Analysis Overview
SHA256
61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
Threat Level: Shows suspicious behavior
The file Delta V3.61 b_04532601.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Drops file in System32 directory
Loads dropped DLL
Drops file in Program Files directory
Executes dropped EXE
Drops file in Windows directory
Checks installed software on the system
System Location Discovery: System Language Discovery
Reads user/profile data of web browsers
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 16:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 16:10
Reported
2024-10-27 16:13
Platform
win11-20241007-en
Max time kernel
210s
Max time network
211s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\pmls.dll | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\pmls.dll | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| File created | C:\Windows\system32\pmls64.dll | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\PremierOpinion\pmservice.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmph.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\PROGRA~2\PREMIE~1\RData.reg | C:\Windows\SysWOW64\reg.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmservice.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls64.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmph.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmservice.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmservice.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmph.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn64.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmph.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn32.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls64.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\PROGRA~2\PREMIE~1\tms.bin | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| File created | C:\PROGRA~2\PREMIE~1\snt.dat | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmservice.ex_ | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmls64.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn64.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\cacert.pem | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\catrust.pem | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| File opened for modification | C:\PROGRA~2\PREMIE~1\snt.dat.bac | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmservice.ex_ | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn32.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn64.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmls.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn64.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn32.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmservice.ex_ | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls64.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn.ex_ | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmservice.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn32.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\PROGRA~2\PREMIE~1\snt.dat | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmls64.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn32.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn.ex_ | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\PROGRA~2\PREMIE~1\RData.reg | C:\Windows\SysWOW64\reg.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmropn64.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PremierOpinion\pmph.dll | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\REG2948.tmp | C:\Windows\SysWOW64\reg.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745191301632127" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2584844841-1405471295-1760131749-1000\{4FAE937F-BC97-4765-BDD5-B0BDB14D8E16} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 5c000000010000000400000000080000140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c7619000000010000001000000012cab0233db2f09a0336851de92237df2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a58102000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 19000000010000001000000012cab0233db2f09a0336851de92237df0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Delta V3.61.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe
"C:\Users\Admin\AppData\Local\Temp\Delta V3.61 b_04532601.exe"
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe --silent --allusers=0 --server-tracking-blob=MmEwMzQ4MTI5NTE2MjRjMjY1ZDlmNzNhYTcxYTllMzEzYTk2ZDQzMjY1ZGYyNDUwZTYzMTFlYmY4MzQzYWMzOTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1iOTEzNzZiMDkxM2E0OTM0OWU0OTFiMjdkOGYwOGQ1YSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzAwNDU0MjguNzc5NSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiYjkxMzc2YjA5MTNhNDkzNDllNDkxYjI3ZDhmMDhkNWEiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI0ZDJkMzQyNi0yNTgzLTQxYTUtOGI2MS0xODVjMGZiMGY3ZDQifQ==
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x33c,0x338,0x340,0x30c,0x344,0x71b28c5c,0x71b28c68,0x71b28c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4024 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241027161031" --session-guid=d726d371-56c8-4afc-9a65-99c6029dd747 --server-tracking-blob=NTQ0ZjNmNjRmYmEyYzFhOTg0OGU3Mjg2N2E2Y2M5OGEyMjhhNDYwZTJmNmEzZDBlYTQ5ZTNlZDBiYTA4NDg0YTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1iOTEzNzZiMDkxM2E0OTM0OWU0OTFiMjdkOGYwOGQ1YSZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMDA0NTQyOC43Nzk1IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiJiOTEzNzZiMDkxM2E0OTM0OWU0OTFiMjdkOGYwOGQ1YSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjRkMmQzNDI2LTI1ODMtNDFhNS04YjYxLTE4NWMwZmIwZjdkNCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4006000000000000
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.123 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x70be8c5c,0x70be8c68,0x70be8c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x864f48,0x864f58,0x864f64
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:fF1XWXBSASgXaJnRCbPOGG -o:0
C:\Program Files (x86)\PremierOpinion\pmservice.exe
"C:\Program Files (x86)\PremierOpinion\pmservice.exe" /service
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\pmls64.dll,UpdateProcess 1216
C:\Windows\SysWOW64\reg.exe
reg.exe EXPORT "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" C:\PROGRA~2\PREMIE~1\RData.reg /y
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:CusHfQ244xbagadtYAPOPN -o:0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff84028cc40,0x7ff84028cc4c,0x7ff84028cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3100,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4372,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5100,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,9148051623699778848,1353005405572739938,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe
"C:\Users\Admin\Downloads\Delta V3.61\Delta V3.61\Delta.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83cac3cb8,0x7ff83cac3cc8,0x7ff83cac3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11090138457184656716,15254491996387246427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| NL | 18.238.243.18:443 | dpd.securestudies.com | tcp |
| NL | 18.238.246.206:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| NL | 185.26.182.112:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 185.26.182.112:443 | features.opera-api2.com | tcp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| GB | 2.18.27.72:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 122.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.27.18.2.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50006 | tcp | |
| N/A | 127.0.0.1:50008 | tcp | |
| N/A | 127.0.0.1:50010 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50020 | tcp | |
| N/A | 127.0.0.1:50023 | tcp | |
| N/A | 127.0.0.1:50027 | tcp | |
| N/A | 127.0.0.1:50030 | tcp | |
| N/A | 127.0.0.1:50036 | tcp | |
| N/A | 127.0.0.1:50039 | tcp | |
| N/A | 127.0.0.1:50042 | tcp | |
| N/A | 127.0.0.1:50045 | tcp | |
| N/A | 127.0.0.1:50048 | tcp | |
| DE | 207.120.58.24:443 | rules.securestudies.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50261 | tcp | |
| N/A | 127.0.0.1:50289 | tcp | |
| N/A | 127.0.0.1:50303 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50366 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50498 | tcp | |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:50547 | tcp | |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 172.65.251.78:443 | gitlab.com | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| DE | 206.189.58.222:443 | images.pling.com | tcp |
| DE | 85.13.128.115:443 | arzotravels.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 2.18.190.80:443 | img.freepik.com | tcp |
| GB | 87.248.205.1:443 | i.kym-cdn.com | tcp |
| US | 104.26.7.147:443 | cdn.wearedevs.net | tcp |
| US | 104.18.67.220:443 | images.pexels.com | tcp |
| US | 104.18.67.220:443 | images.pexels.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 222.58.189.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.128.13.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.67.18.104.in-addr.arpa | udp |
| DE | 52.219.169.219:443 | media-management-service.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | images4.alphacoders.com | udp |
| US | 172.67.48.187:443 | images4.alphacoders.com | tcp |
| CA | 142.44.139.57:443 | www.wallpaperup.com | tcp |
| US | 104.20.76.132:443 | images4.alphacoders.com | tcp |
| US | 172.67.48.187:443 | images4.alphacoders.com | tcp |
| US | 172.67.48.187:443 | images4.alphacoders.com | tcp |
| US | 162.159.128.232:443 | media.discordapp.net | tcp |
| GB | 79.127.237.132:443 | assets.puzzlefactory.pl | tcp |
| US | 162.159.128.232:443 | media.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.139.44.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| GB | 2.18.66.81:443 | tcp | |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 51.104.15.252:443 | browser.pipe.aria.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | 0131dac93a71c2de2f1ec01fe0451ce2 |
| SHA1 | 3d14184756cac54126adc60f603cbc003680c580 |
| SHA256 | 71b17e95592ee39580a6989464f2b45d1008254e8f5f87c2fed4ea0a217908d4 |
| SHA512 | 72504118727f52153bb164e6b5a43f3b2a950c57ba845f6521875d906e0f2868200119e7b5898a9c25e4c4a5059fd60f195bb6da30d63c604e28ff741f6ebbe8 |
C:\Users\Admin\AppData\Local\Temp\7zSCFD5A8E7\setup.exe
| MD5 | a910474aad1eea96921d359e1763d2fd |
| SHA1 | 8f663c05861ce93a1418607bd208c21dc7263237 |
| SHA256 | 5354a7fa4ef330546d79e1ea02c456084400d0b47d52aaa43b088340981f461e |
| SHA512 | 8654f3c5eb98dd4097ed5367771f2f3487a4c90f95754ca39b8900ab52c2c78ab6f90da339c1cce06364ca242d49901a7ebbac92cf14955e3a267ea988c194e4 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410271610301614024.dll
| MD5 | 94a99783bf5a9aeb8a0c8adcbb144ac8 |
| SHA1 | f5682606d1a3774a44d58a42391533899578897b |
| SHA256 | 5d8acd8032a3f3147b50e88dd1141312f9232f46ee0cb9487efae3c23545a0e9 |
| SHA512 | f545d11b103b79a00f8118000a447b26f76520f9ae4c4e78542237eb11b931b98900f62065ae3fbff747a79d6954d15a7ccb123b2adcfc81df71c17a6cf840a2 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 03200250201d5f98df580b7189a0a72d |
| SHA1 | 00406c539af3351dd6cb42e429d84ef61ddd6a10 |
| SHA256 | e8f46bdec676cbbc44ada66145141b0216a113566ff17718d3f6b63268d51ee4 |
| SHA512 | f3365e05c815e68094266093eb8ed9e5d54768c4f37aa40cbf93a69e529da4ac1b8d2fdb778854f702f5639d1d52145715443a3f755c1933cfc61b25875d6248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 82b0840fb6de2cefcf89cd264e581c41 |
| SHA1 | 324702a17d80e10c1c343a1423bfd5013edeb53f |
| SHA256 | ad8f624c57f3092bdbc0d0817398079dcf92a93e3f4f56f073a433ebce65eb61 |
| SHA512 | 2ed827963467de1a601076fb2753b7f958ad1a3e06a46602c97925ea9b8b3b5cbffada6c8eee194e5a1c594efaeb5e8d4c740bc1d2bcb6bff7bfbd4ce39875ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 2e9a041a9fb5a9330c2b55bcec27d64c |
| SHA1 | 7a23efd7e062e1a24a18351369c76c68a144b31f |
| SHA256 | 8b54de909c22785430382b2d35a62bb53785bf199063451099975e289ee8e419 |
| SHA512 | 30df31fe2faad511201b3614adec80ee9a630a90b40280f11fa049691dd4d47920efd7287586a5a081b8307fb1b23dc41efa75f90e0b6e3c1460ae364fc98ab0 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410271610311\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 4c1e10257032596eb201e3694f1592da |
| SHA1 | 06e515ab6af99bd6e36c4b463beb4aed851bb74e |
| SHA256 | fa83a99687679b051108fe8f9ff39264bf7298d64ff969c2a82f69f5e331b9b1 |
| SHA512 | 0ce87741d21d0cf30fbf46eb9e2b9868d11e73772594ce0a3f997d93476f3f765adef5d27c4aea9871ba58f8662e677aa0ce1cf8e92d565d3714ae7f22fa8e1f |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | 2196dcacc7817baa543c8f582059b3e2 |
| SHA1 | 68dc95911e6c287683caf5b104e869ef69089fed |
| SHA256 | b6ac2bdd5c9baa2a03b6ac9f2650566b7e03b393b31f7917397d013155c95b62 |
| SHA512 | 5e57c96c0225d5664e010760a83080acb0f5ee64077ee97c621865e461a1d549c0ec249017f52391afc3ebbc92d7f044faa9e437090cb22cc59d79d9f7cec002 |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | bf6eed6cdc17a0130189a33a55ef5209 |
| SHA1 | e337f5a0931f69c464f162385f1330b4d27b372f |
| SHA256 | ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168 |
| SHA512 | 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d |
C:\Users\Admin\AppData\Local\link.txt
| MD5 | 7183e8105b59f84f65b707323f48231f |
| SHA1 | 27ae5e5055b416ea811398ad83d125cb280e1034 |
| SHA256 | e60428d7b87a4e7b3232f033046f0ebe84f3119514e48441c997fced0a8948ad |
| SHA512 | fcfa5438e1d05d6c04f8d652f7c141c35c06a1d988e401da7575b051ed56cc2cfd897238f4aaca6097f9562d0617ec62e087020f54e4fb0fb71ad5ff09785dd8 |
C:\Users\Admin\AppData\Local\Temp\~os15D1.tmp\pmservice.exe
| MD5 | 4ef95918e313c7ca01084629416fc714 |
| SHA1 | 5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c |
| SHA256 | 303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9 |
| SHA512 | 75861731e9ec1a43741b2b84f60677e9fdf26d5db8d6e4e91297f826fc2c357272c18cede7f64c42798f5459900b33d693ababe4e1140e4cfc54ef7a04af633a |
C:\Program Files (x86)\PremierOpinion\pmls.dll
| MD5 | 50a0c6c01cdc5d2690ccd1f1541f6670 |
| SHA1 | c5e017a468efb70eabb1f861784edac62acb0e17 |
| SHA256 | f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99 |
| SHA512 | 028d5a56c581d3751628c7503e83aa52c332678495943c3648049ae0b26a7190e98395ad205cf60896140d1a802c14a346a2d1553e7b53090c3f5beefd66e9b1 |
C:\Program Files (x86)\PremierOpinion\pmls64.dll
| MD5 | aa56cb7fd83150c3a75cd6a0de97eb78 |
| SHA1 | 34415c5c8e57cfe9a7b4a498eacfe1403f3191ec |
| SHA256 | 034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765 |
| SHA512 | 765f12e5e060db934d0f4e8159bb9bd10cdbe797d79488a0dc88215a73e49101e279ca69e10c1775a5e161bb4dd02585724c7c87bbefdcdd047adb4277804fa2 |
C:\Program Files (x86)\PremierOpinion\pmropn64.exe
| MD5 | ae5bbcc69b05359d0d5cc72ca6a1262e |
| SHA1 | 6843bd883d50216be44065411a983a4bcccdcc91 |
| SHA256 | 12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425 |
| SHA512 | 6417aaeb4ccd86504bc1f83e32c91a60920e98fff833c02fdbef974819a3288cab0c96d6b114ceed4432c305d49120cacbc7e0da69c911f4035aadfbec7a91de |
C:\Program Files (x86)\PremierOpinion\pmph.dll
| MD5 | 9d96ccb0d5ab5541b61d5c138d91796f |
| SHA1 | cf3ee3e66c8f9c23e3efd29978215461347e650d |
| SHA256 | 379a1f1f02c8cb704f248c2f1ff79c8986f73c350a3bf6d9bbc93aeacd286e36 |
| SHA512 | 69ca7d96896d872eefa63f0c0bd9613526a914e99c4cf12b5d221315277aa64894d99d0f5ce9c5e0ef640d61c9202cd3d51ddb2ab4c55f8fdf60d24a8c1ff6ac |
C:\Program Files (x86)\PremierOpinion\pmropn32.exe
| MD5 | 6e4d6b68e9565c4cc7791b00c2094ff9 |
| SHA1 | 965a00a5a8bb05b35fbaa357951779ea3b71e392 |
| SHA256 | 65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483 |
| SHA512 | 0cb1396822c7350057cfc7280e1c67ccf1e1a2206347a10025e285f00e9364563685ba5282775960a9329511fd321a631222c87ae7ca8106eca00fb78722b20f |
C:\Program Files (x86)\PremierOpinion\pmropn.exe
| MD5 | f27f98c1a877f9ca6f06c23bed4014ca |
| SHA1 | 25a231319659c30d6f86a5c9cdd1747d7c471542 |
| SHA256 | 1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd |
| SHA512 | f054a618d2f8e7a829c26548312b436e21058ee1ff64b40e7c19be2bde037003c21332af3c60e2fd92675af80526ef6faf84b8c1d7a095bb2c4d0b799e66599c |
C:\Users\Admin\AppData\Local\Temp\osi236C.tmp
| MD5 | 9c352c4c40c4fabda212aa0673090fe2 |
| SHA1 | c15a3513086c7ecb66261f4b064a72c10f1ce8e9 |
| SHA256 | c06ce324c02aa663453592449be91ac2e46db9c87a10cd2280e93738b81af29e |
| SHA512 | de9f35ac234cc2caea9fbe632b52fa869db90cc2fec908b98b0fef417194c4edc4884f7d79a9f46c39c91bff762bf63bf888be01c6f48e271eabedf94fa7b005 |
memory/5084-268-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-269-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-267-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-282-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-281-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-280-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-279-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-278-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-277-0x00000000036E0000-0x00000000036E1000-memory.dmp
memory/5084-276-0x00000000036E0000-0x00000000036E1000-memory.dmp
C:\Windows\SystemTemp\REG2948.tmp
| MD5 | 5eb3f79998f415230ece745e0b976652 |
| SHA1 | 7164de9c5ae0d4bfd419ac2476930ee09bdf42db |
| SHA256 | 95af85c2a91781de810c7edcdef1625dc61d7b76621f07db95dc2952e3de7623 |
| SHA512 | 77c678598fa6ef350dcf61887afc41f4a8a5fc1644988a4baf65c8d710b614e6f782b196b56336bdd1201fd39efd279f6f550da9dde2291948b9e676ea55b5c4 |
memory/4100-418-0x00007FF85FA50000-0x00007FF85FABF000-memory.dmp
memory/4100-422-0x00007FF85DCB0000-0x00007FF85DCF2000-memory.dmp
memory/4100-423-0x00007FF860CB0000-0x00007FF86145E000-memory.dmp
memory/4100-421-0x00007FF857CF0000-0x00007FF857DFC000-memory.dmp
memory/4100-420-0x00007FF85DEC0000-0x00007FF85DF27000-memory.dmp
memory/4100-417-0x00007FF85ED30000-0x00007FF85F0A4000-memory.dmp
memory/4100-419-0x00007FF84AB50000-0x00007FF84B04A000-memory.dmp
memory/4100-416-0x00007FF860350000-0x00007FF86040D000-memory.dmp
C:\PROGRA~2\PREMIE~1\snt.dat
| MD5 | 4287f3d567dd93b16fe61c3fb4b8bc72 |
| SHA1 | 77f48c789390662254ee28ada34b8028040c8bc5 |
| SHA256 | d4742de57a47f9283ac8a0c2f80245aa86dca844fbb2a62daf9009a1c2b2fcda |
| SHA512 | fa655357a297971e26989d5608214b9af39e28ddba3d17b6dbb779fdf4cdab9bf4ee653ec670959844735f5db23b90c94ca2d38f11f2dc304839b1c0aa23d33e |
C:\Program Files (x86)\PremierOpinion\cacert.pem
| MD5 | 77eb3ade4c5b0db67c6e8a26f131073c |
| SHA1 | ad9e8c00174cc2e707f59df671f89a9d7fc2ffc7 |
| SHA256 | 9f19e7a7139cca8373b516ab1ae49c644aa1c8048e8c7aa5784774a081dcbb87 |
| SHA512 | 20eb7d34c80bb8d8a415bcdccf8e46cb36396c095ed1468b69c0cb91da915e3a14c7fd55247f68e64ff71cf8d336cc286c3662710ca6281840fdc2f1eb7ac6a1 |
C:\Users\Admin\AppData\Local\Temp\~os3FEE.tmp\upgrade.xml
| MD5 | 52b83eb55e453daa1f00ceb853b5e039 |
| SHA1 | 6baf3e01c31b8143c3528bec10f6b2fc6a6c919b |
| SHA256 | 59e46737a3a8a3a76ae2437f0ebf6ed5c0b8744bb18e322caa2bd084b276b7ca |
| SHA512 | 78a359240e38431b388506c374ca16566a8812d80f37c6c57bbd110981952f81aba7b49dcf96bf75d5f68c44cefaadf0a56b7b68f7375420021561c09c4706a0 |
C:\Program Files (x86)\PremierOpinion\pmservice.ex_
| MD5 | f6f38aa63da907a39618ec6d001945df |
| SHA1 | 7f1d903b9b7a7545ff3fa1898e68ae7b6b0283ef |
| SHA256 | 8dde9bb88407384d1fb709922ec5a8c8ceb41595785f90df8736b1021de91b4d |
| SHA512 | 1aa222cd7a93ac029705ec9cc1999316ade5389f4b3eae0ef8b013b89e0249252190026a4cdb4ff77f8b4c3033dbca05dbf88e3176d22086923dc914a6239003 |
memory/2660-578-0x0000000005A80000-0x0000000005A81000-memory.dmp
memory/2660-579-0x0000000005A80000-0x0000000005A81000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 155824c70a271f41cef12339c7dc5b8a |
| SHA1 | d0a9a20fdbae05efabd23e76c4284a7d3ea83fbd |
| SHA256 | 4194acc3e1ba056f1ae718480d10e5fd2bc83735a9085007bb83b99546556174 |
| SHA512 | a598598ba4ebe6035620c830a5268f1767d9c37c0dd13fd177f995ad42b91da2a1880f737944bc39a134b46188447467d2c77309bf0368e10acb748f29f92766 |
C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | 9e8bb5e42280edeaac4745d924fb09dc |
| SHA1 | 25a6ef734db4b65846ea3c975a0774f583d69699 |
| SHA256 | f6ff7aa82a563abadc9c1efa669379ea8121e0f9513f21afc9df53e7ecc0de28 |
| SHA512 | 9ebc17129d5d7841249e2cf180fe766941910cc8d893e4083ee16dea08ec7c29e8bcea33a79a7be32b85a55a565e941d5acad8f96cec11ed1ee798cef26d3c64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5220d5f9cb16ceacdd3e81e7b25a7b1b |
| SHA1 | 91f3c4bab343d8452861ee51fcf4e6a73caffeca |
| SHA256 | 9e2bb8d6575e6b1b6e97fb55b4cfd6e11fa2c9a970805b5310e181a78a767591 |
| SHA512 | 187011ded12ffc7e7419b70a8d5161f288b4ab7fe57c8dec47b564959586ea68aa2ea024c136fa4007efd46b24e85a1266be68d884c7f3dc5d797c9bcb78aafe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 511603b8dc8ce2a14a1dddd923cd07fc |
| SHA1 | 3a0de34d27197d185f8b5b07cae8e30770f0dc4d |
| SHA256 | d5f3891ca3a80134c138407ef80eb6bd4d3bb79cd78fa1eb852cd21d7eda45e6 |
| SHA512 | 3a24a9da135f5be871029e655d1a17742956b186f7b8eaa7dcd69ec13bdfafd60fe31ff00f73f277c484cafc5cca698e7975ce5f2bb4046f3cfaa9bddc49f429 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9db1cc1a7ab32d8b9b266257ab8bd49 |
| SHA1 | 6a5f6a45989523b9245ddee8125ede2d2bfd8e13 |
| SHA256 | 8e8daa87f402cf3b5fd5d8b8026db6f7b9620c76598d4977d530dfd7a29d5821 |
| SHA512 | e8b4ea46ef4f09f195404f094369e216b144ac9f53c7a360b690d5ff4785e28788b7181324704778fc596c5ee646dc94eb987dd2e6f414d70beee194cd7c3a04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a5c9afd362be018d544cd4f8bdbc690 |
| SHA1 | 90e353dd116210eafd345f307a11ba5a4de4adc2 |
| SHA256 | fdf0351f3b601a503bf05cd8179b520087b6e2998548bb27b36eaf03a58c170d |
| SHA512 | 8b7e3f9911bcbdfa1ace29f87a8620030649e0040d4754adaccd1a07512dd54439bae4ffc1f69bc767fb2cb34f1eff9771424606cace5cd1b8782a32c8b7b434 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e8aa5dd6025ba55c9dd78fbb3b84bc83 |
| SHA1 | 467e526ed41d76bbaa7fe5e8723208971c9d435b |
| SHA256 | 00addb4989e816863428a48981285f7ea91d36b306f08e6174691381c085d0b4 |
| SHA512 | 5f90b73b8789689fc242a6565ca260193435bc5bc900335032d68bd72993b6edd84d03d8e42ce9bc3b99b21b1c3e6e7b09c83e580be46e8eb5636cb088722dd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f13aa66039e5d44da317bbcbc7d1bbc |
| SHA1 | 19014a19859b3fcf1e5326de0582ec7be97015aa |
| SHA256 | a5c3b67fa6acd2fec6ab7baebe529d68d689766133e9d5a92d93aa65b0b7aa45 |
| SHA512 | 7f560f324e3a499f3d56f49f79f6bff3f2a83fb57dcc28704b38e5b05a8b9183da63a58787e43c7cc00549f6a0c82a3eb5cc1eb4c143c46dab3842dfc4a86dbf |
memory/2036-725-0x00000000005D0000-0x00000000016D6000-memory.dmp
memory/2036-726-0x00000000064D0000-0x00000000064D8000-memory.dmp
memory/2036-727-0x0000000006520000-0x0000000006558000-memory.dmp
memory/2036-728-0x00000000064E0000-0x00000000064EE000-memory.dmp
memory/2036-729-0x0000000006710000-0x00000000067C0000-memory.dmp
memory/2036-730-0x0000000006B80000-0x0000000006BF6000-memory.dmp
memory/2036-733-0x0000000006B30000-0x0000000006B52000-memory.dmp
memory/2036-734-0x0000000006C00000-0x0000000006C1E000-memory.dmp
memory/2036-735-0x00000000070B0000-0x0000000007407000-memory.dmp
memory/2036-736-0x0000000007520000-0x00000000075BC000-memory.dmp
memory/2036-737-0x00000000087B0000-0x00000000087B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 02a4b762e84a74f9ee8a7d8ddd34fedb |
| SHA1 | 4a870e3bd7fd56235062789d780610f95e3b8785 |
| SHA256 | 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da |
| SHA512 | 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f |
memory/2036-749-0x000000000DA50000-0x000000000DAE2000-memory.dmp
memory/2036-748-0x000000000FFC0000-0x0000000010566000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 826c7cac03e3ae47bfe2a7e50281605e |
| SHA1 | 100fbea3e078edec43db48c3312fbbf83f11fca0 |
| SHA256 | 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab |
| SHA512 | a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a60cf7a127f461320436d22049e9ca8 |
| SHA1 | e66431e11480011484f168977422b75f6d8f1083 |
| SHA256 | a805017d5c844c9f409d254af47d36a5055d54af64241bd062a924001b82c532 |
| SHA512 | bbd326e11e7aa8d6117183549a94adb2b365d478360c332d354480ce20f5f7c79bee001907bfef5a9b505de322c5be490f0c46958da1404fa7c945e19f8d782f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bbd59cf00bd9d7b6432b0e403974a463 |
| SHA1 | a836bd21e0cb43fc1b1743dc58f3e4e507d7e3b1 |
| SHA256 | 56d2d4a116ea2dd97f66dfebb0c6bea26241facdd4c3db5c08449ad3f294d546 |
| SHA512 | f30eec02a24c66d15c9b4396e4a8a4158369021450ab5e317c95ba17438fcff9dcb6ca8410a893055f4655301fdbbc3bad53698b842f99a17fa622301af98929 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c79d128d09a051a46a6ef39efd412c8f |
| SHA1 | a8ce55a87aa534757fe2bc8ad50d97828e1e3c61 |
| SHA256 | cbddd96c4199c29711211c3bd561f5376ede297140d0dd6d971d81c4b9fcabec |
| SHA512 | 2d233b227198a51604bbb8f28e390e0e784bae473e05c580d2dc64bd9bb0c2bce38902497e5ea49a1bf92152cd122e8c2e843a18e552f976034b63b1ffb2ce5f |
memory/2036-835-0x000000000E190000-0x000000000E318000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec9614a74091c12b90ff0f6a2136ce47 |
| SHA1 | c132e27fe009e27dab7c860688040383b8ae057a |
| SHA256 | e524587d64de0e5dec891481f2b1238f556dac8bf254ad05306e3140883e5aa6 |
| SHA512 | 98e5e412c306abab7c206d957e7c4fcb17371b350a67d3249c8f732da60bdcb70eb2c6857dec57cd2cf51410b1a7dd7436993e1f399164d46a31eaf016016cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f94ac3e1e8463c681a8cb6ab12b1307 |
| SHA1 | 6e464e2ad3b21b88be9a6e7ac8631f34524c26e9 |
| SHA256 | a5b29d042944ce1d64773ac2f56949989b5964f6d95f76b1536375563ec2eecd |
| SHA512 | 563e5a98d52b035918163091e019b1846a39860dc8871261519e4af74535220bc79ac315a916c28418e7bd19a72aa4aef192bf0ab8168409faa81271d2aeb9eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2c1b462a-5d57-4ba1-aa2e-1ccbabcdbf5f.tmp
| MD5 | 62424baf6d7fd2c249d13b5fa507425a |
| SHA1 | e4dbccf76e980eab460f4c10bfa31671b23f5a54 |
| SHA256 | 396b0ba91d3284f012c63034b26be9451b167a4399b9706a330485854815f35f |
| SHA512 | 0ca1744ce0075b94009832a3b231abacd57a3c63d2bc7314edda76111b20efc037ae8a46c50a0358b0fc3bac309c3d87183a135c049df39e12257bbd1bbdb4b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | abb742b66aa6a1603a1b30de1d8e717b |
| SHA1 | 48aca798f0c65dd33e8c5f8efd65185ddc68a166 |
| SHA256 | f5b081c8ca7975d4f8f8713b940d10cfb6f340e0c85125d1376cb703c577f542 |
| SHA512 | 155e5ae628f3f2408ebc478da3f032b8352f40c36be4057b9401b2bb43e0fb3a7923c8c7051ed108356dce54a23e24efe1ce2fc1352b6b7693c069e19ecae798 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e64b3c7336f9dde3bce708be69c680a5 |
| SHA1 | 7173d5de4c26dd95e99e75c64e97312f1644c33b |
| SHA256 | abc994d24cbc6510a200d019f77dc084ee46931998e45ce04853b702151e93d0 |
| SHA512 | a4a5278d1584ee78d6085738ddc04eb2c0f4fa4c0330e5e788eab84969de3ae264d3341824da4da943b27e8c0f958805577b4e1f577b99728b834dbc9be881bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4be89b1d7f0386ac025b3ac476a30397 |
| SHA1 | 3975428a95e1617991f56b8bab5fc5f1d62eb73b |
| SHA256 | aed3ce629a2e853daa0abbae4b3439d4a70ca357e89e7dfd65a560211c78c49c |
| SHA512 | e1a110938eb3f58ff5632979e4261a99232154cb6a2bf44effca30c8bb9e3074e7facc035767efb85298436f96897f7b437eadc7514cb9b8af782c8ff4b4a507 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ac6201b0a20123da9ca61bc8e80149a |
| SHA1 | f774a5de649fd5711ca0c099a772b8e48fb278f6 |
| SHA256 | 008c14694cc813fe3da4fe66ae014adf91ca0e358d487bc62a7a5a2187b9f275 |
| SHA512 | 241e79a7a5a67222af7ec4318bfde42edace847a9c8dfd8fde55eb8f88d75c14f62860a8ccb3b0632b27976fe8da9c43eb988f5a6928c1a3552171f6900403d1 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | ce1600c3888d89162c8032344ab20842 |
| SHA1 | 45b3b3e3364a976862b02dc3d2f68a672326ca77 |
| SHA256 | bd0c29fc13c6b6af79cb8da57bb87d7ea0140609b9364a3771ed85a6961f99e1 |
| SHA512 | 78b49956f0fe18e5511bee752b521c4806af39fb43ba0232d11fa1724b6eaa8863658f123b09bb8b07ffe2f5375f37302092681f02a1e896e1af9182dffe3cbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2059a44baaa9a3dd97e1382833922194 |
| SHA1 | 043deb7b2b39ffd3b49e6f196fcfc338e41065d6 |
| SHA256 | 3fa66e4332ac0c3aa558b6c3f8e567ff57ac12d8bd6bf52afcfb4ee84d823c64 |
| SHA512 | 1b5029cd6268a559e8604f7509824b1823df52b0dfe25a9466df950aca3fac459447dc282851705b50705e0e0102afc7d44cbf0264cda968cc482db1b920daf8 |