a959d7ed64fa34d8b84baada087368412b82675e65b553f4c0f5feb6ecb2cc65d7f53832019850e5328f14711762461e

        • C:\ProgramData\DelayUpdate\ipt.dat

          Filesize

          7B

          MD5

          d11d3e9375045ceeadc1ea23c775dd1b

          SHA1

          90af8e5371ffa8a41c380dc2dcaba275a4aa3d23

          SHA256

          1481e0ffb6673d06f85aa0105c825c62ad8bdbf3ecb337b315ddf11aee9082f8

          SHA512

          85ea0c885386d9107741b74f9fa882a13acbc50e940b85f7a7389cae6fa0a721f5fcb490174832f08c55ee2c7d6e5fda99800ebccb92785c3a0b8576c8ff8a76

        • C:\ProgramData\DelayUpdate\mfc100u.dll

          Filesize

          4.2MB

          MD5

          6fa35b9463ded299a86e8dea9510a6c1

          SHA1

          47a31b354ee954e3c374e558b9acaeefbcd57cf7

          SHA256

          05058d7bdd65f60b2926c3e28ecede9a92cf49f82ed272891b5426c722507448

          SHA512

          ec00543bb8aace855325be4a7795b6f668d212ab6976b435fd626eff1cc113bb86c5482c8cf79f62822035a412c053d6f3a216f3d7a170e7a7c1dd858309147b

        • C:\ProgramData\DelayUpdate\setup.ico

          Filesize

          6KB

          MD5

          5505e871cbe601d4011eb330b67d8113

          SHA1

          aedf9e0f61733a196fedcbfca054e9dd410d01f9

          SHA256

          ac62c3aebbff55ffc6b90caebc442ec16c5f4d1870ddabca0d5aea219bde5115

          SHA512

          e0cb9308d697f5fdc6403eb5efe5ed6b047ea6c2265808735d381d7cdb762aef2b6cc5e1f06bbb32b32c0215fb3a6c8600b0699f77e4ae9edb0a93239d653e5d

        • C:\ProgramData\DelayUpdate\sysX64\HsDsk.inf

          Filesize

          1KB

          MD5

          dea24bbe0d824ff03561cce313b2ef31

          SHA1

          35a89e9d7b3814f121055df288f08c9900df46d2

          SHA256

          a26bc42e0b66d47ffb7ea2ce7cb301d5efc3a70f383bb49f62ca5b697fe89e6c

          SHA512

          18730543dca77ba95115e2ad8874398f81af265e01ac90d1573184a7d121d372ad5562911c71abc91c20dca13b430345a1206dc9489e6b321b765989117ac93d

        • C:\ProgramData\DelayUpdate\sysX64\HsFs.inf

          Filesize

          1KB

          MD5

          532b91bf510e4d79d15c83ddfcd5e9b3

          SHA1

          86cabf86c1f4bfa912beecbcb5350f7adeb04335

          SHA256

          8b5b23b6faa3de42417c35619fd84ced7e4cd287479148ffca82bf46ef2ce4d0

          SHA512

          ef1a40f9fe939189c845e3e0701c7a06dc99d56f9388cfdffed4d7306e005dfab9a2df75cef6f7a3595f3175e13b3dbe619e9c53ecec265d8ea91864bbc4fae0

        • C:\SendFileTool.log

          Filesize

          876B

          MD5

          16f10d60d6ff2babfd64eb5b657356e4

          SHA1

          a86c91c770f245d58961f20f7ebc83667ca2a109

          SHA256

          a6ba379d60ced893519f4b7e7330238d31f3807bc52721e48a36b3a72579bc0d

          SHA512

          f0641d0f33a435d268196ca74eb1a4e4dc0d08a679a838213207d972c78dc5b70b9ab25575fc1ca5a65c51bca52c94473e2d9ed786e54a2913d8739975d03566

        • C:\SendFileTool.log

          Filesize

          626B

          MD5

          e6278ddacb1cd77f150958e5c05813b3

          SHA1

          74d55870da6a706845391579b6f73a8f9b0fa362

          SHA256

          dc3533bc9636b574d5766ec4c8becfb9b78983d0ae56ff9a145848d85d76dabf

          SHA512

          f3967813f983f351a08b396c8ee39a1bc485c683ee0e590a93d49e9bde359fc36da755fe2ff99005b5050e3eecf7954211a2342ef45b868c065a3ad5834d7416

        • C:\SendFileTool.log

          Filesize

          2KB

          MD5

          3d7109586546004f0227095397db6e32

          SHA1

          fbeaa1e430c2daacfc0bbb81d6210062a6d978a1

          SHA256

          15d712c80356888548d96f3d09654949c3908a797af85972e3b1b814aa43ab20

          SHA512

          0f2e35e17ea8bb9cc7c38a087978987d57353a5a6ae6d2aec5ac48b2e3d2327d657895a91236b24dc2669faaf59e29c9fd0a69fa3dad8931c6aca37a2d2ee6a8

        • C:\SendFileTool.log

          Filesize

          2KB

          MD5

          a807b877334d7d4c24d7c9c33cdb0b5d

          SHA1

          5e340d252e49facbce65e0ff88858b7772ff1043

          SHA256

          4bd10443b61e9a673171c34ed754fbcb7264d84bc8deee798461efb8c79413a8

          SHA512

          d48283a6eae2861751582f882b1da0373f3be7c0b10d4d6e1c4483a812730e5c34fdda1f0f68c0c6fc4a1f7022edaa211e16d9e56fc0de917781808cb041478d

        • C:\SendFileTool.log

          Filesize

          2KB

          MD5

          ea85702a30cd5d3ab5b4c8660210c30a

          SHA1

          d55743e8e70345cea5940769d803e4f83b3ce35b

          SHA256

          87f016c42b233a6f2772a0dbc36689ef2ee5373ddf15c8c6a4c49d7e269ac4ba

          SHA512

          4a8b6d5e9a01a15c4a11cbcabae785e88c90eaec8500b21359ce801b694cfb18ec9d32e40c3eb05630a7649360a9ee796613b8cf753cc9f93d9cccd51ddef69b

        • C:\SendFileTool.log

          Filesize

          4KB

          MD5

          d6f61fe506a9018b077b63ad75594fcf

          SHA1

          22b86d2c49e51fa43ba68a2ccb23471a71451084

          SHA256

          6a61f9c24b960c9f82285b171fa719d74bf2aadafd66b730bc2c05899f46f82f

          SHA512

          3f42417150a4f1d9f9e14c537a6d04d9c0169a191e48140e72bffd7e3553978e275b53e5f6ea291c872af145f4f20799ed6064b848d08753ea1e83cb66bfa1cc

        • \ProgramData\HugeStone\HSKeyClient2\ManualUpdate.exe

          Filesize

          2.4MB

          MD5

          b15352e86bc56f719d22fad39b2111a7

          SHA1

          0a29126b509058d322801a0fbec3ecae5e3edcbe

          SHA256

          a9f730848db9ab6859b7f07cc9b50ebbd8b170e3ba3be5d0b295c240219c24cb

          SHA512

          709bacc88a69ff2f9d95a84aaa9cfc048df1801602c9e7d608836b5cd1d2b4a01bbcae6c5689e8fa68d2bcc3e4e8ce72f1619c758481b9e30b6e207ed1a8e55c