Analysis Overview
SHA256
d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12
Threat Level: Shows suspicious behavior
The file d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Checks whether UAC is enabled
Adds Run key to start application
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Modifies Internet Explorer start page
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 14:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 14:07
Reported
2024-10-21 14:09
Platform
win7-20240903-en
Max time kernel
119s
Max time network
110s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IELowutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\AlternateCLSID = "{29D5EC7E-6245-4DC9-9E53-A9A945AD4ABB}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000008cc9bed7debc970b43f0122dd6f911da3e3de10a5b41d09d938bc6e27fb3078a000000000e8000000002000020000000ef14d23285fd9b93ae63ecbb0be6b7b4b9655a8ab0127bb792c15ba3afab7e1110000000773ee1810740dd4bf2dfcbdad9bc6c6140000000ac39800e46c9884edc4c0b78add62093803b199dc933f3e4051c9e2e38d3dc63b3d45e61c5f78f457cfb42e34532314c25f5855f447f3ff4c79f6fc3ba3c38b5 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{25A3C2C9-8F6E-4140-BEF3-535D4B9709D8}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170}\AlternateCLSID = "{25A3C2C9-8F6E-4140-BEF3-535D4B9709D8}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\AlternateCLSID = "{2B577565-36F7-4351-B2E7-DAFC75E9D72A}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd30000000002000000000010660000000100002000000013245be2b5a0e12dc7ee640a5728d9132dc4e6f7cb2c5ab824d78fcb99c6ef5a000000000e80000000020000200000003fe267ccda4aea174a72790642f260fb78b3fef1b7a244af724de7c9fb96ed12100000008ca7f42e0b81ede78d78789558a7b6ff40000000474d2ff90d35e4db6a1bc3b2214ea790e637e9d1403162c9afda3be871ec5d7940190a39da78424e2f93021f641b690809ea89b3a2bbe53cd3df627ec6aa198b | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000001e13aef618cceeb1edaa4a610514d79a7b416903d34dc843a612acac71d2c7e7000000000e80000000020000200000005766ff1159fd8ab8ac809dc12e7d932b34595868eb94fd9ffabfd2f2d9035ef1100000003846f8fae7236078bf655e4fa400c21840000000469aff0748a1ab5942afe4bb23e36f5a2ce14693adfac7005d4e5386a998ed146de90263ff7c4e69e27945e42b59f1903500240a24cd8d5ae1114559876372a7 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000003e2a9e5b9ddde62af0cf2714c12fe95f962f1acda3ab51d7eb86e14ce386a015000000000e80000000020000200000005460530e1a5fb5ad7829b58605d5500525bd878b5d9acabcdc18774a8e81495e1000000090c43259edfb1acd35ad0e15ab1670e240000000abcf8c84753992423fbb392ec59ccb669cbfc120ea17b45927a45739d7b26a7b8d6be295c19fea7bff92a5578d655329365a9034a478850ef086d734fd12c218 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000c360414714ff40700415b26fd8d1d6ab370d3bfda37afd6364c8b84aafe5ca20000000000e800000000200002000000009e7ee0dfa0855724ecf412d3000e2bbf66bbae3e267b1e6f3239014a54690481000000047b12f1bfa8386c93b52837a6de6956c40000000025454263fc205392e4d97c52818196a4653555e7bbdbf15e74465e7a1c064ab653ae5319680eeaa2ea11214b71e0f18f43382b01160a0820662d59716b50f69 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\AlternateCLSID = "{962F28D6-107D-47A5-9515-2864454CFDD1}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\AlternateCLSID = "{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}\AlternateCLSID = "{E2D211D5-11E4-4D9E-B6DB-1E902C851A49}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IECookies = "|affilID=|trkInfo=|visitorID=" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000d52261bbd9784c3afbcba0304097012359ec3c6d6c94706f87c5cfecd3645861000000000e80000000020000200000002284bed94f47e04a9d8a09620444631f619ab23aae459b42277403146162aa741000000099aa2eeb561c4b509d6cc0ddc92ec2774000000003ee5ae7decff5ea7095c44a1344da24c68dd7821a8339e3962fe91bfda75b0fe38019c83f3c47a5727259397f40c8360f618994e5cbd81a8e0d8232af216c87 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{80B51087-CE4C-4FAE-8401-B6B3809DD234}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{612685EF-57C8-469F-88AB-E4E0B595C5AB}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}\AlternateCLSID = "{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{962F28D6-107D-47A5-9515-2864454CFDD1}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}\AlternateCLSID = "{29D5EC7E-6245-4DC9-9E53-A9A945AD4ABB}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\DisplayName = "Delta Search" | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000006068908fde9009bd43a987ec0b0b775dc6b91e27691539259f882820fe709ef5000000000e80000000020000200000001cd570962aa919d3553c7375b57ceed267499fc33bcec97ac988cdbcdb6a6cc710000000f6cc1c4b39b6c7d1c5e56c88aa5153d94000000060829acfa3c40d09f83f3f0dc98d3c9272797f292529a02207be06a956d9b60a778d5fae5446cd9cab586666797e11230cca9cc260f95e6e9f9fe6d7d819fa92 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\URL = "http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5FDEC60424AAF5E1&tsp=9061" | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd30000000002000000000010660000000100002000000041e903fb31b8b63c143bea0f9411546cc3eb713284c1829d670427ebf2f6f2e5000000000e8000000002000020000000a5147a6b314b7daa7dd841f6df7b1f3cccaee35bd3f1d41b3451454fb472b2a6100000008e3492dcdf9e05b6562e434f0b6a3ceb40000000f6613bbd09d950456400fc44450842097b9ab8ca08f49cdee5e49178c7c638bee8dd67f7ac6de42843a8d5f67b4942ca0297c85d6b5fc5755db9106917f67461 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000ac4ca84bdd6295dbc55d33de18a63752456583621d6770e88b3e06aeb28f5449000000000e80000000020000200000006538bbf3dd385a6f35c965a8cea6bf009873f26cc08c285e0f0f0f94723a305a10000000f27e9fbb2bf9b4e724d1ed5b29e4119a40000000cce2387a0c077b26149641aba27d24508219f51ab57d48908f4c4d03ec35928c46a8ff21cadacf3cccfd38476a9133366594897c1ba7b8bbfbd1d19f6d0e04f6 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000c84f853e3c8d189588726960ddf37dacc9b387c0c6172b3f8458705815ea6407000000000e8000000002000020000000c6d2a55a397a1c65e379248c235f6a93d975a015a3e7236e3f20d6fe20287064100000008adfd8b6603ea1c4ae84cda5d1aa69ea40000000fc9f65d4acce63cc1751e2dd32bf38aab135e52ff995e82b7d99c7d55dda0b4bbb2aa13747d66e9021c5a4641c77eb8c4eb5c6ddc0dcdfac68353a5fe6a12b0c | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE11SS&market={language}" | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd30000000002000000000010660000000100002000000027d74625637c9977025d908e523a8c62b387bbe0ee0856c0de8d6cb856f559b1000000000e8000000002000020000000c97fe3be2bc51e04a7294c83ae5270143afccf9733cb77144521712ac7fc6083100000001873163facea87b08fa39e24b6e00479400000004634a936811e872e1ba08b14aec7a4c6d77895ec68cf50b7e0959389e02b1bc9fd3a9ff30a7d1a4c34868bfcdad4c2fec83ec22b8aed0cacc89299912660f9b1 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000041eb1697224cd5afb57a87233662fbcf94a84493f79e7ec86cf61e1fd4e7e30000000000e8000000002000020000000a4771b37e9d06717149719492dc675083b474730d94d1d24cfc0a71daee395c210000000d86a66e0aaa1f8d7b20bdc0d849775c94000000008bbd1dacf8879dbf61fb4285efb030cc224feb790ae0e22172557473e472bfe36419a956603490c191232554784e6bdf3296cd1a29115d7d7f05075839c8a75 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000003ba7b45892d38edede34ffbde7efd16f0bf068777568c34244cd112373670453000000000e8000000002000020000000cb483fa386ac0bab78bb057a0da1a0c7ac8f3c3670a8ff4712b8e8491fa8bbbc10000000cc9a8edcd9f7bd6064a07293fe0b697540000000c2014da19b13cf40c2e293f6de5b442d8a7428979239c954123cb80984fa6d6c4fdbd78495837cc166a28da6c2694489170b7bcde2485010a6c2ebffdcd85617 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IECookies = "|affilID=|trkInfo=|visitorID=|URI=" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\User Preferences\6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000007f50415414b2584272b30ab349d0605aad3d8699e918b2a66e039492a87f3531000000000e80000000020000200000000d47ec6bc630cfd399bffcbbd81a67405987ba1c9728bdc6aa8b66caaeaa6b3110000000502e8693dcee676d5de6b9d1bf26af2a40000000be05de414ebe3128b359748b538a3e37f43104d13863ba1be6a5caa2007767447313e11153e2f19eb213703f44abcbb0557b026e71c6adef7f68c1361eb81083 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.delta-search.com/?babsrc=HP_ss&mntrId=5FDEC60424AAF5E1&tsp=9061" | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\VersionIndependentProgID\ = "COMCTL.TabStrip" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\ProgID | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\VersionIndependentProgID\ = "InetCtls.Inet" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TabStrip\CLSID\ = "{9ED94440-E5E8-101B-B9B5-444553540000}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}\ = "IColumnHeader10" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\CurVer | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8628-0FB3-11CE-8747-524153480004} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53749718-F78D-4A67-8703-8AE050075170} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612685EF-57C8-469F-88AB-E4E0B595C5AB}\MiscStatus | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\ProgID\ = "COMCTL.SBarCtrl.1" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7791BA50-E020-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}\MiscStatus\1\ = "131473" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\ = "Microsoft ImageList Control, version 5.0 (SP2)" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\ = "IListItem" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2B577565-36F7-4351-B2E7-DAFC75E9D72A}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612685EF-57C8-469F-88AB-E4E0B595C5AB}\Control | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\ = "ListView Sort Property Page Object" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{612A8625-0FB3-11CE-8747-524153480004}\ = "IToolbar10" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BF877892-E026-11CF-8E74-00A0C90F26F8}\ = "IListItem11" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59291-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{53749718-F78D-4A67-8703-8AE050075170}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{962F28D6-107D-47A5-9515-2864454CFDD1}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Slider.1\CLSID | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\ = "IImageList10" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}\Control | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\TypeLib\ = "{48E59290-9880-11CF-9754-00AA00C00908}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{29D5EC7E-6245-4DC9-9E53-A9A945AD4ABB}\ToolboxBitmap32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7}\1.4\HELPDIR | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}\ = "IProgressBar" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80B51087-CE4C-4FAE-8401-B6B3809DD234}\Version\ = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl.1 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2D211D5-11E4-4D9E-B6DB-1E902C851A49}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe
"C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe /mtb=7 /mhp=7 /mnt=7 /mds=7 /aflt=babsst /babTrack="affID=121529" /srcExt=ss /S /instlRef=sst
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe" -xprm="cat=delta" -expg=none /mtb=7 /mhp=7 /mnt=7 /mds=7 /aflt=babsst /babTrack="affID=121529" /srcExt=ss /S /instlRef=sst
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\4008E0~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe -latest -tsp=9061 -xprm="cat=delta" -expg=none /mtb=7 /mhp=7 /mnt=7 /mds=7 /aflt=babsst /babTrack="affID=121529" /srcExt=ss /S /instlRef=sst
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\4008E0~1\Latest\IEHelper.dll,RunAccelerator
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink.exe
"C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink.exe" -setup 3 -wbr 1 -url http://www.delta-search.com/?babsrc=HP_ss&mntrId=5FDEC60424AAF5E1&tsp=9061
C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe
"C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe" affID= dlb=1 slp=0 slppd=3 tmfst=5 mxpd=5 slpcr=2
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\4008E0~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:9876 | tcp | |
| US | 8.8.8.8:53 | info.babylon.com | udp |
| US | 8.8.8.8:53 | stp.babylon.com | udp |
| US | 184.154.27.235:80 | info.babylon.com | tcp |
| US | 184.154.27.232:80 | stp.babylon.com | tcp |
| US | 8.8.8.8:53 | dl.babylon.com | udp |
| US | 198.143.128.244:80 | dl.babylon.com | tcp |
| US | 8.8.8.8:53 | stat.info-stream.net | udp |
| US | 184.154.27.232:80 | stat.info-stream.net | tcp |
| US | 184.154.27.232:80 | stat.info-stream.net | tcp |
| US | 198.143.128.244:80 | dl.babylon.com | tcp |
| US | 198.143.128.244:80 | dl.babylon.com | tcp |
| US | 184.154.27.232:80 | stat.info-stream.net | tcp |
| US | 184.154.27.235:80 | info.babylon.com | tcp |
| US | 8.8.8.8:53 | a334.http.cdn.softlayer.net | udp |
Files
\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE
| MD5 | 0f3b66c16ca1044b8867921a4664015a |
| SHA1 | f3c3e44f8c4cf287194a557309dd3734db2b6976 |
| SHA256 | efdf55bb626d5dd621f2b65b26bfb9d7f251dfbea9c8dca397592a41f586b522 |
| SHA512 | 194167f7acac23b94f39335d85c0cf3b4a357c392042f89b241410c14d19365c9b01ea65d70889306ef6226ba200a7f64069b7228f543bfcd30c4af98bc9ab17 |
memory/2352-24-0x0000000004210000-0x0000000004CCA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\comctl32.Ocx
| MD5 | 1fe8ce3f5288bd3d53d188307bc7b218 |
| SHA1 | a9f02a6a5effe3b9043a77fd8b56b1720a7c32be |
| SHA256 | ba86931d5386cf5311a6b62a619c9c8f2983e37d2ce752b21106570121c8fd32 |
| SHA512 | c5fcd3f1f04e9a0aa0944b6feddc498ffa4d28a7b1a38e2d5674d28318cd666d14954eae06f9d0181639b5ce57097d0d47d9ad2ff20f1e93450b91db24cd9603 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSINET.Ocx
| MD5 | b920865c9c2f4f28151b269b3a8b11aa |
| SHA1 | 3a010883d5c1d4cce968c020f51e1961e3651bbe |
| SHA256 | b1212253d0c2b96dbdc6985b93338be288b0c8d827481f9c607dde5bdfdbfc6b |
| SHA512 | a463377b6a612a9ee82b4d2891b8d01df1b2770e40d8065e5d3e8a33b62171cbeead589599728d3349e4222b2207bb1b293b6510de26eb5820cac6cf284d526f |
\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe
| MD5 | 9ade7a15bf99b343354e1faeb47fab67 |
| SHA1 | eab3a867fd239ad7d1d5416e8139d3d71f4140fa |
| SHA256 | 2bbe800ce4ec5302187e5ad6fad0688e9008e093a8be1ca2ca479db46576b0ed |
| SHA512 | be61865c8f256d92597f37ee746d3743b46538969908c684c8e56e347b1880af0454622bddb116c42c7c659ce32a42a15cb8bc8fc5a7b6e2aad193356065f88a |
\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Setup.exe
| MD5 | 35c75786f20dfc31eae53d2fa99be700 |
| SHA1 | 1b2983dd978db886263b1740e4c7e0ca1cef88c4 |
| SHA256 | 647989694781215bb3ab22531af6920494f98e1e9f9931a2087b913b5acf3a97 |
| SHA512 | 9ff1a4ce091bcbaebdfa64672e03e243c6a19a16434eda19d41bbde9adb8e902382d22b9d9c5dd3771001463f044c7705801bce6e09e4574b0e874b8c135b376 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\SetupStrings.dat
| MD5 | 407846797c5ba247abeb5fa7c0c0ba05 |
| SHA1 | 44386455eed8e74d75e95e9e81e96a19f0b27884 |
| SHA256 | 0147b5b11b935310752666fcf1e6afc922b76ff03d01a0d1ee2babeac10ca1e3 |
| SHA512 | 7399a9228f971698db7362aad28d3f9694c0bf453d4529e48bc7869af0960452cfe1a5f0a5754e7d567d81b5aa1e35be05a9e36ec745e5470d20fd44a61d20af |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\bab033.tbinst.dat
| MD5 | 90713ab7a74884cd36a5fb4cfcdece8a |
| SHA1 | 7bb56d08fd69a98e543b923bd0a9156f92a9c473 |
| SHA256 | bc40813f6d07dbc1a4d4c74363460d1ad6ee76275729de4c4f10ec40d8cc46eb |
| SHA512 | 639d68135fb54264f2e21081d6ca9ffe73a94035982f4a2d7133d6d402cdd3ef4a695eeb61ad173dc6d1b8167d1f5df2be61a972c96f07ac357ecec887a0d191 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Babylon.dat
| MD5 | 825e5733974586a0a1229a53361ed13e |
| SHA1 | 9ec5b8944c6727fda6fdc3c18856884554cf6b31 |
| SHA256 | 0a90b96eaf5d92d33b36f73b36b7f9ce3971e5f294da51ed04da3fb43dd71a96 |
| SHA512 | ff039e86873a1014b1f8577aec9b4230126b41cc204a6911cd372d224b8c07996d4bb2728a06482c5e98fb21f2d525395491f29d428cdd5796a26e372af5ad4e |
C:\Users\Admin\AppData\Local\Temp\4008E0~1\IEHelper.dll
| MD5 | 91c79865aefcfce33439046d9645017a |
| SHA1 | ee7646e9a9ecd2fa138a5ee732368d3785e060b2 |
| SHA256 | 48ca5a7e98cb77243361da71e472f24dd8bf9d57b925c85c49dffdf5fd59d19c |
| SHA512 | 9750c829a738fad3556c2a4d7e7e45f74de0973af10f019279647e271694122e85bcfe800a256cbee79f20a37020204001bcb4f2df5c1c1040668ac5038c7372 |
memory/1412-65-0x0000000000C90000-0x0000000000C92000-memory.dmp
memory/2740-66-0x0000000000220000-0x0000000000222000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\sqlite3.dll
| MD5 | 0f66e8e2340569fb17e774dac2010e31 |
| SHA1 | 406bb6854e7384ff77c0b847bf2f24f3315874a3 |
| SHA256 | de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f |
| SHA512 | 39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05 |
C:\Users\Admin\AppData\Local\Babylon\Setup\latest.zpb
| MD5 | c69c10ba277506ebfe3febb31eff91eb |
| SHA1 | f7d6b249c04c95d16755e6420bd21a3b6180ee23 |
| SHA256 | 1ce9f6ddd348b1977dbf9418f09ba0fee4e15ec518429a1da3f748ca99667f02 |
| SHA512 | 20d8f935f86cefb4116d45be06a137d3fd943fda0abb4866627b2ff7db26cf821e8de506be29870c4a1dd35b37cf76a7e4e669184eab5cb34f95d2f98b953c66 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\HtmlScreens\navError.html
| MD5 | 0c464e407c81764ebc09eacbe41f0b3e |
| SHA1 | 245afe550a05215e5873d8f5f21c22d12aa46b6a |
| SHA256 | 770a302bc58b513472aa603ae44a365a6f4f8cbddc13d2692f71b09f143f8a26 |
| SHA512 | 71070fcd243cbb3e4452874ecaf8e20e13cbbbad0009ce543ca49601facc1ab1906c298849d3b8fb5747df1109f8e85946243ec7bfa0ead97ca0aed9ec8d3dfc |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\HtmlScreens\loading.html
| MD5 | f50fa4673555652289652753183fd1ee |
| SHA1 | f496797f0d34eb866d6328d2fd1492b485f74d0a |
| SHA256 | afb21b51cead30ed14f79293d50b9c3c7a706b5287aad6cde06ea44a364df812 |
| SHA512 | 6e92b13343ad35a8a8c61e54ce3abb9a28abeec4aa8c765326e0d1ec111c7656d8f0f349c44820fb1aba6730c22f84f7411c0c0b24322bdaa8a977b79baa23da |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\BExternal.dll
| MD5 | 9dd3bee21494a490253a91ed2b473e47 |
| SHA1 | f0a5e04842697404275cf4a352455acd5fc44578 |
| SHA256 | 5e0f673dc9586848c1f1b3b0b678bdf8c9be52cabb251aff400c32ac6404917a |
| SHA512 | 4cba8face523b21a5871df516c1fc3ba362bf467a399f4811dba943edcc0ca5d04d369f7c1eb582778e299344ce99609bdae15040a4bd692694025d926e7b483 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\HtmlScreens\pBar.gif
| MD5 | 26621cb27bbc94f6bab3561791ac013b |
| SHA1 | 4010a489350cf59fd8f36f8e59b53e724c49cc5b |
| SHA256 | e512d5b772fef448f724767662e3a6374230157e35cab6f4226496acc7aa7ad3 |
| SHA512 | 9a19e8f233113519b22d9f3b205f2a3c1b59669a0431a5c3ef6d7ed66882b93c8582f3baa13df4647bcc265d19f7c6543758623044315105479d2533b11f92c6 |
\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\Setup.exe
| MD5 | de3ac9a7165e4060c97071d1915a2e10 |
| SHA1 | 2d0329aa862b2b6e316d9fe699c1b265973274ba |
| SHA256 | 3e730c6e922264d5722c1add515b5fea49b88ffa86c5f194d19bfa95f78652f5 |
| SHA512 | 2935c58a8e3acbecde5324cc83fbbed226f0ebbaa23f9e97a17d96bc92ce6a6b984a9d411f822c3401b24f47d829e1f0e45680a9939a763e236707845aa84bfa |
\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\browserDetection.dll
| MD5 | 58f15e5a40db8d86543b9811fb9c8698 |
| SHA1 | 64184cb143f44321f06feb106c158fbababcb7ae |
| SHA256 | 06c370b0344e5447aa350da33f52e04fc4180fd000b17b02e70fb5e0d7d4de75 |
| SHA512 | 61c45e9f65c68ce00216b5934de476b61947e5d8217fb6b6c6efe58ebdad10ab5d4dddd3ecb7d3c8d1712cdc4b137a478c4f8a3c6715a9ecf9ca5f0a8645ddb3 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\browserDetection.aoi
| MD5 | 15335426bf52ace5e73b8f39e61c8f21 |
| SHA1 | 77c9fd49fba1d2e0685dba1cfd1ce2c6f71598f9 |
| SHA256 | aa76caa4be06745dc2de5daa92fa307cc0f0569b83bda42d9f3fb4ea87f6e9ee |
| SHA512 | 1f06cfdd80d39a79502120daa0a62eef2eda76a87970ac2ab50d18f90a0b962f08ffc7c35eacf2d3d4e69bfc8f5e09bf14bde94281c5bb519c1903ac49da2e53 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KQ9FP4U1.txt
| MD5 | 76e4cbb66503832578399784f338428e |
| SHA1 | 8233317ad293b848ea48e9bf1dead7fbd698a59f |
| SHA256 | 40954706c954bdd3485c71d8810a3776f5d106f0ca5b5776a8edd89f840b270d |
| SHA512 | 4bcd139c240549659d40b2c7c988bd917376e9cd0820801cfa85dc1bf40c0df821713254a0991901b003659efd30ea51e8d3324dd42af10999f90bd00f325575 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\delta_dmn_154741b7.zpb
| MD5 | f208d9600a80f6c8225f1b5577ee98dc |
| SHA1 | 252e3ead4d3fedd2a1e7135c400b7f62ef46fe9b |
| SHA256 | 5cd7adcf0cbe5d4054bf43605d44c40b75ca9b0797ce660ccad1a7ab86d28f60 |
| SHA512 | 8b8d2129398c44762b61dce2de561f8a8302c98efe63beb7e1c68b52202cc11aa6671b72a5b4f5ee04129a22284616631432e0290e1a77c771378c0b4890f35e |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\kmsdelta_ac84bf20.zpb
| MD5 | ff7a2f8d37673fc7e5e42dd793086a5b |
| SHA1 | 346ebc40da9f9d70697f5fe7adf4d431f12d79e8 |
| SHA256 | 963d6ac315b0e5a0b77a3de5e8c6497a5d0f5f1a2a6d53bbd1af274816095954 |
| SHA512 | 616acf62d52b5fa19a1380dfb315ca39d38b69d23bb44e51995360be057112dc8c6f6365c09a964daecc5f0513f92805c4d1cbe10dbd6918994b4803f8b904bf |
C:\Users\Admin\AppData\Local\Temp\4008E0~1\Latest\IEHelper.dll
| MD5 | 2c859f4f541b043fc9f8ab4042aa867f |
| SHA1 | f2f16b6b28e622cac95545870f944ffb20c7d317 |
| SHA256 | bbb95bb1f9b306068a9e9eadcb28e7405b15b102c486c68ff34af71ede7e59c9 |
| SHA512 | 476fb03c13b67e637a681d5b0af9220a8bf54ba5267d3b6cdccaff9fec0c76e873c1cfb33a7e5f3338cbd53c247692746196b3fe9c30dee0e2e3880ff721af32 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\setup2_247f86be.zpb
| MD5 | 4d507fc2ad32d1d8a8e74aaa8c01c1ca |
| SHA1 | 6fe219d6c97c2482e386de8618b5814a04eef635 |
| SHA256 | a551b5fbdfbb2a519edada9902b6dae5be9810db1c6acdf2dfe4bee2aa4caf7d |
| SHA512 | db9caa9fe8bab0d57cf4c8164e2ca5dcb5df8be6ec988f6cd11ff6128ecd31913ac5bbabc6a197948396045e471fd43139bc6a404b44ac31b573503eb58bd443 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\setup2.aof
| MD5 | 84f6030383d24d975507b5937dbc958a |
| SHA1 | fed5d575e3bae09e279de1afbb6a8238b8c370fa |
| SHA256 | d79b11b3ea2811384553bdb586176d1c013298d9aad622dec307a70537aecfbd |
| SHA512 | 78b2bdcdd8c44c82ab761f4d9269125fcbbe7d42e92c89ac3161b7c725f678bf2334c2fe54df091a1cef74a8e0c824ec21148455a3f3728968650f2cb1c6bf50 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\buscts_fa14b1f9.zpb
| MD5 | 66760773be28f40d555765224f649a78 |
| SHA1 | 28af276b377e9a9a3a207e0f4ec70c2053cce4d3 |
| SHA256 | 7d09da216b30e3a238468f1a120215cced74d419694a2f4b2e67c624ebf57c7d |
| SHA512 | 1f97a0c03a93b6aa16b3d48e84c24ddf424ff9f22f4f42e635349fcab3dc07230d2b742a710b9fcc614920502d9af8c559a73d2b7e323f4f20025d94e9e5464d |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\buscts.aof
| MD5 | 3365d53933fa6879e67cd4bde759b5ef |
| SHA1 | 9c2b46ff7aa6ee97b492abb440470bcd3c4a70af |
| SHA256 | b7d3d385b3a54753ed33299accc4752b9ca3eda2ac087a4e2073a83a07697e1f |
| SHA512 | 19ca814276eded80ed5a76b8d2c77364f4cd67adaaf2e6b8e4007e7faf6a509adb69b1928293dc3196fad66fee3cd62fd233ff304c1f160d585117a1c1d96891 |
\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\buscts.dll
| MD5 | 6646967f168b60b09b11a5a66da34443 |
| SHA1 | 2fa4eda7d0b2ec1beae396f0491542cd95215824 |
| SHA256 | 41edb87439c842a08804b09756314ef90f43b4250fe9cf04de988e406b17ba27 |
| SHA512 | daa94fccb75551d2342796f8d72da52ec52272d176d87a964e56b9994ef69a8b64e4cfc1e36a0b1c7dc54237377e0373dff0a864e4e80cecebf66429f3d76081 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\GUninstaller_vt_58c82ec6.zpb
| MD5 | 62e00fbeebeedc16bf6b380683f3004d |
| SHA1 | 817b3699db1949b96f85207da262a3f5419a5c11 |
| SHA256 | d7c19d0748531c279a322522f7b45b3bb2373d5d11242956f7956c672cf9394e |
| SHA512 | 2a265e75bc2c0453810f5f7827bf03032a33fe7fcca036f7a0ab7620caa447909308c2fb95be34e5df6d9b5f5da22a0bc30f97cf9a04810496aba301431f000a |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink_31d48ae8.zpb
| MD5 | 963fd4b53ad57ff23de23dd5ed09ed72 |
| SHA1 | 4d3a351de3aa8d789076a6a39d9b4a54957852d5 |
| SHA256 | 850ed48de2c1d0fd8870f457fb12907de9838e26e836a88b1453bbdcc00b5cb3 |
| SHA512 | d50b48ae06a6137f99581e4f6ea6b417fe6e1871c82e655b042436b8dcc260e00fa8e7ebbfbb0aef5ab489fed4530a830f3f2c9a2dff4307509154c3b614eb58 |
C:\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink.aof
| MD5 | c2897c0945f57a10b2941360506db344 |
| SHA1 | e65c1216af5ecdf953d97fedb11002743f82c086 |
| SHA256 | 8865b1bd67493b5c2c444ba208fd8f0c75e676d324b9e8c21ed41711f7715713 |
| SHA512 | 95550f314baefa0a7f56e9be3d87f7a47a88c6c7cee40e6a0b8920badd6b2efda18132a52ce077bf5bc63935636ec333cf75667a6e368ee75583a39f361630e8 |
\Users\Admin\AppData\Local\Temp\4008E022-BAB0-7891-929F-7317F4C3E0A8\Latest\DSearchLink.exe
| MD5 | 30b9bd7cd6f7a4395a22b5d8907f302c |
| SHA1 | 246ddbc3a2c223a6b9072637d93dc2a2832d097a |
| SHA256 | b7ef2bdac0b3b520f0d32e8af2a18ddbfdcf8683c0e93e061b79a22788fa1081 |
| SHA512 | 6ed57a5a3df2644532843c49243951cda80f2354e2c076484311c17b7e8658f8da16fb603b77ac367fd7d860fab50311c945a6e4b579cc7bce430c4206e65f89 |
C:\ProgramData\DSearchLink\Search.lnk
| MD5 | 755822411b409f346058fa4999d6af7a |
| SHA1 | 8d2e0edec7adcf1787130cb0d7f37fc9c7ea82cb |
| SHA256 | 2c1b2e6dc1f8e5ea129030723d51405c5ae8d03dea3fe83755cc85902f7f61f9 |
| SHA512 | 1944f690fe54ce6a30be3d38fc58eff3ee89d693464ab3ae763d051f695f6fb7daa9393b1a2ff12a1aa66cf1c12406f08dd64cf13510475d53ef1bae39a7856d |
C:\Users\Admin\AppData\Local\Temp\Bb4C1D.exe
| MD5 | 42cdd74f60853c2f4e959416a0157a08 |
| SHA1 | 490228066cc94dd51c777b837f88b184e782d6fe |
| SHA256 | a638a464ee4759dcd75c171cfade6520e5eb77cabdb84eda55ed29863c5eb31c |
| SHA512 | e171f4747d1295d25d785c82b8325c06de5a556f7b691f97282e4c26c156c697f9a39402e36ed3919ee5478b99a86377aad9c278a2180db3f1f9ac7230f5e8c2 |
memory/2648-268-0x0000000000190000-0x0000000000192000-memory.dmp
memory/2896-270-0x0000000060900000-0x0000000060970000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 14:07
Reported
2024-10-21 14:09
Platform
win10v2004-20241007-en
Max time kernel
116s
Max time network
110s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\rundll32.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\DisplayName = "Delta Search" | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{962F28D6-107D-47A5-9515-2864454CFDD1}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}\AlternateCLSID = "{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IESS02&market={language}" | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}\AlternateCLSID = "{29D5EC7E-6245-4DC9-9E53-A9A945AD4ABB}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{25A3C2C9-8F6E-4140-BEF3-535D4B9709D8}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{80B51087-CE4C-4FAE-8401-B6B3809DD234}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\AlternateCLSID = "{29D5EC7E-6245-4DC9-9E53-A9A945AD4ABB}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}\AlternateCLSID = "{E2D211D5-11E4-4D9E-B6DB-1E902C851A49}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\URL = "http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=DC8EDA61A5E71E4E&tsp=9061" | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170}\AlternateCLSID = "{25A3C2C9-8F6E-4140-BEF3-535D4B9709D8}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\AlternateCLSID = "{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "|affilID=|trkInfo=|visitorID=|URI=" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\AlternateCLSID = "{962F28D6-107D-47A5-9515-2864454CFDD1}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}\AlternateCLSID = "{80B51087-CE4C-4FAE-8401-B6B3809DD234}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{612685EF-57C8-469F-88AB-E4E0B595C5AB}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\AlternateCLSID = "{2B577565-36F7-4351-B2E7-DAFC75E9D72A}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "|affilID=121529|trkInfo=|visitorID=" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://www.delta-search.com/?babsrc=HP_ss&mntrId=DC8EDA61A5E71E4E&tsp=9061" | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TabStrip.1\CLSID\ = "{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83600-895E-11D0-B0A6-000000000000}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{612A8626-0FB3-11CE-8747-524153480004}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\ = "INodes10" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83604-895E-11D0-B0A6-000000000000}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA42-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\VersionIndependentProgID\ = "COMCTL.ProgCtrl" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8}\ = "IImages" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\MiscStatus\1\ = "237969" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59295-9880-11CF-9754-00AA00C00908} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}\Implemented Categories | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{80B51087-CE4C-4FAE-8401-B6B3809DD234}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{962F28D6-107D-47A5-9515-2864454CFDD1}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7}\ = "INode10" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}\TypeLib | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ = "DInetEvents" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{962F28D6-107D-47A5-9515-2864454CFDD1}\ProgID\ = "COMCTL.SBarCtrl.1" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B7E6391-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83602-895E-11D0-B0A6-000000000000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ListViewCtrl\ = "Microsoft ListView Control, version 5.0 (SP2)" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53749718-F78D-4A67-8703-8AE050075170}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl.1\CLSID | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}\ = "IPanel11" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\Version\ = "1.4" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{962F28D6-107D-47A5-9515-2864454CFDD1}\Version | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D} | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bb246B.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe
"C:\Users\Admin\AppData\Local\Temp\d87fc5494a69255c544bce1f314d527714570e24d4c5dcc75f3d00053f982e12N.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe /mtb=7 /mhp=7 /mnt=7 /mds=7 /aflt=babsst /babTrack="affID=121529" /srcExt=ss /S /instlRef=sst
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe" -xprm="cat=delta" -expg=none /mtb=7 /mhp=7 /mnt=7 /mds=7 /aflt=babsst /babTrack="affID=121529" /srcExt=ss /S /instlRef=sst
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\D34FFA~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe -latest -tsp=9061 -xprm="cat=delta" -expg=none /mtb=7 /mhp=7 /mnt=7 /mds=7 /aflt=babsst /babTrack="affID=121529" /srcExt=ss /S /instlRef=sst
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\D34FFA~1\Latest\IEHelper.dll,RunAccelerator
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.exe
"C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.exe" -setup 3 -wbr 1 -url http://www.delta-search.com/?babsrc=HP_ss&mntrId=DC8EDA61A5E71E4E&tsp=9061
C:\Users\Admin\AppData\Local\Temp\Bb246B.exe
"C:\Users\Admin\AppData\Local\Temp\Bb246B.exe" affID= dlb=1 slp=0 slppd=3 tmfst=5 mxpd=5 slpcr=2
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\D34FFA~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9876 | tcp | |
| US | 8.8.8.8:53 | info.babylon.com | udp |
| US | 8.8.8.8:53 | stp.babylon.com | udp |
| US | 184.154.27.235:80 | info.babylon.com | tcp |
| US | 184.154.27.232:80 | stp.babylon.com | tcp |
| US | 8.8.8.8:53 | dl.babylon.com | udp |
| US | 198.143.128.244:80 | dl.babylon.com | tcp |
| US | 8.8.8.8:53 | 235.27.154.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.27.154.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stat.info-stream.net | udp |
| US | 184.154.27.232:80 | stat.info-stream.net | tcp |
| US | 8.8.8.8:53 | 244.128.143.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 184.154.27.232:80 | stat.info-stream.net | tcp |
| US | 198.143.128.244:80 | dl.babylon.com | tcp |
| US | 198.143.128.244:80 | dl.babylon.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 184.154.27.232:80 | stat.info-stream.net | tcp |
| US | 184.154.27.235:80 | info.babylon.com | tcp |
| US | 8.8.8.8:53 | a334.http.cdn.softlayer.net | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\INSTAL~1.EXE
| MD5 | 0f3b66c16ca1044b8867921a4664015a |
| SHA1 | f3c3e44f8c4cf287194a557309dd3734db2b6976 |
| SHA256 | efdf55bb626d5dd621f2b65b26bfb9d7f251dfbea9c8dca397592a41f586b522 |
| SHA512 | 194167f7acac23b94f39335d85c0cf3b4a357c392042f89b241410c14d19365c9b01ea65d70889306ef6226ba200a7f64069b7228f543bfcd30c4af98bc9ab17 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\comctl32.Ocx
| MD5 | 1fe8ce3f5288bd3d53d188307bc7b218 |
| SHA1 | a9f02a6a5effe3b9043a77fd8b56b1720a7c32be |
| SHA256 | ba86931d5386cf5311a6b62a619c9c8f2983e37d2ce752b21106570121c8fd32 |
| SHA512 | c5fcd3f1f04e9a0aa0944b6feddc498ffa4d28a7b1a38e2d5674d28318cd666d14954eae06f9d0181639b5ce57097d0d47d9ad2ff20f1e93450b91db24cd9603 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSINET.Ocx
| MD5 | b920865c9c2f4f28151b269b3a8b11aa |
| SHA1 | 3a010883d5c1d4cce968c020f51e1961e3651bbe |
| SHA256 | b1212253d0c2b96dbdc6985b93338be288b0c8d827481f9c607dde5bdfdbfc6b |
| SHA512 | a463377b6a612a9ee82b4d2891b8d01df1b2770e40d8065e5d3e8a33b62171cbeead589599728d3349e4222b2207bb1b293b6510de26eb5820cac6cf284d526f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DeltaTB.exe
| MD5 | 9ade7a15bf99b343354e1faeb47fab67 |
| SHA1 | eab3a867fd239ad7d1d5416e8139d3d71f4140fa |
| SHA256 | 2bbe800ce4ec5302187e5ad6fad0688e9008e093a8be1ca2ca479db46576b0ed |
| SHA512 | be61865c8f256d92597f37ee746d3743b46538969908c684c8e56e347b1880af0454622bddb116c42c7c659ce32a42a15cb8bc8fc5a7b6e2aad193356065f88a |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Setup.exe
| MD5 | 35c75786f20dfc31eae53d2fa99be700 |
| SHA1 | 1b2983dd978db886263b1740e4c7e0ca1cef88c4 |
| SHA256 | 647989694781215bb3ab22531af6920494f98e1e9f9931a2087b913b5acf3a97 |
| SHA512 | 9ff1a4ce091bcbaebdfa64672e03e243c6a19a16434eda19d41bbde9adb8e902382d22b9d9c5dd3771001463f044c7705801bce6e09e4574b0e874b8c135b376 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\SetupStrings.dat
| MD5 | 407846797c5ba247abeb5fa7c0c0ba05 |
| SHA1 | 44386455eed8e74d75e95e9e81e96a19f0b27884 |
| SHA256 | 0147b5b11b935310752666fcf1e6afc922b76ff03d01a0d1ee2babeac10ca1e3 |
| SHA512 | 7399a9228f971698db7362aad28d3f9694c0bf453d4529e48bc7869af0960452cfe1a5f0a5754e7d567d81b5aa1e35be05a9e36ec745e5470d20fd44a61d20af |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\bab033.tbinst.dat
| MD5 | 90713ab7a74884cd36a5fb4cfcdece8a |
| SHA1 | 7bb56d08fd69a98e543b923bd0a9156f92a9c473 |
| SHA256 | bc40813f6d07dbc1a4d4c74363460d1ad6ee76275729de4c4f10ec40d8cc46eb |
| SHA512 | 639d68135fb54264f2e21081d6ca9ffe73a94035982f4a2d7133d6d402cdd3ef4a695eeb61ad173dc6d1b8167d1f5df2be61a972c96f07ac357ecec887a0d191 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Babylon.dat
| MD5 | 825e5733974586a0a1229a53361ed13e |
| SHA1 | 9ec5b8944c6727fda6fdc3c18856884554cf6b31 |
| SHA256 | 0a90b96eaf5d92d33b36f73b36b7f9ce3971e5f294da51ed04da3fb43dd71a96 |
| SHA512 | ff039e86873a1014b1f8577aec9b4230126b41cc204a6911cd372d224b8c07996d4bb2728a06482c5e98fb21f2d525395491f29d428cdd5796a26e372af5ad4e |
C:\Users\Admin\AppData\Local\Temp\D34FFA~1\IEHelper.dll
| MD5 | 91c79865aefcfce33439046d9645017a |
| SHA1 | ee7646e9a9ecd2fa138a5ee732368d3785e060b2 |
| SHA256 | 48ca5a7e98cb77243361da71e472f24dd8bf9d57b925c85c49dffdf5fd59d19c |
| SHA512 | 9750c829a738fad3556c2a4d7e7e45f74de0973af10f019279647e271694122e85bcfe800a256cbee79f20a37020204001bcb4f2df5c1c1040668ac5038c7372 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\sqlite3.dll
| MD5 | 0f66e8e2340569fb17e774dac2010e31 |
| SHA1 | 406bb6854e7384ff77c0b847bf2f24f3315874a3 |
| SHA256 | de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f |
| SHA512 | 39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05 |
C:\Users\Admin\AppData\Local\Babylon\Setup\latest.zpb
| MD5 | c69c10ba277506ebfe3febb31eff91eb |
| SHA1 | f7d6b249c04c95d16755e6420bd21a3b6180ee23 |
| SHA256 | 1ce9f6ddd348b1977dbf9418f09ba0fee4e15ec518429a1da3f748ca99667f02 |
| SHA512 | 20d8f935f86cefb4116d45be06a137d3fd943fda0abb4866627b2ff7db26cf821e8de506be29870c4a1dd35b37cf76a7e4e669184eab5cb34f95d2f98b953c66 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\HtmlScreens\navError.html
| MD5 | 0c464e407c81764ebc09eacbe41f0b3e |
| SHA1 | 245afe550a05215e5873d8f5f21c22d12aa46b6a |
| SHA256 | 770a302bc58b513472aa603ae44a365a6f4f8cbddc13d2692f71b09f143f8a26 |
| SHA512 | 71070fcd243cbb3e4452874ecaf8e20e13cbbbad0009ce543ca49601facc1ab1906c298849d3b8fb5747df1109f8e85946243ec7bfa0ead97ca0aed9ec8d3dfc |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\HtmlScreens\loading.html
| MD5 | f50fa4673555652289652753183fd1ee |
| SHA1 | f496797f0d34eb866d6328d2fd1492b485f74d0a |
| SHA256 | afb21b51cead30ed14f79293d50b9c3c7a706b5287aad6cde06ea44a364df812 |
| SHA512 | 6e92b13343ad35a8a8c61e54ce3abb9a28abeec4aa8c765326e0d1ec111c7656d8f0f349c44820fb1aba6730c22f84f7411c0c0b24322bdaa8a977b79baa23da |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\BExternal.dll
| MD5 | 9dd3bee21494a490253a91ed2b473e47 |
| SHA1 | f0a5e04842697404275cf4a352455acd5fc44578 |
| SHA256 | 5e0f673dc9586848c1f1b3b0b678bdf8c9be52cabb251aff400c32ac6404917a |
| SHA512 | 4cba8face523b21a5871df516c1fc3ba362bf467a399f4811dba943edcc0ca5d04d369f7c1eb582778e299344ce99609bdae15040a4bd692694025d926e7b483 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\HtmlScreens\pBar.gif
| MD5 | 26621cb27bbc94f6bab3561791ac013b |
| SHA1 | 4010a489350cf59fd8f36f8e59b53e724c49cc5b |
| SHA256 | e512d5b772fef448f724767662e3a6374230157e35cab6f4226496acc7aa7ad3 |
| SHA512 | 9a19e8f233113519b22d9f3b205f2a3c1b59669a0431a5c3ef6d7ed66882b93c8582f3baa13df4647bcc265d19f7c6543758623044315105479d2533b11f92c6 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\Setup.exe
| MD5 | de3ac9a7165e4060c97071d1915a2e10 |
| SHA1 | 2d0329aa862b2b6e316d9fe699c1b265973274ba |
| SHA256 | 3e730c6e922264d5722c1add515b5fea49b88ffa86c5f194d19bfa95f78652f5 |
| SHA512 | 2935c58a8e3acbecde5324cc83fbbed226f0ebbaa23f9e97a17d96bc92ce6a6b984a9d411f822c3401b24f47d829e1f0e45680a9939a763e236707845aa84bfa |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\browserDetection.dll
| MD5 | 58f15e5a40db8d86543b9811fb9c8698 |
| SHA1 | 64184cb143f44321f06feb106c158fbababcb7ae |
| SHA256 | 06c370b0344e5447aa350da33f52e04fc4180fd000b17b02e70fb5e0d7d4de75 |
| SHA512 | 61c45e9f65c68ce00216b5934de476b61947e5d8217fb6b6c6efe58ebdad10ab5d4dddd3ecb7d3c8d1712cdc4b137a478c4f8a3c6715a9ecf9ca5f0a8645ddb3 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\browserDetection.aoi
| MD5 | 15335426bf52ace5e73b8f39e61c8f21 |
| SHA1 | 77c9fd49fba1d2e0685dba1cfd1ce2c6f71598f9 |
| SHA256 | aa76caa4be06745dc2de5daa92fa307cc0f0569b83bda42d9f3fb4ea87f6e9ee |
| SHA512 | 1f06cfdd80d39a79502120daa0a62eef2eda76a87970ac2ab50d18f90a0b962f08ffc7c35eacf2d3d4e69bfc8f5e09bf14bde94281c5bb519c1903ac49da2e53 |
C:\Users\Admin\AppData\Local\Temp\__DC8EDA61A5E71E4E\kmsdelta_ac84bf20.zpb
| MD5 | ff7a2f8d37673fc7e5e42dd793086a5b |
| SHA1 | 346ebc40da9f9d70697f5fe7adf4d431f12d79e8 |
| SHA256 | 963d6ac315b0e5a0b77a3de5e8c6497a5d0f5f1a2a6d53bbd1af274816095954 |
| SHA512 | 616acf62d52b5fa19a1380dfb315ca39d38b69d23bb44e51995360be057112dc8c6f6365c09a964daecc5f0513f92805c4d1cbe10dbd6918994b4803f8b904bf |
C:\Users\Admin\AppData\Local\Temp\__DC8EDA61A5E71E4E\delta_dmn_154741b7.zpb
| MD5 | f208d9600a80f6c8225f1b5577ee98dc |
| SHA1 | 252e3ead4d3fedd2a1e7135c400b7f62ef46fe9b |
| SHA256 | 5cd7adcf0cbe5d4054bf43605d44c40b75ca9b0797ce660ccad1a7ab86d28f60 |
| SHA512 | 8b8d2129398c44762b61dce2de561f8a8302c98efe63beb7e1c68b52202cc11aa6671b72a5b4f5ee04129a22284616631432e0290e1a77c771378c0b4890f35e |
C:\Users\Admin\AppData\Local\Temp\D34FFA~1\Latest\IEHelper.dll
| MD5 | 2c859f4f541b043fc9f8ab4042aa867f |
| SHA1 | f2f16b6b28e622cac95545870f944ffb20c7d317 |
| SHA256 | bbb95bb1f9b306068a9e9eadcb28e7405b15b102c486c68ff34af71ede7e59c9 |
| SHA512 | 476fb03c13b67e637a681d5b0af9220a8bf54ba5267d3b6cdccaff9fec0c76e873c1cfb33a7e5f3338cbd53c247692746196b3fe9c30dee0e2e3880ff721af32 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\setup2_247f86be.zpb
| MD5 | 4d507fc2ad32d1d8a8e74aaa8c01c1ca |
| SHA1 | 6fe219d6c97c2482e386de8618b5814a04eef635 |
| SHA256 | a551b5fbdfbb2a519edada9902b6dae5be9810db1c6acdf2dfe4bee2aa4caf7d |
| SHA512 | db9caa9fe8bab0d57cf4c8164e2ca5dcb5df8be6ec988f6cd11ff6128ecd31913ac5bbabc6a197948396045e471fd43139bc6a404b44ac31b573503eb58bd443 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\setup2.aof
| MD5 | 84f6030383d24d975507b5937dbc958a |
| SHA1 | fed5d575e3bae09e279de1afbb6a8238b8c370fa |
| SHA256 | d79b11b3ea2811384553bdb586176d1c013298d9aad622dec307a70537aecfbd |
| SHA512 | 78b2bdcdd8c44c82ab761f4d9269125fcbbe7d42e92c89ac3161b7c725f678bf2334c2fe54df091a1cef74a8e0c824ec21148455a3f3728968650f2cb1c6bf50 |
C:\Users\Admin\AppData\Local\Temp\__DC8EDA61A5E71E4E\buscts_fa14b1f9.zpb
| MD5 | 66760773be28f40d555765224f649a78 |
| SHA1 | 28af276b377e9a9a3a207e0f4ec70c2053cce4d3 |
| SHA256 | 7d09da216b30e3a238468f1a120215cced74d419694a2f4b2e67c624ebf57c7d |
| SHA512 | 1f97a0c03a93b6aa16b3d48e84c24ddf424ff9f22f4f42e635349fcab3dc07230d2b742a710b9fcc614920502d9af8c559a73d2b7e323f4f20025d94e9e5464d |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\buscts.aof
| MD5 | 3365d53933fa6879e67cd4bde759b5ef |
| SHA1 | 9c2b46ff7aa6ee97b492abb440470bcd3c4a70af |
| SHA256 | b7d3d385b3a54753ed33299accc4752b9ca3eda2ac087a4e2073a83a07697e1f |
| SHA512 | 19ca814276eded80ed5a76b8d2c77364f4cd67adaaf2e6b8e4007e7faf6a509adb69b1928293dc3196fad66fee3cd62fd233ff304c1f160d585117a1c1d96891 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\buscts.dll
| MD5 | 6646967f168b60b09b11a5a66da34443 |
| SHA1 | 2fa4eda7d0b2ec1beae396f0491542cd95215824 |
| SHA256 | 41edb87439c842a08804b09756314ef90f43b4250fe9cf04de988e406b17ba27 |
| SHA512 | daa94fccb75551d2342796f8d72da52ec52272d176d87a964e56b9994ef69a8b64e4cfc1e36a0b1c7dc54237377e0373dff0a864e4e80cecebf66429f3d76081 |
C:\Users\Admin\AppData\Local\Temp\__DC8EDA61A5E71E4E\GUninstaller_vt_58c82ec6.zpb
| MD5 | 62e00fbeebeedc16bf6b380683f3004d |
| SHA1 | 817b3699db1949b96f85207da262a3f5419a5c11 |
| SHA256 | d7c19d0748531c279a322522f7b45b3bb2373d5d11242956f7956c672cf9394e |
| SHA512 | 2a265e75bc2c0453810f5f7827bf03032a33fe7fcca036f7a0ab7620caa447909308c2fb95be34e5df6d9b5f5da22a0bc30f97cf9a04810496aba301431f000a |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.aof
| MD5 | c2897c0945f57a10b2941360506db344 |
| SHA1 | e65c1216af5ecdf953d97fedb11002743f82c086 |
| SHA256 | 8865b1bd67493b5c2c444ba208fd8f0c75e676d324b9e8c21ed41711f7715713 |
| SHA512 | 95550f314baefa0a7f56e9be3d87f7a47a88c6c7cee40e6a0b8920badd6b2efda18132a52ce077bf5bc63935636ec333cf75667a6e368ee75583a39f361630e8 |
C:\Users\Admin\AppData\Local\Temp\__DC8EDA61A5E71E4E\DSearchLink_31d48ae8.zpb
| MD5 | 963fd4b53ad57ff23de23dd5ed09ed72 |
| SHA1 | 4d3a351de3aa8d789076a6a39d9b4a54957852d5 |
| SHA256 | 850ed48de2c1d0fd8870f457fb12907de9838e26e836a88b1453bbdcc00b5cb3 |
| SHA512 | d50b48ae06a6137f99581e4f6ea6b417fe6e1871c82e655b042436b8dcc260e00fa8e7ebbfbb0aef5ab489fed4530a830f3f2c9a2dff4307509154c3b614eb58 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\DSearchLink.exe
| MD5 | 30b9bd7cd6f7a4395a22b5d8907f302c |
| SHA1 | 246ddbc3a2c223a6b9072637d93dc2a2832d097a |
| SHA256 | b7ef2bdac0b3b520f0d32e8af2a18ddbfdcf8683c0e93e061b79a22788fa1081 |
| SHA512 | 6ed57a5a3df2644532843c49243951cda80f2354e2c076484311c17b7e8658f8da16fb603b77ac367fd7d860fab50311c945a6e4b579cc7bce430c4206e65f89 |
C:\ProgramData\DSearchLink\Search.lnk
| MD5 | ba3e417cf9375967e35fc7800caa2fbe |
| SHA1 | 4983d671c3fe12f2d1bc3d563b3a4fce71c72447 |
| SHA256 | 97f16c43257e643030cae70b7af1ad2e38876a103455cd33547929ba858580c4 |
| SHA512 | fd77978c292768f5e3fd4e72aa897a8404335ae852756a61757e04ba6007a8930011a0e1acf1721a870e2830557fd1d3c4c2bcae37a4193998347d7af94e7edb |
C:\Users\Admin\AppData\Local\Temp\SetupParams.ini
| MD5 | 35ef38cebf17fb917e24adfed6ecea11 |
| SHA1 | bc3c81fa18feedaa6bc0c31f0d325473bd387e1e |
| SHA256 | 7dcfce4b15328d0f04ec1675061761c4831e95da319fcc4cffc5f340053f8cb0 |
| SHA512 | f52c43623afb983e55f5a942be4d14e843b218a1c6799b49d1033155e8b177a562043f1d532c25162ab43721f9002992b14d4ecc6615a81003e68983c06c291d |
C:\Users\Admin\AppData\Local\Temp\setupmgr.dll
| MD5 | 0f6dda7d081b239037695947b7f2a451 |
| SHA1 | 891df6cd2efd6a4e91e5718206f8035ea6265bd0 |
| SHA256 | 44ad85af39b6f88828aff54100b47767c0dea844bd08c8a597e0d3d9f3cc90eb |
| SHA512 | 53d829c7833cb0b0d827ec346d096fa535639247f19d8de38136f63e6e269ef82f187358115ca32c996a0eab977080b394be6d7641c982f19a3380f60bad88da |
C:\Users\Admin\AppData\Local\Temp\Bb246B.exe
| MD5 | 42cdd74f60853c2f4e959416a0157a08 |
| SHA1 | 490228066cc94dd51c777b837f88b184e782d6fe |
| SHA256 | a638a464ee4759dcd75c171cfade6520e5eb77cabdb84eda55ed29863c5eb31c |
| SHA512 | e171f4747d1295d25d785c82b8325c06de5a556f7b691f97282e4c26c156c697f9a39402e36ed3919ee5478b99a86377aad9c278a2180db3f1f9ac7230f5e8c2 |
memory/1812-243-0x0000000060900000-0x0000000060970000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\GUninstaller.exe
| MD5 | 59271c345dbdccca05e37abbe19d58e0 |
| SHA1 | 07f2e033678f173cbb9292c877ac5038807262e5 |
| SHA256 | d3ad57e6dee8428b8479c493033e61e1fee03cdbe059af26df7f995a4552ebe3 |
| SHA512 | 43e8c3e837b1efc2aab04cb605a7ea4a52885a08ed96a3cb7e54d1b9a0eb071505a764f08d17e4008c8c8cc96bada35269348d0225cc505fbf275d7b32561056 |
C:\Users\Admin\AppData\Local\Temp\D34FFAE5-BAB0-7891-BC68-BE1D52291CD4\Latest\1.txt
| MD5 | 202cb962ac59075b964b07152d234b70 |
| SHA1 | 40bd001563085fc35165329ea1ff5c5ecbdbbeef |
| SHA256 | a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 |
| SHA512 | 3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2 |