Malware Analysis Report

2025-01-22 08:45

Sample ID 241027-tmev3syhqa
Target Delta V3.61 b_04532601.exe
SHA256 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Tags
discovery spyware stealer
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42

Threat Level: Shows suspicious behavior

The file Delta V3.61 b_04532601.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Drops file in System32 directory

Loads dropped DLL

Drops file in Program Files directory

Executes dropped EXE

Drops file in Windows directory

Checks installed software on the system

System Location Discovery: System Language Discovery

Reads user/profile data of web browsers

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Opens file in notepad (likely ransom note)

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 16:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 16:10

Reported

2024-10-27 16:13

Platform

win11-20241007-en

Max time kernel

210s

Max time network

211s

Command Line

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\pmls.dll C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\pmls.dll C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
File created C:\Windows\system32\pmls64.dll C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmph.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\PROGRA~2\PREMIE~1\RData.reg C:\Windows\SysWOW64\reg.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls64.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmph.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmph.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn64.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmph.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn32.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls64.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\PROGRA~2\PREMIE~1\tms.bin C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
File created C:\PROGRA~2\PREMIE~1\snt.dat C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmservice.ex_ C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmls64.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmropn64.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\cacert.pem C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
File created C:\Program Files (x86)\PremierOpinion\catrust.pem C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
File opened for modification C:\PROGRA~2\PREMIE~1\snt.dat.bac C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmservice.ex_ C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn32.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn64.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmls.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn64.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmropn32.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmropn.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmservice.ex_ C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls64.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn.ex_ C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn32.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\PROGRA~2\PREMIE~1\snt.dat C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls64.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn32.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File created C:\Program Files (x86)\PremierOpinion\pmropn.ex_ C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\PROGRA~2\PREMIE~1\RData.reg C:\Windows\SysWOW64\reg.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmropn64.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmph.dll C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\REG2948.tmp C:\Windows\SysWOW64\reg.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745191301632127" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{4FAE937F-BC97-4765-BDD5-B0BDB14D8E16} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Opera GXStable C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 5c000000010000000400000000080000140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c7619000000010000001000000012cab0233db2f09a0336851de92237df2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a58102000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 19000000010000001000000012cab0233db2f09a0336851de92237df0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Delta V3.61.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4264 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\OperaGX.exe
PID 4264 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\OperaGX.exe
PID 4264 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\OperaGX.exe
PID 3580 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\OperaGX.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 3580 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\OperaGX.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 3580 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\OperaGX.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 4024 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 4024 wrote to memory of 4388 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
PID 4024 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 3336 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 3336 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 3336 wrote to memory of 572 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
PID 4024 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 4024 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 4024 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
PID 4024 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
PID 4024 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
PID 4024 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
PID 3728 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
PID 3728 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
PID 3728 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
PID 4264 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
PID 4264 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 4264 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 4264 wrote to memory of 1668 N/A C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe C:\Windows\SysWOW64\NOTEPAD.EXE
PID 544 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe C:\Program Files (x86)\PremierOpinion\pmropn.exe
PID 544 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe C:\Program Files (x86)\PremierOpinion\pmropn.exe
PID 544 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe C:\Program Files (x86)\PremierOpinion\pmropn.exe
PID 4936 wrote to memory of 4100 N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Windows\system32\rundll32.exe
PID 4936 wrote to memory of 4100 N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Windows\system32\rundll32.exe
PID 4936 wrote to memory of 832 N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Windows\SysWOW64\reg.exe
PID 4936 wrote to memory of 832 N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Windows\SysWOW64\reg.exe
PID 4936 wrote to memory of 832 N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe C:\Windows\SysWOW64\reg.exe
PID 4100 wrote to memory of 1216 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe
PID 5004 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe C:\Program Files (x86)\PremierOpinion\pmropn.exe
PID 5004 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe C:\Program Files (x86)\PremierOpinion\pmropn.exe
PID 5004 wrote to memory of 2660 N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe C:\Program Files (x86)\PremierOpinion\pmropn.exe
PID 760 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 1844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 760 wrote to memory of 944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe

"C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe"

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe --silent --allusers=0 --server-tracking-blob=MmEwMzQ4MTI5NTE2MjRjMjY1ZDlmNzNhYTcxYTllMzEzYTk2ZDQzMjY1ZGYyNDUwZTYzMTFlYmY4MzQzYWMzOTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1iOTEzNzZiMDkxM2E0OTM0OWU0OTFiMjdkOGYwOGQ1YSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzAwNDU0MjguNzc5NSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiYjkxMzc2YjA5MTNhNDkzNDllNDkxYjI3ZDhmMDhkNWEiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI0ZDJkMzQyNi0yNTgzLTQxYTUtOGI2MS0xODVjMGZiMGY3ZDQifQ==

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x338,0x340,0x30c,0x344,0x71b28c5c,0x71b28c68,0x71b28c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4024 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241027161031" --session-guid=d726d371-56c8-4afc-9a65-99c6029dd747 --server-tracking-blob=NTQ0ZjNmNjRmYmEyYzFhOTg0OGU3Mjg2N2E2Y2M5OGEyMjhhNDYwZTJmNmEzZDBlYTQ5ZTNlZDBiYTA4NDg0YTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1iOTEzNzZiMDkxM2E0OTM0OWU0OTFiMjdkOGYwOGQ1YSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDA0NTQyOC43Nzk1IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiJiOTEzNzZiMDkxM2E0OTM0OWU0OTFiMjdkOGYwOGQ1YSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjRkMmQzNDI2LTI1ODMtNDFhNS04YjYxLTE4NWMwZmIwZjdkNCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4006000000000000

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x70be8c5c,0x70be8c68,0x70be8c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x864f48,0x864f58,0x864f64

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Program Files (x86)\PremierOpinion\pmropn.exe

C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:fF1XWXBSASgXaJnRCbPOGG -o:0

C:\Program Files (x86)\PremierOpinion\pmservice.exe

"C:\Program Files (x86)\PremierOpinion\pmservice.exe" /service

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe C:\Windows\system32\pmls64.dll,UpdateProcess 1216

C:\Windows\SysWOW64\reg.exe

reg.exe EXPORT "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" C:\PROGRA~2\PREMIE~1\RData.reg /y

C:\Program Files (x86)\PremierOpinion\pmropn.exe

C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:CusHfQ244xbagadtYAPOPN -o:0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff84028cc40,0x7ff84028cc4c,0x7ff84028cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3100,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4372,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5100,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe

"C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83cac3cb8,0x7ff83cac3cc8,0x7ff83cac3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 www.dlsft.com tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 70.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 172.67.195.231:443 filedm.com tcp
NL 18.238.243.18:443 dpd.securestudies.com tcp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 172.67.174.4:443 www.ovardu.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
NL 185.26.182.112:443 features.opera-api2.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 165.193.78.234:80 post.securestudies.com tcp
NL 185.26.182.123:443 autoupdate.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 185.26.182.112:443 features.opera-api2.com tcp
US 104.18.24.17:443 api.config.opr.gg tcp
NL 185.26.182.122:443 download.opera.com tcp
GB 2.18.27.72:443 download3.operacdn.com tcp
US 8.8.8.8:53 122.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 72.27.18.2.in-addr.arpa udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50006 tcp
N/A 127.0.0.1:50008 tcp
N/A 127.0.0.1:50010 tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50020 tcp
N/A 127.0.0.1:50023 tcp
N/A 127.0.0.1:50027 tcp
N/A 127.0.0.1:50030 tcp
N/A 127.0.0.1:50036 tcp
N/A 127.0.0.1:50039 tcp
N/A 127.0.0.1:50042 tcp
N/A 127.0.0.1:50045 tcp
N/A 127.0.0.1:50048 tcp
DE 207.120.58.24:443 rules.securestudies.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50261 tcp
N/A 127.0.0.1:50289 tcp
N/A 127.0.0.1:50303 tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50366 tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50498 tcp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:50547 tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
US 172.65.251.78:443 gitlab.com tcp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.232:443 discord.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 206.189.58.222:443 images.pling.com tcp
DE 85.13.128.115:443 arzotravels.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 2.18.190.80:443 img.freepik.com tcp
GB 87.248.205.1:443 i.kym-cdn.com tcp
US 104.26.7.147:443 cdn.wearedevs.net tcp
US 104.18.67.220:443 images.pexels.com tcp
US 104.18.67.220:443 images.pexels.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 222.58.189.206.in-addr.arpa udp
US 8.8.8.8:53 115.128.13.85.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 1.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 147.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 220.67.18.104.in-addr.arpa udp
DE 52.219.169.219:443 media-management-service.s3.amazonaws.com tcp
US 8.8.8.8:53 images4.alphacoders.com udp
US 172.67.48.187:443 images4.alphacoders.com tcp
CA 142.44.139.57:443 www.wallpaperup.com tcp
US 104.20.76.132:443 images4.alphacoders.com tcp
US 172.67.48.187:443 images4.alphacoders.com tcp
US 172.67.48.187:443 images4.alphacoders.com tcp
US 162.159.128.232:443 media.discordapp.net tcp
GB 79.127.237.132:443 assets.puzzlefactory.pl tcp
US 162.159.128.232:443 media.discordapp.net tcp
US 8.8.8.8:53 232.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 57.139.44.142.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
GB 2.18.66.81:443 tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 51.104.15.252:443 browser.pipe.aria.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\OperaGX.exe

MD5 0131dac93a71c2de2f1ec01fe0451ce2
SHA1 3d14184756cac54126adc60f603cbc003680c580
SHA256 71b17e95592ee39580a6989464f2b45d1008254e8f5f87c2fed4ea0a217908d4
SHA512 72504118727f52153bb164e6b5a43f3b2a950c57ba845f6521875d906e0f2868200119e7b5898a9c25e4c4a5059fd60f195bb6da30d63c604e28ff741f6ebbe8

C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe

MD5 a910474aad1eea96921d359e1763d2fd
SHA1 8f663c05861ce93a1418607bd208c21dc7263237
SHA256 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e
SHA512 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271610301614024.dll

MD5 94a99783bf5a9aeb8a0c8adcbb144ac8
SHA1 f5682606d1a3774a44d58a42391533899578897b
SHA256 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9
SHA512 f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 03200250201d5f98df580b7189a0a72d
SHA1 00406c539af3351dd6cb42e429d84ef61ddd6a10
SHA256 e8f46bdec676cbbc44ada66145141b0216a113566ff17718d3f6b63268d51ee4
SHA512 f3365e05c815e68094266093eb8ed9e5d54768c4f37aa40cbf93a69e529da4ac1b8d2fdb778854f702f5639d1d52145715443a3f755c1933cfc61b25875d6248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 82b0840fb6de2cefcf89cd264e581c41
SHA1 324702a17d80e10c1c343a1423bfd5013edeb53f
SHA256 ad8f624c57f3092bdbc0d0817398079dcf92a93e3f4f56f073a433ebce65eb61
SHA512 2ed827963467de1a601076fb2753b7f958ad1a3e06a46602c97925ea9b8b3b5cbffada6c8eee194e5a1c594efaeb5e8d4c740bc1d2bcb6bff7bfbd4ce39875ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 2e9a041a9fb5a9330c2b55bcec27d64c
SHA1 7a23efd7e062e1a24a18351369c76c68a144b31f
SHA256 8b54de909c22785430382b2d35a62bb53785bf199063451099975e289ee8e419
SHA512 30df31fe2faad511201b3614adec80ee9a630a90b40280f11fa049691dd4d47920efd7287586a5a081b8307fb1b23dc41efa75f90e0b6e3c1460ae364fc98ab0

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 4c1e10257032596eb201e3694f1592da
SHA1 06e515ab6af99bd6e36c4b463beb4aed851bb74e
SHA256 fa83a99687679b051108fe8f9ff39264bf7298d64ff969c2a82f69f5e331b9b1
SHA512 0ce87741d21d0cf30fbf46eb9e2b9868d11e73772594ce0a3f997d93476f3f765adef5d27c4aea9871ba58f8662e677aa0ce1cf8e92d565d3714ae7f22fa8e1f

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

MD5 2196dcacc7817baa543c8f582059b3e2
SHA1 68dc95911e6c287683caf5b104e869ef69089fed
SHA256 b6ac2bdd5c9baa2a03b6ac9f2650566b7e03b393b31f7917397d013155c95b62
SHA512 5e57c96c0225d5664e010760a83080acb0f5ee64077ee97c621865e461a1d549c0ec249017f52391afc3ebbc92d7f044faa9e437090cb22cc59d79d9f7cec002

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

MD5 bf6eed6cdc17a0130189a33a55ef5209
SHA1 e337f5a0931f69c464f162385f1330b4d27b372f
SHA256 ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168
SHA512 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

C:\Users\Admin\AppData\Local\link.txt

MD5 7183e8105b59f84f65b707323f48231f
SHA1 27ae5e5055b416ea811398ad83d125cb280e1034
SHA256 e60428d7b87a4e7b3232f033046f0ebe84f3119514e48441c997fced0a8948ad
SHA512 fcfa5438e1d05d6c04f8d652f7c141c35c06a1d988e401da7575b051ed56cc2cfd897238f4aaca6097f9562d0617ec62e087020f54e4fb0fb71ad5ff09785dd8

C:\Users\Admin\AppData\Local\Temp\~os15D1.tmp\pmservice.exe

MD5 4ef95918e313c7ca01084629416fc714
SHA1 5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c
SHA256 303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9
SHA512 75861731e9ec1a43741b2b84f60677e9fdf26d5db8d6e4e91297f826fc2c357272c18cede7f64c42798f5459900b33d693ababe4e1140e4cfc54ef7a04af633a

C:\Program Files (x86)\PremierOpinion\pmls.dll

MD5 50a0c6c01cdc5d2690ccd1f1541f6670
SHA1 c5e017a468efb70eabb1f861784edac62acb0e17
SHA256 f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99
SHA512 028d5a56c581d3751628c7503e83aa52c332678495943c3648049ae0b26a7190e98395ad205cf60896140d1a802c14a346a2d1553e7b53090c3f5beefd66e9b1

C:\Program Files (x86)\PremierOpinion\pmls64.dll

MD5 aa56cb7fd83150c3a75cd6a0de97eb78
SHA1 34415c5c8e57cfe9a7b4a498eacfe1403f3191ec
SHA256 034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765
SHA512 765f12e5e060db934d0f4e8159bb9bd10cdbe797d79488a0dc88215a73e49101e279ca69e10c1775a5e161bb4dd02585724c7c87bbefdcdd047adb4277804fa2

C:\Program Files (x86)\PremierOpinion\pmropn64.exe

MD5 ae5bbcc69b05359d0d5cc72ca6a1262e
SHA1 6843bd883d50216be44065411a983a4bcccdcc91
SHA256 12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425
SHA512 6417aaeb4ccd86504bc1f83e32c91a60920e98fff833c02fdbef974819a3288cab0c96d6b114ceed4432c305d49120cacbc7e0da69c911f4035aadfbec7a91de

C:\Program Files (x86)\PremierOpinion\pmph.dll

MD5 9d96ccb0d5ab5541b61d5c138d91796f
SHA1 cf3ee3e66c8f9c23e3efd29978215461347e650d
SHA256 379a1f1f02c8cb704f248c2f1ff79c8986f73c350a3bf6d9bbc93aeacd286e36
SHA512 69ca7d96896d872eefa63f0c0bd9613526a914e99c4cf12b5d221315277aa64894d99d0f5ce9c5e0ef640d61c9202cd3d51ddb2ab4c55f8fdf60d24a8c1ff6ac

C:\Program Files (x86)\PremierOpinion\pmropn32.exe

MD5 6e4d6b68e9565c4cc7791b00c2094ff9
SHA1 965a00a5a8bb05b35fbaa357951779ea3b71e392
SHA256 65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483
SHA512 0cb1396822c7350057cfc7280e1c67ccf1e1a2206347a10025e285f00e9364563685ba5282775960a9329511fd321a631222c87ae7ca8106eca00fb78722b20f

C:\Program Files (x86)\PremierOpinion\pmropn.exe

MD5 f27f98c1a877f9ca6f06c23bed4014ca
SHA1 25a231319659c30d6f86a5c9cdd1747d7c471542
SHA256 1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd
SHA512 f054a618d2f8e7a829c26548312b436e21058ee1ff64b40e7c19be2bde037003c21332af3c60e2fd92675af80526ef6faf84b8c1d7a095bb2c4d0b799e66599c

C:\Users\Admin\AppData\Local\Temp\osi236C.tmp

MD5 9c352c4c40c4fabda212aa0673090fe2
SHA1 c15a3513086c7ecb66261f4b064a72c10f1ce8e9
SHA256 c06ce324c02aa663453592449be91ac2e46db9c87a10cd2280e93738b81af29e
SHA512 de9f35ac234cc2caea9fbe632b52fa869db90cc2fec908b98b0fef417194c4edc4884f7d79a9f46c39c91bff762bf63bf888be01c6f48e271eabedf94fa7b005

memory/5084-268-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-269-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-267-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-282-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-281-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-280-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-279-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-278-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-277-0x00000000036E0000-0x00000000036E1000-memory.dmp

memory/5084-276-0x00000000036E0000-0x00000000036E1000-memory.dmp

C:\Windows\SystemTemp\REG2948.tmp

MD5 5eb3f79998f415230ece745e0b976652
SHA1 7164de9c5ae0d4bfd419ac2476930ee09bdf42db
SHA256 95af85c2a91781de810c7edcdef1625dc61d7b76621f07db95dc2952e3de7623
SHA512 77c678598fa6ef350dcf61887afc41f4a8a5fc1644988a4baf65c8d710b614e6f782b196b56336bdd1201fd39efd279f6f550da9dde2291948b9e676ea55b5c4

memory/4100-418-0x00007FF85FA50000-0x00007FF85FABF000-memory.dmp

memory/4100-422-0x00007FF85DCB0000-0x00007FF85DCF2000-memory.dmp

memory/4100-423-0x00007FF860CB0000-0x00007FF86145E000-memory.dmp

memory/4100-421-0x00007FF857CF0000-0x00007FF857DFC000-memory.dmp

memory/4100-420-0x00007FF85DEC0000-0x00007FF85DF27000-memory.dmp

memory/4100-417-0x00007FF85ED30000-0x00007FF85F0A4000-memory.dmp

memory/4100-419-0x00007FF84AB50000-0x00007FF84B04A000-memory.dmp

memory/4100-416-0x00007FF860350000-0x00007FF86040D000-memory.dmp

C:\PROGRA~2\PREMIE~1\snt.dat

MD5 4287f3d567dd93b16fe61c3fb4b8bc72
SHA1 77f48c789390662254ee28ada34b8028040c8bc5
SHA256 d4742de57a47f9283ac8a0c2f80245aa86dca844fbb2a62daf9009a1c2b2fcda
SHA512 fa655357a297971e26989d5608214b9af39e28ddba3d17b6dbb779fdf4cdab9bf4ee653ec670959844735f5db23b90c94ca2d38f11f2dc304839b1c0aa23d33e

C:\Program Files (x86)\PremierOpinion\cacert.pem

MD5 77eb3ade4c5b0db67c6e8a26f131073c
SHA1 ad9e8c00174cc2e707f59df671f89a9d7fc2ffc7
SHA256 9f19e7a7139cca8373b516ab1ae49c644aa1c8048e8c7aa5784774a081dcbb87
SHA512 20eb7d34c80bb8d8a415bcdccf8e46cb36396c095ed1468b69c0cb91da915e3a14c7fd55247f68e64ff71cf8d336cc286c3662710ca6281840fdc2f1eb7ac6a1

C:\Users\Admin\AppData\Local\Temp\~os3FEE.tmp\upgrade.xml

MD5 52b83eb55e453daa1f00ceb853b5e039
SHA1 6baf3e01c31b8143c3528bec10f6b2fc6a6c919b
SHA256 59e46737a3a8a3a76ae2437f0ebf6ed5c0b8744bb18e322caa2bd084b276b7ca
SHA512 78a359240e38431b388506c374ca16566a8812d80f37c6c57bbd110981952f81aba7b49dcf96bf75d5f68c44cefaadf0a56b7b68f7375420021561c09c4706a0

C:\Program Files (x86)\PremierOpinion\pmservice.ex_

MD5 f6f38aa63da907a39618ec6d001945df
SHA1 7f1d903b9b7a7545ff3fa1898e68ae7b6b0283ef
SHA256 8dde9bb88407384d1fb709922ec5a8c8ceb41595785f90df8736b1021de91b4d
SHA512 1aa222cd7a93ac029705ec9cc1999316ade5389f4b3eae0ef8b013b89e0249252190026a4cdb4ff77f8b4c3033dbca05dbf88e3176d22086923dc914a6239003

memory/2660-578-0x0000000005A80000-0x0000000005A81000-memory.dmp

memory/2660-579-0x0000000005A80000-0x0000000005A81000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 155824c70a271f41cef12339c7dc5b8a
SHA1 d0a9a20fdbae05efabd23e76c4284a7d3ea83fbd
SHA256 4194acc3e1ba056f1ae718480d10e5fd2bc83735a9085007bb83b99546556174
SHA512 a598598ba4ebe6035620c830a5268f1767d9c37c0dd13fd177f995ad42b91da2a1880f737944bc39a134b46188447467d2c77309bf0368e10acb748f29f92766

C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 9e8bb5e42280edeaac4745d924fb09dc
SHA1 25a6ef734db4b65846ea3c975a0774f583d69699
SHA256 f6ff7aa82a563abadc9c1efa669379ea8121e0f9513f21afc9df53e7ecc0de28
SHA512 9ebc17129d5d7841249e2cf180fe766941910cc8d893e4083ee16dea08ec7c29e8bcea33a79a7be32b85a55a565e941d5acad8f96cec11ed1ee798cef26d3c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5220d5f9cb16ceacdd3e81e7b25a7b1b
SHA1 91f3c4bab343d8452861ee51fcf4e6a73caffeca
SHA256 9e2bb8d6575e6b1b6e97fb55b4cfd6e11fa2c9a970805b5310e181a78a767591
SHA512 187011ded12ffc7e7419b70a8d5161f288b4ab7fe57c8dec47b564959586ea68aa2ea024c136fa4007efd46b24e85a1266be68d884c7f3dc5d797c9bcb78aafe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 511603b8dc8ce2a14a1dddd923cd07fc
SHA1 3a0de34d27197d185f8b5b07cae8e30770f0dc4d
SHA256 d5f3891ca3a80134c138407ef80eb6bd4d3bb79cd78fa1eb852cd21d7eda45e6
SHA512 3a24a9da135f5be871029e655d1a17742956b186f7b8eaa7dcd69ec13bdfafd60fe31ff00f73f277c484cafc5cca698e7975ce5f2bb4046f3cfaa9bddc49f429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9db1cc1a7ab32d8b9b266257ab8bd49
SHA1 6a5f6a45989523b9245ddee8125ede2d2bfd8e13
SHA256 8e8daa87f402cf3b5fd5d8b8026db6f7b9620c76598d4977d530dfd7a29d5821
SHA512 e8b4ea46ef4f09f195404f094369e216b144ac9f53c7a360b690d5ff4785e28788b7181324704778fc596c5ee646dc94eb987dd2e6f414d70beee194cd7c3a04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7a5c9afd362be018d544cd4f8bdbc690
SHA1 90e353dd116210eafd345f307a11ba5a4de4adc2
SHA256 fdf0351f3b601a503bf05cd8179b520087b6e2998548bb27b36eaf03a58c170d
SHA512 8b7e3f9911bcbdfa1ace29f87a8620030649e0040d4754adaccd1a07512dd54439bae4ffc1f69bc767fb2cb34f1eff9771424606cace5cd1b8782a32c8b7b434

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e8aa5dd6025ba55c9dd78fbb3b84bc83
SHA1 467e526ed41d76bbaa7fe5e8723208971c9d435b
SHA256 00addb4989e816863428a48981285f7ea91d36b306f08e6174691381c085d0b4
SHA512 5f90b73b8789689fc242a6565ca260193435bc5bc900335032d68bd72993b6edd84d03d8e42ce9bc3b99b21b1c3e6e7b09c83e580be46e8eb5636cb088722dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f13aa66039e5d44da317bbcbc7d1bbc
SHA1 19014a19859b3fcf1e5326de0582ec7be97015aa
SHA256 a5c3b67fa6acd2fec6ab7baebe529d68d689766133e9d5a92d93aa65b0b7aa45
SHA512 7f560f324e3a499f3d56f49f79f6bff3f2a83fb57dcc28704b38e5b05a8b9183da63a58787e43c7cc00549f6a0c82a3eb5cc1eb4c143c46dab3842dfc4a86dbf

memory/2036-725-0x00000000005D0000-0x00000000016D6000-memory.dmp

memory/2036-726-0x00000000064D0000-0x00000000064D8000-memory.dmp

memory/2036-727-0x0000000006520000-0x0000000006558000-memory.dmp

memory/2036-728-0x00000000064E0000-0x00000000064EE000-memory.dmp

memory/2036-729-0x0000000006710000-0x00000000067C0000-memory.dmp

memory/2036-730-0x0000000006B80000-0x0000000006BF6000-memory.dmp

memory/2036-733-0x0000000006B30000-0x0000000006B52000-memory.dmp

memory/2036-734-0x0000000006C00000-0x0000000006C1E000-memory.dmp

memory/2036-735-0x00000000070B0000-0x0000000007407000-memory.dmp

memory/2036-736-0x0000000007520000-0x00000000075BC000-memory.dmp

memory/2036-737-0x00000000087B0000-0x00000000087B8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 02a4b762e84a74f9ee8a7d8ddd34fedb
SHA1 4a870e3bd7fd56235062789d780610f95e3b8785
SHA256 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA512 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

memory/2036-749-0x000000000DA50000-0x000000000DAE2000-memory.dmp

memory/2036-748-0x000000000FFC0000-0x0000000010566000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 826c7cac03e3ae47bfe2a7e50281605e
SHA1 100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512 a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a60cf7a127f461320436d22049e9ca8
SHA1 e66431e11480011484f168977422b75f6d8f1083
SHA256 a805017d5c844c9f409d254af47d36a5055d54af64241bd062a924001b82c532
SHA512 bbd326e11e7aa8d6117183549a94adb2b365d478360c332d354480ce20f5f7c79bee001907bfef5a9b505de322c5be490f0c46958da1404fa7c945e19f8d782f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bbd59cf00bd9d7b6432b0e403974a463
SHA1 a836bd21e0cb43fc1b1743dc58f3e4e507d7e3b1
SHA256 56d2d4a116ea2dd97f66dfebb0c6bea26241facdd4c3db5c08449ad3f294d546
SHA512 f30eec02a24c66d15c9b4396e4a8a4158369021450ab5e317c95ba17438fcff9dcb6ca8410a893055f4655301fdbbc3bad53698b842f99a17fa622301af98929

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c79d128d09a051a46a6ef39efd412c8f
SHA1 a8ce55a87aa534757fe2bc8ad50d97828e1e3c61
SHA256 cbddd96c4199c29711211c3bd561f5376ede297140d0dd6d971d81c4b9fcabec
SHA512 2d233b227198a51604bbb8f28e390e0e784bae473e05c580d2dc64bd9bb0c2bce38902497e5ea49a1bf92152cd122e8c2e843a18e552f976034b63b1ffb2ce5f

memory/2036-835-0x000000000E190000-0x000000000E318000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ec9614a74091c12b90ff0f6a2136ce47
SHA1 c132e27fe009e27dab7c860688040383b8ae057a
SHA256 e524587d64de0e5dec891481f2b1238f556dac8bf254ad05306e3140883e5aa6
SHA512 98e5e412c306abab7c206d957e7c4fcb17371b350a67d3249c8f732da60bdcb70eb2c6857dec57cd2cf51410b1a7dd7436993e1f399164d46a31eaf016016cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f94ac3e1e8463c681a8cb6ab12b1307
SHA1 6e464e2ad3b21b88be9a6e7ac8631f34524c26e9
SHA256 a5b29d042944ce1d64773ac2f56949989b5964f6d95f76b1536375563ec2eecd
SHA512 563e5a98d52b035918163091e019b1846a39860dc8871261519e4af74535220bc79ac315a916c28418e7bd19a72aa4aef192bf0ab8168409faa81271d2aeb9eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2c1b462a-5d57-4ba1-aa2e-1ccbabcdbf5f.tmp

MD5 62424baf6d7fd2c249d13b5fa507425a
SHA1 e4dbccf76e980eab460f4c10bfa31671b23f5a54
SHA256 396b0ba91d3284f012c63034b26be9451b167a4399b9706a330485854815f35f
SHA512 0ca1744ce0075b94009832a3b231abacd57a3c63d2bc7314edda76111b20efc037ae8a46c50a0358b0fc3bac309c3d87183a135c049df39e12257bbd1bbdb4b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 abb742b66aa6a1603a1b30de1d8e717b
SHA1 48aca798f0c65dd33e8c5f8efd65185ddc68a166
SHA256 f5b081c8ca7975d4f8f8713b940d10cfb6f340e0c85125d1376cb703c577f542
SHA512 155e5ae628f3f2408ebc478da3f032b8352f40c36be4057b9401b2bb43e0fb3a7923c8c7051ed108356dce54a23e24efe1ce2fc1352b6b7693c069e19ecae798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e64b3c7336f9dde3bce708be69c680a5
SHA1 7173d5de4c26dd95e99e75c64e97312f1644c33b
SHA256 abc994d24cbc6510a200d019f77dc084ee46931998e45ce04853b702151e93d0
SHA512 a4a5278d1584ee78d6085738ddc04eb2c0f4fa4c0330e5e788eab84969de3ae264d3341824da4da943b27e8c0f958805577b4e1f577b99728b834dbc9be881bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4be89b1d7f0386ac025b3ac476a30397
SHA1 3975428a95e1617991f56b8bab5fc5f1d62eb73b
SHA256 aed3ce629a2e853daa0abbae4b3439d4a70ca357e89e7dfd65a560211c78c49c
SHA512 e1a110938eb3f58ff5632979e4261a99232154cb6a2bf44effca30c8bb9e3074e7facc035767efb85298436f96897f7b437eadc7514cb9b8af782c8ff4b4a507

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ac6201b0a20123da9ca61bc8e80149a
SHA1 f774a5de649fd5711ca0c099a772b8e48fb278f6
SHA256 008c14694cc813fe3da4fe66ae014adf91ca0e358d487bc62a7a5a2187b9f275
SHA512 241e79a7a5a67222af7ec4318bfde42edace847a9c8dfd8fde55eb8f88d75c14f62860a8ccb3b0632b27976fe8da9c43eb988f5a6928c1a3552171f6900403d1

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 ce1600c3888d89162c8032344ab20842
SHA1 45b3b3e3364a976862b02dc3d2f68a672326ca77
SHA256 bd0c29fc13c6b6af79cb8da57bb87d7ea0140609b9364a3771ed85a6961f99e1
SHA512 78b49956f0fe18e5511bee752b521c4806af39fb43ba0232d11fa1724b6eaa8863658f123b09bb8b07ffe2f5375f37302092681f02a1e896e1af9182dffe3cbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2059a44baaa9a3dd97e1382833922194
SHA1 043deb7b2b39ffd3b49e6f196fcfc338e41065d6
SHA256 3fa66e4332ac0c3aa558b6c3f8e567ff57ac12d8bd6bf52afcfb4ee84d823c64
SHA512 1b5029cd6268a559e8604f7509824b1823df52b0dfe25a9466df950aca3fac459447dc282851705b50705e0e0102afc7d44cbf0264cda968cc482db1b920daf8