File name:

Delta V3.61 b_32444320.exe

Full analysis: https://app.any.run/tasks/2cce2eb8-392f-42cb-9501-0c3f56057244
Verdict: Malicious activity
Analysis date: February 23, 2025, 15:27:52
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
auto
generic
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

15D1C495FF66BF7CEA8A6D14BFDF0A20

SHA1:

942814521FA406A225522F208AC67F90DBDE0AE7

SHA256:

61C2C4A5D7C14F77EE88871DED4CC7F1E49DAE3E4EF209504C66FEDF4D22DE42

SSDEEP:

98304:DtjM+LgnHM8mNLNpOmMGl2p9tjIQh+1GHp8PGmDFzMVv3kdcpR41TBN14BC6SkPT:Kw8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • Delta V3.61 b_32444320.exe (PID: 6472)

    • Executing a file with an untrusted certificate

      • Delta V3.61 b_32444320.exe (PID: 6340)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • WinRAR.exe (PID: 7532)
      • Delta.exe (PID: 8096)
      • Delta.exe (PID: 7616)

    • Checks Windows Trust Settings

      • Delta V3.61 b_32444320.exe (PID: 6472)

    • There is functionality for taking screenshot (YARA)

      • Delta V3.61 b_32444320.exe (PID: 6472)

    • Start notepad (likely ransomware note)

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

  • INFO

    • Checks supported languages

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • identity_helper.exe (PID: 6620)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)
      • identity_helper.exe (PID: 1192)

    • The sample compiled with english language support

      • Delta V3.61 b_32444320.exe (PID: 6472)

    • Reads the computer name

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • identity_helper.exe (PID: 6620)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)
      • identity_helper.exe (PID: 1192)

    • Reads the software policy settings

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Reads the machine GUID from the registry

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Checks proxy server information

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Creates files or folders in the user directory

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Process checks computer location settings

      • Delta V3.61 b_32444320.exe (PID: 6472)
      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 5588)
      • notepad.exe (PID: 7936)
      • notepad.exe (PID: 244)

    • Manual execution by a user

      • msedge.exe (PID: 4528)

    • Reads Environment values

      • identity_helper.exe (PID: 6620)
      • identity_helper.exe (PID: 1192)

    • Application launched itself

      • msedge.exe (PID: 4528)
      • msedge.exe (PID: 5192)

    • Disables trace logs

      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Create files in a temporary directory

      • Delta.exe (PID: 7616)
      • Delta.exe (PID: 8096)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 4528)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:10:18 17:00:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.22
CodeSize: 4353024
InitializedDataSize: 1675776
UninitializedDataSize: -
EntryPoint: 0x398c98
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Download Manager
FileVersion: 1
InternalName: Download Manager
LegalCopyright: Download Manager
OriginalFileName: Download Manager
ProductName: Download Manager
ProductVersion: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
190
Monitored processes
58
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start delta v3.61 b_32444320.exe notepad.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe delta.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs delta.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs notepad.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe delta v3.61 b_32444320.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
244"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Roaming\delta_core\error_logs\ERROR_LOG_55768404.8314.txtC:\Windows\SysWOW64\notepad.exeDelta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\win32u.dll
1192"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4352 --field-trial-handle=2364,i,11265476067599002283,11054986267144562993,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=6116 --field-trial-handle=2500,i,6838738013598283739,1498285592735145311,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1416"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5284 --field-trial-handle=2500,i,6838738013598283739,1498285592735145311,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1876"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x298,0x29c,0x2a0,0x294,0x2a8,0x7ff821655fd8,0x7ff821655fe4,0x7ff821655ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2724 --field-trial-handle=2364,i,11265476067599002283,11054986267144562993,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=2364,i,11265476067599002283,11054986267144562993,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=2500,i,6838738013598283739,1498285592735145311,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5044 --field-trial-handle=2364,i,11265476067599002283,11054986267144562993,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
18 220
Read events
18 147
Write events
73
Delete events
0

Modification events

(PID) Process:(6472) Delta V3.61 b_32444320.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6472) Delta V3.61 b_32444320.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6472) Delta V3.61 b_32444320.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6472) Delta V3.61 b_32444320.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
Operation:writeName:txtfile
Value:
(PID) Process:(4528) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4528) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4528) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4528) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4528) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
5AA44E28678D2F00
(PID) Process:(4528) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
81075628678D2F00
Executable files
45
Suspicious files
518
Text files
160
Unknown types
2

Dropped files

PID
Process
Filename
Type
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:B201E74BEED09A3D7DDC61DB04B19F89
SHA256:8E068A73A57D4CCF18A9D868856AA8C85631D42A36EA8DA84F3B0B049FA5A6F1
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C2C9D7FCC58B6FD9BF152E66809C1BBE_9962014287DF49023620C3F0C27B8ACEbinary
MD5:C7AACDDD815144029D4277A0269BEB57
SHA256:5B55B10C3BAC75D3A3B110591A63881E3BDF0C91C68442DF394A1427816BDF69
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:C9BE626E9715952E9B70F92F912B9787
SHA256:C13E8D22800C200915F87F71C31185053E4E60CA25DE2E41E160E09CD2D815D4
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:E935BC5762068CAF3E24A2683B1B8A88
SHA256:A8ACCFCFEB51BD73DF23B91F4D89FF1A9EB7438EF5B12E8AFDA1A6FF1769E89D
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\service[1].htmtext
MD5:F9D4655BBB31D3745D1D1671E3A09F4A
SHA256:C09DC2BA6150D341E056631E8FBC1A91AFCD6D87759BDE08E75A1FC506641203
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199binary
MD5:85F67E687B0BF85C8910CAD7AF3CA033
SHA256:6DAC927FCBABEECE8FD4168DCBDD7D7E169C775A7720528035CB02F01383C08E
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\923CD0F3EDBB3759A875E7FE664C6C90_E177412028F15791C29E67CACD8927FCbinary
MD5:34998AB287DAC539370806716F6E389A
SHA256:60FEFB4050D844AA160D67DBFDE377AFA0E6E3DF070FA77C48EB2EAC08B08ED4
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\923CD0F3EDBB3759A875E7FE664C6C90_E177412028F15791C29E67CACD8927FCbinary
MD5:483AA144F20ABCE3C4BC3EB5D2F6F26D
SHA256:A6E1967099BC8DC9CFFA8158FEC4ED8302388E2ADE77CB1FCD96351E4E788419
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:971C514F84BBA0785F80AA1C23EDFD79
SHA256:F157ED17FCAF8837FA82F8B69973848C9B10A02636848F995698212A08F31895
6472Delta V3.61 b_32444320.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\geo[1].htmtext
MD5:9EDC0E2B4A39118EF6678BA953F321C5
SHA256:CA7DEE7DD6E2C5C3CDCEC3DF0CBB88DA3F44B141ED9570B6848676B70B77C617
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
123
DNS requests
127
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
142.250.185.227:80
http://c.pki.goog/r/r1.crl
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
142.250.185.131:80
http://o.pki.goog/s/wr3/fgA/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEH4AzC8CtsuHCuCmoKpV7Vk%3D
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
142.250.185.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
142.250.185.131:80
http://o.pki.goog/s/wr3/URM/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQSq0i5t2Pafi2Gw9uzwnc7KTctWgQUx4H1%2FY6I2QA8TWOiUDEkoM4j%2FiMCEFET1OsgXJOMCsceBPevDRA%3D
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
142.250.185.227:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
142.250.185.227:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
6472
Delta V3.61 b_32444320.exe
GET
200
18.173.189.168:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
92.123.104.31:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6472
Delta V3.61 b_32444320.exe
35.190.60.70:443
www.dlsft.com
GOOGLE
US
whitelisted
6472
Delta V3.61 b_32444320.exe
142.250.185.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
6472
Delta V3.61 b_32444320.exe
142.250.185.227:80
c.pki.goog
GOOGLE
US
whitelisted
6472
Delta V3.61 b_32444320.exe
104.21.64.1:443
filedm.com
CLOUDFLARENET
malicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
www.bing.com
  • 92.123.104.31
  • 92.123.104.32
  • 92.123.104.62
  • 92.123.104.34
  • 92.123.104.38
  • 184.86.251.15
  • 184.86.251.5
  • 184.86.251.14
  • 184.86.251.7
  • 184.86.251.10
  • 184.86.251.9
  • 184.86.251.11
  • 184.86.251.13
  • 184.86.251.8
whitelisted
google.com
  • 142.250.186.142
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.164
  • 23.48.23.170
  • 23.48.23.156
  • 23.48.23.159
  • 23.48.23.162
  • 23.48.23.150
  • 23.48.23.148
  • 23.48.23.153
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
www.dlsft.com
  • 35.190.60.70
unknown
ocsp.pki.goog
  • 142.250.185.131
whitelisted
c.pki.goog
  • 142.250.185.227
whitelisted
o.pki.goog
  • 142.250.185.131
whitelisted

Threats

No threats detected
Process
Message
Delta V3.61 b_32444320.exe
Error: (undefined) has no property - value
Delta V3.61 b_32444320.exe
at initializeDynamicVariables (this://app/main.html(351))
Delta V3.61 b_32444320.exe
at getFileInfo.@307@46 (this://app/main.html(329))
Delta V3.61 b_32444320.exe
Delta V3.61 b_32444320.exe
Delta V3.61 b_32444320.exe
scanning node questions /questions
Delta V3.61 b_32444320.exe
scanning node question /questions/question
Delta V3.61 b_32444320.exe
scanning node question /questions/question
Delta V3.61 b_32444320.exe
scanning node question /questions/question
Delta V3.61 b_32444320.exe
scanning node question /questions/question
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Delta V3.61 b_32444320.exe