Analysis Overview
Threat Level: Likely malicious
The file https://filedm.com/8jA2z was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Manipulates Digital Signatures
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks installed software on the system
Enumerates connected drives
Network Share Discovery
Password Policy Discovery
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Modifies system certificate store
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy WMI provider
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 23:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 23:07
Reported
2024-11-08 23:25
Platform
win10ltsc2021-20241023-en
Max time kernel
1042s
Max time network
1040s
Command Line
Signatures
Downloads MZ/PE file
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wintrust.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
Network Share Discovery
Password Policy Discovery
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\kbdusx.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\makecab.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mfcm120.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msalacdecoder.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tapisrv.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cewmdm.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\d3d10_1core.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gamechattranscription.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\iaspolcy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdtuq.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.graphics.printing.3d.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\applockercsp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\desktopshellappstatecontract.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\migration\sxsmigplugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ntprint.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wscapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dcomp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\d3dscache.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fxsapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdcr.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdne.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mssign32.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\negoexts.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlsdata000a.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File created | C:\Windows\system32\pmls64.dll | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\smartcardcredentialprovider.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.networking.vpn.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wpdshext.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\nlsdata0010.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Dism\sysprepprovider.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_ccad14ca37132a1e\storfwupdate.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\InstallShield\setupdir\0007\_setup.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wsmres.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\acwow64.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uxlibres.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\webcamui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\gameux.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_fa52d0c0fe17b959\rdcameradriver.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdaze.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdntl.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdukx.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mprmsg.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msafd.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.applicationmodel.store.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dot3dlg.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\winrsmgr.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\winsyncproviders.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.applicationmodel.store.preview.dosettings.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fdbthproxy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdtaile.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\keyboardfiltercore.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ondemandbrokerclient.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\profext.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\searchprotocolhost.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\IME\SHARED\imetip.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\atlthunk.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\clipc.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ir32_32original.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdgeooa.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\robocopy.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cfmifsproxy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\downlevel\api-ms-win-security-lsalookup-l2-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\presentationframework.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\uiautomationclient.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\reachframework.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\microsoft.mashup.document.xmlserializers.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\system.xaml.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\net.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\msvcp120.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\system.identitymodel.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\microsoft.build.engine.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\system.workflow.componentmodel.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\wmfclearkey.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.sv-se.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mip_core.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\stslist.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Dprt\microsoft.ceres.docparsing.formathandlers.pptx.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\reachframework.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Dprt\mimekitlite.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\system.windows.forms.primitives.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\omraut.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\system.data.services.design.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\microsoft.office.interop.outlook.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_bg.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\system.web.entity.design.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\msb1xtor.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\databasecompare.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\reachframework.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\system.windows.controls.ribbon.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\mavinject32.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\presentationui.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_kn.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\microsoft.hostintegration.connectors.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\sensemirror.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File created | C:\Program Files (x86)\PremierOpinion\pmropn.exe | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\system.web.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.xml.readerwriter.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Defender\eppmanifest.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\system.xaml.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\rtc.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\system.web.entity.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.linq.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\microsoftedgeupdatebroker.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\system.data.linq.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\uiautomationclientsideproviders.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\Classification\mswb7001e.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\mraut.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\uiautomationclient.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msocr.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.drawing.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\bin\jdb.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_quz.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.19041.4355_none_c4a8103aa8bb56d8\f\licensingdiagspp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_ppi-ppiskype-c-a_31bf3856ad364e35_10.0.19041.3636_none_e69f3bd188919f86\f\msoidclim.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-winsetupui_31bf3856ad364e35_10.0.19041.746_none_3d057843247a13ec\f\winsetupui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-atl_31bf3856ad364e35_10.0.19041.3636_none_2a0c80dc4367a318\atl.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-twinui_31bf3856ad364e35_10.0.19041.4474_none_f2ad893ca3025732\r\twinui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\system.design.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.1237_none_4b16fb7fab206eb1\r\printui.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-s..ity-netlogon-netapi_31bf3856ad364e35_10.0.19041.610_none_bb9e4c20e9170a1d\r\logoncli.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-chsime-binaries_31bf3856ad364e35_10.0.19041.4474_none_f0378a287dbb751a\f\chsem.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-c..services-certca-dll_31bf3856ad364e35_10.0.19041.3636_none_82daaf76d3c3469e\f\certca.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.4355_none_bd2272dfb5942812\r\scrrun.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui-comuid_31bf3856ad364e35_10.0.19041.3636_none_621f8f184f0db1d1\comuid.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-runtime-tm_31bf3856ad364e35_10.0.19041.1_none_4f899ba5ba1d68fd\msdtctm.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-video-tvvideocontrol_31bf3856ad364e35_10.0.19041.3636_none_6d9c8b756cce3f01\msvidctl.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_multimedia-voiceactivationmanager_31bf3856ad364e35_10.0.19041.4355_none_55eaf32578a75129\r\voiceactivationmanager.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.windows.d..iagreport.resources_31bf3856ad364e35_10.0.19041.1_it-it_c9a3f218a72e7163\microsoft.windows.diagnosis.commands.updatediagreport.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.4355_none_6ac5affcd954693b\r\mccsengineshared.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-w..tion-wiatwaincompat_31bf3856ad364e35_10.0.19041.264_none_38c68dc04ed236b0\wiadss.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_eb6597ac99d11603\r\audioendpointbuilder.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-t..platform-comruntime_31bf3856ad364e35_10.0.19041.3636_none_3f281e9cec63d609\f\inkdiv.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.19041.3636_none_992c9ec89bce0c72\r\wscapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\x86_dual_ntprint.inf_31bf3856ad364e35_10.0.19041.906_none_6723a46eefe53392\r\I386\ps5ui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-d..b-standardcollector_31bf3856ad364e35_10.0.19041.4355_none_a5fc4f6628b020f3\f\kerneltracecontrol.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\wow64_microsoft-windows-wmi-view-provider_31bf3856ad364e35_10.0.19041.4355_none_d55d52be4fa8a0fd\f\viewprov.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.19041.3636_zh-tw_20dbc741851f2736\f\microsoft.storagemigration.commands.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-d..ommandline-repadmin_31bf3856ad364e35_10.0.19041.1_none_b6b53473f278f7cc\repadmin.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_10.0.19041.3636_none_a74c0611816d1b51\portabledevicewiacompat.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-a..ncredentialprovider_31bf3856ad364e35_10.0.19041.1202_none_dfbb9429d8183336\facecredentialprovider.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_10.0.19041.1081_none_8f1e438c6737a711\r\wscproxystub.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-m..console-nodemanager_31bf3856ad364e35_10.0.19041.3636_none_ff1bfe6d0abd8851\f\mmcndmgr.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-usermodensi_31bf3856ad364e35_10.0.19041.3636_none_f14e63f5b12916d3\winnsi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.19041.1202_none_cd68049c9076546f\f\mighost.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-perceptionapi-stub_31bf3856ad364e35_10.0.19041.1023_none_f01fe2bd09cb41aa\r\windows.perception.stub.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.19041.1_none_23bb28d0952bcec8\rdpsaproxy.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-network-qos-pacer_31bf3856ad364e35_10.0.19041.3636_none_61a03e172ceea000\f\wshqos.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-wia-automation_31bf3856ad364e35_10.0.19041.4355_none_7a2c73aa7918978e\r\wiaaut.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.hyperv.powershell.resources_31bf3856ad364e35_10.0.19041.388_en-us_dc185f8f79b9bb03\f\microsoft.hyperv.powershell.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1041\microsoft.visualbasic.activities.compilerui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-s..ddriverprovider-dll_31bf3856ad364e35_10.0.19041.1110_none_e75d71f769f6f55b\r\signdrv.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.19041.1_none_e80cafad6623705f\proquota.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\system.appcontext.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-d..rtcards-phone-winrt_31bf3856ad364e35_10.0.19041.4355_none_d6b844af5b5a5733\f\windows.devices.smartcards.phone.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-i..on-aad-wamextension_31bf3856ad364e35_10.0.19041.1151_none_de426c505bd0f24f\r\aadwamextension.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.19041.3636_none_f9aa3bcc8e7d4381\r\printdialog.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-opengl_31bf3856ad364e35_10.0.19041.1081_none_8df7863e72e7400c\f\glu32.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_localuserimageprovider_31bf3856ad364e35_10.0.19041.4355_none_4b4418bbe0125286\r\microsoft.localuserimageprovider.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.19041.746_none_0119299746221375\r\xbox.tcui.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-dskquoui_31bf3856ad364e35_10.0.19041.4355_none_f2e89996698f475e\dskquoui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-ime-korean-commonapi_31bf3856ad364e35_10.0.19041.844_none_b78eaf7eaa01dcca\imkrapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\finger.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-onecoreuap-wlansvc_31bf3856ad364e35_10.0.19041.4355_none_c1ee8421dbecf85c\r\wfdprov.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.19041.1202_none_497a4c9b969ee5eb\r\wsmanhttpconfig.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-hello-face_31bf3856ad364e35_10.0.19041.3636_none_75e45d5ce800fafc\f\facerecognitionsensoradaptervsmsecure.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-c..esources-mrmindexer_31bf3856ad364e35_10.0.19041.746_none_46afd7212e24de92\f\mrmindexer.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_windows.networking.vpn_31bf3856ad364e35_10.0.19041.4355_none_abae3c27d5ab2ae4\r\cmintegrator.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.19041.1_none_5f3561098cddf682\sxsoaps.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.windows.d..perlicense.commands_31bf3856ad364e35_10.0.19041.1_none_b0c9ac3ce15e1f45\microsoft.windows.developerlicense.commands.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\wow64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.19041.4474_none_0a61cfd89f99f5bc\f\iertutil.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-mitigation-client_31bf3856ad364e35_10.0.19041.1081_none_e15c172231b1940f\mitigationclient.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_10.0.19041.1_it-it_13a9d0fbc172843a\microsoft.windows.diagnosis.troubleshootingpack.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.19041.1_none_f2fa56e679b879d1\icacls.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr\system.web.dynamicdata.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-i..al-people-relevance_31bf3856ad364e35_10.0.19041.4355_none_cf40c04afb55665c\windowsinternal.people.relevance.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-wlan-dialog_31bf3856ad364e35_10.0.19041.746_none_f7fc6a3480d4f2d5\f\wlandlg.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\PREMIE~1\pmropn32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755810053277758" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 19000000010000001000000012cab0233db2f09a0336851de92237df0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 5c000000010000000400000000080000140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c7619000000010000001000000012cab0233db2f09a0336851de92237df2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a58102000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 405266.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://filedm.com/8jA2z
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbf5e046f8,0x7ffbf5e04708,0x7ffbf5e04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff721e25460,0x7ff721e25470,0x7ff721e25480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe
"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe"
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe --silent --allusers=0 --server-tracking-blob=ZWYyMmVkODZjYTBjMTdiMmEwMTFkNzZlYTYwNzdmNWMwNzRmMDdlMWFiZDBlZTMxYzUyOTE5NjRhYjBiOTUwZDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1iNmZkNzU0MTFiODg0NjI5YTBhMjQ0NjNlMTdiOWY2ZiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzExMDczMTYuODE0MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiYjZmZDc1NDExYjg4NDYyOWEwYTI0NDYzZTE3YjlmNmYiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiIwZDVlYjdlOS1hMDQ3LTRlZDctYTU5Yi0xNTNlOGFlNGJjZGUifQ==
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x30c,0x33c,0x340,0x338,0x344,0x70e68c5c,0x70e68c68,0x70e68c74
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5240 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241108230844" --session-guid=04151f13-ca1a-4713-89be-b4286f33b8eb --server-tracking-blob=NGEyMGJhZmJlZTZiNDhkNGY3OGQzNGMyZmQ1NGI3YWRhOGRjNTkzZTM2NGRiMGMyMjMzMWJhMjRjYjljNjFkMTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD1iNmZkNzU0MTFiODg0NjI5YTBhMjQ0NjNlMTdiOWY2ZiZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTEwNzMxNi44MTQyIiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiJiNmZkNzU0MTFiODg0NjI5YTBhMjQ0NjNlMTdiOWY2ZiIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjBkNWViN2U5LWEwNDctNGVkNy1hNTliLTE1M2U4YWU0YmNkZSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2806000000000000
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x32c,0x330,0x334,0x304,0x338,0x70048c5c,0x70048c68,0x70048c74
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\7a0b5c6cac6e4c92a1bc5d785ff1c2fc /t 5608 /p 5604
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe
"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x694f48,0x694f58,0x694f64
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\3562676530c44e769d16b0f749a695e7 /t 2716 /p 5972
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:hbpOU_c04U48uuQsyKPOPN -o:0
C:\Program Files (x86)\PremierOpinion\pmservice.exe
"C:\Program Files (x86)\PremierOpinion\pmservice.exe" /service
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\pmls64.dll,UpdateProcess 1292
C:\Windows\SysWOW64\reg.exe
reg.exe EXPORT "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" C:\PROGRA~2\PREMIE~1\RData.reg /y
\??\c:\program files (x86)\premieropinion\pmropn.exe
"c:\program files (x86)\premieropinion\pmropn.exe" -boot
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffbe2f0cc40,0x7ffbe2f0cc4c,0x7ffbe2f0cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4380,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5420,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5584,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5596 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3968120248205444355,13562626829786216699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\How To use Evon.txt
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
/C C:\PROGRA~2\PREMIE~1\pmropn32.exe 3724
C:\Windows\SysWOW64\cmd.exe
/C C:\PROGRA~2\PREMIE~1\pmropn64.exe 3724
C:\PROGRA~2\PREMIE~1\pmropn32.exe
C:\PROGRA~2\PREMIE~1\pmropn32.exe 3724
C:\PROGRA~2\PREMIE~1\pmropn64.exe
C:\PROGRA~2\PREMIE~1\pmropn64.exe 3724
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -s
\??\c:\program files (x86)\premieropinion\pmropn.exe
"c:\program files (x86)\premieropinion\pmropn.exe" -updateapps
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=e2a4f912-2574-4a75-9bb0-0d023378592b_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=f46d4000-fd22-4db4-ac8e-4e1ddde828fe_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.aad.brokerplugin_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.accountscontrol_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.asynctextservice_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.bioenrollment_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.creddialoghost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.ecapp_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.lockapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.microsoftedge.stable_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.win32webviewhost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.apprep.chxapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.callingshellapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.capturepicker_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.cloudexperiencehost_cw5n1h2txyewy
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5200,i,11371200937158406170,13002522692090489556,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5180 /prefetch:1
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.contentdeliverymanager_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.narratorquickstart_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.parentalcontrols_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.peopleexperiencehost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.search_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.sechealthui_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.shellexperiencehost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.xgpuejectdialog_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.xboxgamecallableui_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.client.cbs_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.undockeddevkit_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=ncsiuwpapp_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=windows.cbspreview_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=windows.printdialog_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=windows_ie_ac_001
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -s
\??\c:\program files (x86)\premieropinion\pmropn.exe
"c:\program files (x86)\premieropinion\pmropn.exe" -installmenu:PremierOpinion -v:NONE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-AppxPackage
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | getfilenow.com | udp |
| US | 104.21.65.91:443 | getfilenow.com | tcp |
| US | 104.21.65.91:443 | getfilenow.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 91.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 172.67.195.231:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| FR | 52.222.201.113:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 113.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | post.securestudies.com | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 154.200.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.193.84.52.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.78.193.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 192.8.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.103.156.88:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.216.20:443 | autoupdate.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| US | 8.8.8.8:53 | 20.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| NL | 185.26.182.94:443 | features.opera-api2.com | tcp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 94.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.24.18.104.in-addr.arpa | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| FR | 52.222.201.113:443 | dpd.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:51405 | tcp | |
| N/A | 127.0.0.1:51409 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:51412 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rules.securestudies.com | udp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | www.premieropinion.com | udp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 8.8.8.8:53 | 26.58.120.207.in-addr.arpa | udp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:51490 | tcp | |
| N/A | 127.0.0.1:51519 | tcp | |
| US | 8.8.8.8:53 | 250.78.193.165.in-addr.arpa | udp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| N/A | 127.0.0.1:51539 | tcp | |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.googleapis.com | tcp |
| N/A | 127.0.0.1:51568 | tcp | |
| N/A | 127.0.0.1:51576 | tcp | |
| N/A | 127.0.0.1:51594 | tcp | |
| N/A | 127.0.0.1:51613 | tcp | |
| N/A | 127.0.0.1:51619 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:51624 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 127.0.0.1:51628 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51633 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 127.0.0.1:51640 | tcp | |
| N/A | 127.0.0.1:51655 | tcp | |
| US | 8.8.8.8:53 | oss-survey.securestudies.com | udp |
| US | 165.193.78.210:443 | oss-survey.securestudies.com | tcp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:51659 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | 210.78.193.165.in-addr.arpa | udp |
| N/A | 127.0.0.1:51663 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51667 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51676 | tcp | |
| N/A | 127.0.0.1:51682 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51690 | tcp | |
| N/A | 127.0.0.1:51695 | tcp | |
| N/A | 127.0.0.1:51699 | tcp | |
| N/A | 127.0.0.1:51703 | tcp | |
| N/A | 127.0.0.1:51708 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51713 | tcp | |
| N/A | 127.0.0.1:51717 | tcp | |
| N/A | 127.0.0.1:51721 | tcp | |
| N/A | 127.0.0.1:51730 | tcp | |
| N/A | 127.0.0.1:51739 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51748 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51752 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51756 | tcp | |
| N/A | 127.0.0.1:51761 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51765 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51769 | tcp | |
| N/A | 127.0.0.1:51777 | tcp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 216.58.201.110:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 54.157.53.39:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:51965 | tcp | |
| US | 8.8.8.8:53 | 39.53.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51970 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51973 | tcp | |
| N/A | 127.0.0.1:51976 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:55934 | tcp | |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:55942 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| US | 165.193.78.210:443 | oss-survey.securestudies.com | tcp |
| N/A | 127.0.0.1:55947 | tcp | |
| N/A | 127.0.0.1:55950 | tcp | |
| N/A | 127.0.0.1:55955 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:55959 | tcp | |
| N/A | 127.0.0.1:55963 | tcp | |
| N/A | 127.0.0.1:55967 | tcp | |
| N/A | 127.0.0.1:55971 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:55976 | tcp | |
| N/A | 127.0.0.1:55981 | tcp | |
| N/A | 127.0.0.1:55985 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:55989 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:55992 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:55995 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56000 | tcp | |
| N/A | 127.0.0.1:56004 | tcp | |
| N/A | 127.0.0.1:56008 | tcp | |
| N/A | 127.0.0.1:56012 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56016 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56020 | tcp | |
| N/A | 127.0.0.1:56028 | tcp | |
| N/A | 127.0.0.1:56032 | tcp | |
| N/A | 127.0.0.1:56035 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56040 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56044 | tcp | |
| N/A | 127.0.0.1:56047 | tcp | |
| N/A | 127.0.0.1:56052 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56056 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56061 | tcp | |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.26:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:56065 | tcp | |
| N/A | 127.0.0.1:56069 | tcp | |
| US | 8.8.8.8:53 | hawk.securestudies.com | udp |
| US | 44.196.233.144:444 | hawk.securestudies.com | tcp |
| N/A | 127.0.0.1:56073 | tcp | |
| N/A | 127.0.0.1:56117 | tcp | |
| US | 44.196.233.144:444 | hawk.securestudies.com | tcp |
| N/A | 10.127.0.1:80 | tcp | |
| US | 44.196.233.144:443 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:443 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:444 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:444 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:444 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:444 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:443 | hawk.securestudies.com | tcp |
| US | 44.196.233.144:443 | hawk.securestudies.com | tcp |
| US | 8.8.8.8:53 | hawk.securestudies.com | udp |
| US | 44.213.167.192:443 | hawk.securestudies.com | tcp |
| US | 44.213.167.192:443 | hawk.securestudies.com | tcp |
| US | 8.8.8.8:53 | 192.167.213.44.in-addr.arpa | udp |
| US | 44.213.167.192:444 | hawk.securestudies.com | tcp |
| US | 44.213.167.192:444 | hawk.securestudies.com | tcp |
| N/A | 127.0.0.1:56154 | tcp | |
| N/A | 127.0.0.1:56157 | tcp | |
| N/A | 127.0.0.1:56160 | tcp | |
| N/A | 127.0.0.1:56163 | tcp | |
| N/A | 127.0.0.1:56192 | tcp | |
| N/A | 127.0.0.1:56195 | tcp | |
| N/A | 127.0.0.1:56198 | tcp | |
| N/A | 127.0.0.1:56201 | tcp | |
| N/A | 127.0.0.1:56206 | tcp | |
| N/A | 127.0.0.1:56209 | tcp | |
| N/A | 127.0.0.1:56212 | tcp | |
| N/A | 127.0.0.1:56215 | tcp | |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 54.157.53.39:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:56259 | tcp | |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 54.157.53.39:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:56262 | tcp | |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 54.157.53.39:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:56265 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 32d05d01d96358f7d334df6dab8b12ed |
| SHA1 | 7b371e4797603b195a34721bb21f0e7f1e2929da |
| SHA256 | 287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e |
| SHA512 | e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c |
\??\pipe\LOCAL\crashpad_3684_FPZUFGDILPTDTFME
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b5fffb9ed7c2c7454da60348607ac641 |
| SHA1 | 8d1e01517d1f0532f0871025a38d78f4520b8ebc |
| SHA256 | c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73 |
| SHA512 | 9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3221f80cc48eed92c137093761fa3793 |
| SHA1 | ba7a95aff072d8058f0907b2a245a0e35a263a85 |
| SHA256 | 7ae3f4ba00dc672a83514c46e5ce8fda48ffc6c9edca3c198c19096f0e7d2ff0 |
| SHA512 | b065ff63bf6be5d77e5304cfbeaa9b307cbcf8107ae64eec02ab97f439e23618db5ac082f0fa081e824de1c1aef39fca1db5efcc21da090b6dfd290817bc50e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 6e466bd18b7f6077ca9f1d3c125ac5c2 |
| SHA1 | 32a4a64e853f294d98170b86bbace9669b58dfb8 |
| SHA256 | 74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc |
| SHA512 | 9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0414d1b3e78f94eb8fe90070e590e12b |
| SHA1 | 689d1a20b1d2b6e451535e2ff89752a0c34e570d |
| SHA256 | da222ba4b73f3e020d39e42acf64455007094a34bffff88a3a16f8e22f647fc8 |
| SHA512 | 66c2438e805076d13b3a7250db6c9d47c95f8dc28157518fefb99c1a5ae8df4e377649e5bb2de2efaa3595feb99996f768378be449cc5744f3283423913731b9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | d469f11171737acef3e46f8bcd4ca33e |
| SHA1 | 984647e7b7de65df51d3152d19e1ff374de9596d |
| SHA256 | 7e4d155e404efc24bb9229bea5da49fa6876986817417b66130ca58848a962ae |
| SHA512 | dfcc96475098091eab99bca4aa97ebde1e2064f549f4c9a04fae5650189ef93bb6d90a950758d47e0ea854565173b5e455ac9f6f467ba9d7036454feb89db4d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5448cdd6aecd25286c2c9c1ebddad615 |
| SHA1 | 7ab1ca479a8b3e1a149529eb051c61c6a4cbef7e |
| SHA256 | 49dcf2a94972e5263b54915be2ca860c8a4028c4ceddfa917d0b4322bfa11f26 |
| SHA512 | 99b2cbcc952525269f33cb9672e104f5555130e22faae2cb43bfc551b0e842ae0dc586c1a2ce6b8c4b082cf61ccc25578798e17a9b97c6a8dd7f212c861c8500 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34f687377b19cc9a6b1c19754e922322 |
| SHA1 | a0bdb6dc77ef0111ffc2d373bbc8834165649b28 |
| SHA256 | b4381dc19e93277dd849812dd0db7a39bd94b1a20bec9f107192a1db1438add8 |
| SHA512 | 8a53246818fbb94d7f7691ecbc0233b38bf6dda6cbf9627c64863cb18597319f02bb1d771ebf48e30dad8ce7679652503b10243b4668887274682df82e15da72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ac2b76299740efc6ea9da792f8863779 |
| SHA1 | 06ad901d98134e52218f6714075d5d76418aa7f5 |
| SHA256 | cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199 |
| SHA512 | eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77 |
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_10728997.exe
| MD5 | 15d1c495ff66bf7cea8a6d14bfdf0a20 |
| SHA1 | 942814521fa406a225522f208ac67f90dbde0ae7 |
| SHA256 | 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42 |
| SHA512 | 063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f94d82d8f2a27e180699536f8c0edf8 |
| SHA1 | 6c252f75be2f7c05df394b06aeda585ead758f5e |
| SHA256 | 1f77fa4dc28b08420341937bab05b8d35e5af18bd8176759822bf50e78aaf209 |
| SHA512 | 62dee6802526ceaeaa481f7bb19189772b4b474a06633fbad454ed2f57819767c53954c4bce1f8eb2477182416f9ac9c1a2d07d4899716f5e0ffeaac925f6961 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5fbe3dad6588fc0ed4c7c8631db3ab4 |
| SHA1 | 836a81b3aedee61a4d0b3d3f9f5ed77e5e07c3df |
| SHA256 | 505393e7bacf76c7e4bf748397589d6921e267242791b81c5608caafacdb60bb |
| SHA512 | 942bc3a5e7bbfd5611610fcbc2a43eecd1d68f3a0f57505799b7ae8fee7fa3c36c9688e31f701022544cf3b50fa742e9ff4966ac8bad08c1ede8f044d39dfe9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f174cb6407533df137653046386bd7f3 |
| SHA1 | 81b697018884156b254e7fa28bfacd43ec9431a1 |
| SHA256 | 465c2d3db358a7697d7e54a96a83eb3c6ef1eed755ffb95a5874954689f55253 |
| SHA512 | 1d554c9acb20941d88658f16e722f5808783557c6982489067e24aea749e8563c271125d6b07cbba5ec78383e0f81b6390d97c6d310759e362c5bb0e2851d9f7 |
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | 4909165d9cfe09f897db7acb860beff5 |
| SHA1 | 6e5284f5f2760bd7ebb766cb19f9339ce2e71a58 |
| SHA256 | 7f512f778a463c2fc17872d11093d92e9aa903d55420efbf41c18187a2f62ad3 |
| SHA512 | 60512b7cd9ee54993f82ef91baeb8df05777ec508f4438c8809a9329a96a8474533e3c9a53a8cd081743d405ef36d194f4d49493ff898c6543c7f90fc4026326 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f58c7cca4e3c2dbc606dfffa8e08c3de |
| SHA1 | af4014b1962439042d23e6a56bb2e159eb4b797d |
| SHA256 | f09dc3ab730f9d3a1a68358405b652fe1dc42c184a70fd418722237e9a7e2686 |
| SHA512 | 89f71a955d469541a97c63f92c8089712d77d106702cf3c9ef6fa5d8637f2546699c488ce7b075deceacc19beebbe418f27d1afa48d8592e276042926c62297a |
C:\Users\Admin\AppData\Local\Temp\7zSC41C1728\setup.exe
| MD5 | dcc0d15e77a7872758e65deb0bfc6745 |
| SHA1 | 1efb89e143bf5edd34d46ae8370ecc13d4c3339f |
| SHA256 | 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64 |
| SHA512 | 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411082308439675240.dll
| MD5 | 1b07ce60bc1c77f0cadf13c2e62b1383 |
| SHA1 | ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d |
| SHA256 | e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f |
| SHA512 | 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 0a63266624899e0d0ad74ba6cedf94ea |
| SHA1 | 3722015c630dfa2a381c79949e330e9fd5f77cc5 |
| SHA256 | dddd12e273a2e1312610102253688a936f747a553c4212227355688377dc9277 |
| SHA512 | 674a5b48859a5775b3df6a644f32b6cfeb0ddc0f88eb0d4e496e6f2ccd64427d3b89db7549d0b1087882a348096a4c115bebc4fc675befee928f26820d5f4f6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | a0a80c3ca0bc0ea0d6f7c17a81b55b0a |
| SHA1 | a30fb6db5f489ee6215dc75a716ab6b3cc360b10 |
| SHA256 | d026f7967472084e8f26c07e216d38bf1d8596a389f5f6ac06bdbbf724d519c2 |
| SHA512 | 1689974f4c8dcd2b8e3f2f59b1c7e007418dcde5404c473dab08d15ff1f3af75501366de7d469026f2ed9a77829dc7becd24b091267cc2fffdcc85eb45b09bcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 515e8ff66cff03528774780cfabc3934 |
| SHA1 | 8a68b07cd14f7e7b132f92c5c775a41b1524b3c4 |
| SHA256 | 05bf50b77f362c22617da8ef72d21a3bdd73f5385c01158021ac7667b719e78d |
| SHA512 | 1fdf050203e82376cf7373956e7df8b9e4ab5b72d9bc17b9060f229bc5222d6a06b6f8a88db58e3b29c66fc6f57a081d061d3a5eab18f0102d81aca9e4bb804e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RBWLQV7R\geo[1].htm
| MD5 | 07e33330912a955172e2ca95d7851016 |
| SHA1 | 7dd7d1042dfb9dfc5e3247577262f0ce3ce135a9 |
| SHA256 | e0fdb959411dc284f2d7b009cf7fe6781c6ebd9d545cb458f336a107c86f52bb |
| SHA512 | 903b95fe85ef148dfe5c07d6a293ec4eb0485a93da3dd8c62276f8c961dfe03fe5655b15636428d9fe03e10c50f19be375ef4ba7a19050847560d427c2c82b11 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UZ39CBQ9\service[1].htm
| MD5 | 40a18b7f7d0ff313ba759cdd576ebc29 |
| SHA1 | f9b4e19755ded63c8917bdc361cb62e4ae5d2ca0 |
| SHA256 | b63b3956d5ca52540aab6fe0723d84d9310400d274d0b4efb461016952bf2c16 |
| SHA512 | 17b661b277c899eaf49d46598d403297240e8a6f2d0a421f464321793bafcc37daaf2c24495bff14d7ad83439fea0887652278ddc94375e6b320b4ef11da0567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\174A7705F9EB36DBEC7A426BB49E6993_6AE44E5AA6164155452A8CAFF25FFD1E
| MD5 | d83cff6b7b59ae3598c86a5738d03f5f |
| SHA1 | 5195dc0f258771b81bc036cfbebeebb2f3aa82e2 |
| SHA256 | a00bb459b1a5125c603648f494560d5387bcad7588119ac51c1a434dbc9a225c |
| SHA512 | 3de763f295e0616157817d6a5983e4940c36316d03a87fbb00b792b8f3c97e5d84920c9f5ce7d14c5ba08c93aa0492b34480d4c6586dbc701fe6a0604392ec8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\174A7705F9EB36DBEC7A426BB49E6993_6AE44E5AA6164155452A8CAFF25FFD1E
| MD5 | 18483c506cd3f87d51d0268be85c6ace |
| SHA1 | 4d8bd3f1ac9c5b1e0f4189b450ae7fa051243979 |
| SHA256 | 774c332eee1add50ca1278e06b5267b4cedbea2bb71fa298d3c0e776cfd8afec |
| SHA512 | d2717f0e98414f25bb2b83be4694ba0c3e4bf2940aaedaa986b3d9144539ef9f54d82000cc79816e264383b1289ef30ef64d1d5abf94d5aed1f1ffea1cb34c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 21b92bc3ccac781687465f6ce9a0011f |
| SHA1 | b3d65f1bd1943dd12384b3a263483942514d0ab2 |
| SHA256 | f81fdcb9cafeef40e896ecff1c4c5f07ece0f56c5abe737c91a2c31eb17ee485 |
| SHA512 | 4643f13de61e6d327cce508cb5e064ada8c5dc21e818e6cfcfa9cdc01a7a8997a9f24ae0a8c36989c028b26796ea636966cf01b8bd904285abb7fed9e4f56223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 04aa1b25f53682aa1f27b48d0115d3c5 |
| SHA1 | 20f5ab3031f8d17a834977341eb8d62576286625 |
| SHA256 | 0630fe3c74cf55473780bdcb0faa1f8c3c1be86375341d2fd143ee8722dcd663 |
| SHA512 | 7e1da3066e73145782a00fd77f3b6be1c494c7f866785995065348bd6a0cf6e263e2335b723158eeb1edfef3658ab1c980f7a6dd5830055fc37d4a1f72616c2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4ce880569c9b963c6b285b70c610c546 |
| SHA1 | a87a23f622e9ae746470550907b6ef331f5ba464 |
| SHA256 | f01a316408fc81af2635c220a31416a33110e64dc4a832ff5aac900799756b1e |
| SHA512 | f9c34f25508271ec7b58658b6ba4b84b512cd729a1c983d055a5563d8be874733ad86bb79f114e29900cb730de8157df18323122647896a437befc3c49d42350 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\683777F22CA5F117A17AED22F9EC628A_31A59FE3E1C95A9B7E3A97BFDB0F6EEE
| MD5 | f15adb91b466d74350975736e759311f |
| SHA1 | bf6e27fba9273db64488f509f2bf739476ad30d7 |
| SHA256 | 65f891dc47d26c937e9fa88f8ed815fe9275b0d92b77834a4e635f48797b696f |
| SHA512 | 0680d6fa2bd15edf8e214afd9ca2b0cd609a09f0e9f591b1c92921b0be8af4bdb2a301ac6c91eb75e4286be0115c9dda0d436e6ad9237d0a4e0d2b0732eae748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\683777F22CA5F117A17AED22F9EC628A_31A59FE3E1C95A9B7E3A97BFDB0F6EEE
| MD5 | 623c2ea2e22258c91ebd474aefec24ef |
| SHA1 | 15c9327f3c3bea4cc360f5a31417544098cf4fe9 |
| SHA256 | 209b5ee35da14ded78beefb6c7d7242aa6c07e0c7ecce56bbc1fd68f49b072b8 |
| SHA512 | d4fe53c30912328f2fc41e85402978c75321a622953ce6e288e4c85914490361fc40a96b49d781ebe69f34897a932d4499f7d0a5c5e7a71a8b90ad94a7856030 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0FLAO880\logo[1].png
| MD5 | 2d4e9e8198f0c3eade53c619cd1fe4ea |
| SHA1 | 80b29f8dd0c4951ce7cad0db1fad1d9fdb275fc9 |
| SHA256 | c97e703578120c1f7a570acac3b461178a5e051ce16be9e266c1789c1d610ac0 |
| SHA512 | afef06bfc6bf857a1b7966a04a8779aabf3e8a6d79b4c51867335190959acc469a4e1929b4c66430a3eece1aa5d1decddad005b326ec830c2b3a57179f3c626e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6EJS3C4Q\dpdv2[1].htm
| MD5 | fcbf2eabfc15730a7c441a01d4eae2de |
| SHA1 | 995991ddae2088f7791c894b8b600646af1af138 |
| SHA256 | df3b48bac33b50c5a36a9e7ed2b2f6bd09f82772558c4ba8c5a2067dc8162074 |
| SHA512 | eb32d2ccdc2c80fe3dc713a0fa59eafa1f823521aa2d49c1c8ef7a471965a8c892088b388cc883e5d376eab35d74ccea4ab7ef1790373beb4439c79581ea755d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | d524192b6683264adff2ce02d0e82b81 |
| SHA1 | 637ab2592d23a51d7a8908d861946da8026525d2 |
| SHA256 | 150efdb8fffab026ef9cf5d263f708eeb582c2f035b20a255e9d6f4b202950c3 |
| SHA512 | 2645fa319d6cf862162fad7ec027dbfd6040dec3528c5bf8cd2d1f242732027809b69ac6de5bdf47b38555158e174e14f1e12cef16107919627dd8dd5bbd60fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 22fca9cfcc5af78689b99c38d3bd50f6 |
| SHA1 | 70454d30c5479e75ed3b03f874a8e70f1cfaf0dc |
| SHA256 | 4a68ad323e844b41dbfbd5dbe48848335abcd9ab4a21c4dfd96bb124378923a4 |
| SHA512 | ffbef628d985376fe9633c13a9cb8b8dd5cacfe3f4cac2c4a63f03228e95d8de87bd275d3aa436c4022e1b79d5843d06887a4baa6392b84d918aca48ac0b5ef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | b72ff6e13e79d64bf24c1496ccc86e56 |
| SHA1 | f5f78c54935863c1a9e6ea4335744b2071d07e40 |
| SHA256 | 3286d9e0ed24911570d72a81283694e28186f6c18b6d691c86c039df0e3a5571 |
| SHA512 | 6e12c206ebcd74bdb68572795bedc9d7775b2f4b4e66c968006a1ad8b6f6a1920955844a42178ee137b02227c6b60d770b4e74cb4c4861134549da3f3aad69f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d95525f69c701c0a3a21c8309295d86e |
| SHA1 | cd4cec4d3ac56af1670a38171f3972561221f2a5 |
| SHA256 | af48317758755ea2f9184c67381aa5abf625aa33cc82fe7657f08c363d445813 |
| SHA512 | 8db4f4c0a2995f46835195e545e8ca0bfb12a41b856367772f4b61b8cb19df4dc4d756b2b39f7467ab51607e4548aecc8723b95c2ec51e0f32924c2f4b2e909c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | bc7a1e9e6639edc61db35d66a98e1f18 |
| SHA1 | c2b836cc38882393ecc6b644bf65e1b50aff2eb2 |
| SHA256 | 54a4efca8302df466e09f1b9ef0ba29354da670a02c9442a396a0b31420bfd97 |
| SHA512 | 1ba3eb29aadaa7c98482d0954e4c8290262019b4f382c94a86f2fd71d3ca24bf94a97feee8e86ed58d2ea9d64d60924fe7c65d4f7f090bb93966f26bf1a10967 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 71198a9c1cba2986ba8190f961fa70ae |
| SHA1 | 4811559ce1ec0548d851235c6776f53a32e23ac1 |
| SHA256 | 0e06d13135b17f442c4b195047040954c898245bc432d9c71d7a6a95d7e33268 |
| SHA512 | 4f745371a2ad380e29189108c752e4209f550b626b94658c124622a97c602494aa19f236537741453cf0933ce8fd23fe4deefb8cb18f4efe93867e592daba06a |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411082308441\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 1029ff83a0b1405d830447dd740b1026 |
| SHA1 | ac1dc91e40efb830c8d57bd7294f10867a1dc796 |
| SHA256 | 0aa3b6a4c65d1d8fed31f37c4e25593278535ad809e759fe52257441121e1a7e |
| SHA512 | 2d473917c02b8a39713b64d026160dee46fa9afbf8f267cabb5d87f4d795e4628aac34e8eea2d95e58dc6f19d517cf0c34de5cd4c184d2510c75b3b3253ff84a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 11ac7dd43740d11bfd283cae4f566b57 |
| SHA1 | 9c9be0c45d5d3d5e75e9ecde435093cfd68304c8 |
| SHA256 | 2c406d4d9ad8603606dd12a70c260e353bed90145775ad5755109b8e2d1cc0bc |
| SHA512 | 34d14f5717388aa158c026a6c399920b12196b2af2087de1ca3e735acf406dad0950fe6d252860506873d06ea009f11dcda5aa8ae51742b03d7cbece52202469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 301b55ffe86df1731e7807d71cddd9ae |
| SHA1 | b136dd925fc96f9838ee31eac3d0f131eaef7c27 |
| SHA256 | 0f6136dc95451c01d01506e8c9251cfcc700d071a06186fdacd5063bfa6e9b9d |
| SHA512 | b7892d7fc9a98158e9546624e20ceaa8ccb5ca6ac57733d3b0cd1e0f263227f7f1f5a3d0d7a57c486bcf4d021623a2666c1c0c29c65f6a3091244016faec82e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 7194820cc46c7516fb0c7b7c4fb99060 |
| SHA1 | f5f7a0000ed9f8a3fbfb01f55f2cb080b14a13bd |
| SHA256 | c7498628b06e8b53daac1f2fcff44b618e596a8803318ddb8fd14ea7cb5befdb |
| SHA512 | 6908548f7038790c2d651e61a68918a99132d7946003f2a3947f50b247f580d8f3973f098ddd49ffaa6bd9ed67a2069bf82921f19d460b636aa640f2847990a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | e86d393b69e7289f89d90f6c16d149de |
| SHA1 | 3d589886ff747eb2b44d69aac8521f5e9b430f58 |
| SHA256 | 1368237b5e212b310cdb7c6e383d6acff1a86f7b347891f64a666cb2d97bc021 |
| SHA512 | c0f435486637265b2c9cb833cff71387fa32ee39ae861d1a58cfaf5b227f5bf85ecb3e6ce4f950fdc16d6bd329a6b58f49631883f89ace5b9fa1f08c22283347 |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | f6dd4cc1b21bbad0d7b8f47db0c38388 |
| SHA1 | 8f9f6bc3a26143585b203feb9b1454d1191e78d4 |
| SHA256 | aa679f51259117fea9baa4fec16286c211087c2d177104b347f6f0fb6515ea87 |
| SHA512 | b65a9e333bc29c5481779f2b93982e99c041bdfbd4eaeac0eeb1ffbb9b5cd5e807ab98ecd5dd5798ac0884d2a3ac49be983e3cc97aa9c7bdc9672e1d1c3cb836 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588e12.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4570311e595895cd13b6b1c08378ba5c |
| SHA1 | bd1e177e893ac45b1cd68102cfc32cbea9117fa7 |
| SHA256 | ef96de6a22285475bccd4b5beb79f2905455d0c876d85d06ac5cbf1ca6146724 |
| SHA512 | 9ed4d83883d2de06518165f07d4a72b153222810cae4848f211a953407b4cd419c116be886e39053ae13b825d44434a8b461d317d909db1d676b3454ad78e71d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 975cc567ce39a7ebeab053b301bcfa08 |
| SHA1 | 84a426bb767249a49fa5b6f71f26ef488c94fb9f |
| SHA256 | ee61f7dea745704359bd36a660e80076a012210c5bf37784d450e95da9f89fdb |
| SHA512 | 964a1a74bf4ffdf966dec40efe23099a37fc05fcbad5a5fd39f0766ad3be26e68afebfc36da1989a0b69949e5a53cda3e72e751941dadce8907fd3d7bd10aef5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbf06263d92c2ed17949bfe3b692b2de |
| SHA1 | 8d9167c28575a8d514f71325d4dac6f1e71aff37 |
| SHA256 | 7d05e6b7b48f685b3e6f14a375e20bedaaea8353e926913f07ffc99d82d662c2 |
| SHA512 | 6a0453478704e662298b142240b8308c9e99a32ed3fd6a1634946ebe598c420508a555627c555c49207bc537a497811b8b3be1f96f7d2237685f8cb7db803957 |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | bf6eed6cdc17a0130189a33a55ef5209 |
| SHA1 | e337f5a0931f69c464f162385f1330b4d27b372f |
| SHA256 | ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168 |
| SHA512 | 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d |
C:\Users\Admin\AppData\Local\link.txt
| MD5 | ce0a312502066224ba84dca4ba7b9132 |
| SHA1 | 8b4b9ed966451188863515f8d4d587f46598f97e |
| SHA256 | 711ba30fcd74f65387889d555527f862e574aaefb0dd8947d9d92fa7b6695f66 |
| SHA512 | 2a9c864999cc27268b7641723366c8cdc58dd3a03c246206c333a34e7dc9bdd0d0a5c4dd86f61cf8198bb5c50ef8139b889b875157cf30e330a19df31aa995e8 |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmservice.exe
| MD5 | 4ef95918e313c7ca01084629416fc714 |
| SHA1 | 5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c |
| SHA256 | 303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9 |
| SHA512 | 75861731e9ec1a43741b2b84f60677e9fdf26d5db8d6e4e91297f826fc2c357272c18cede7f64c42798f5459900b33d693ababe4e1140e4cfc54ef7a04af633a |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmls.dll
| MD5 | 50a0c6c01cdc5d2690ccd1f1541f6670 |
| SHA1 | c5e017a468efb70eabb1f861784edac62acb0e17 |
| SHA256 | f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99 |
| SHA512 | 028d5a56c581d3751628c7503e83aa52c332678495943c3648049ae0b26a7190e98395ad205cf60896140d1a802c14a346a2d1553e7b53090c3f5beefd66e9b1 |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmls64.dll
| MD5 | aa56cb7fd83150c3a75cd6a0de97eb78 |
| SHA1 | 34415c5c8e57cfe9a7b4a498eacfe1403f3191ec |
| SHA256 | 034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765 |
| SHA512 | 765f12e5e060db934d0f4e8159bb9bd10cdbe797d79488a0dc88215a73e49101e279ca69e10c1775a5e161bb4dd02585724c7c87bbefdcdd047adb4277804fa2 |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmropn64.exe
| MD5 | ae5bbcc69b05359d0d5cc72ca6a1262e |
| SHA1 | 6843bd883d50216be44065411a983a4bcccdcc91 |
| SHA256 | 12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425 |
| SHA512 | 6417aaeb4ccd86504bc1f83e32c91a60920e98fff833c02fdbef974819a3288cab0c96d6b114ceed4432c305d49120cacbc7e0da69c911f4035aadfbec7a91de |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmropn32.exe
| MD5 | 6e4d6b68e9565c4cc7791b00c2094ff9 |
| SHA1 | 965a00a5a8bb05b35fbaa357951779ea3b71e392 |
| SHA256 | 65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483 |
| SHA512 | 0cb1396822c7350057cfc7280e1c67ccf1e1a2206347a10025e285f00e9364563685ba5282775960a9329511fd321a631222c87ae7ca8106eca00fb78722b20f |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmph.dll
| MD5 | 9d96ccb0d5ab5541b61d5c138d91796f |
| SHA1 | cf3ee3e66c8f9c23e3efd29978215461347e650d |
| SHA256 | 379a1f1f02c8cb704f248c2f1ff79c8986f73c350a3bf6d9bbc93aeacd286e36 |
| SHA512 | 69ca7d96896d872eefa63f0c0bd9613526a914e99c4cf12b5d221315277aa64894d99d0f5ce9c5e0ef640d61c9202cd3d51ddb2ab4c55f8fdf60d24a8c1ff6ac |
C:\Users\Admin\AppData\Local\Temp\~os7E7.tmp\pmropn.exe
| MD5 | f27f98c1a877f9ca6f06c23bed4014ca |
| SHA1 | 25a231319659c30d6f86a5c9cdd1747d7c471542 |
| SHA256 | 1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd |
| SHA512 | f054a618d2f8e7a829c26548312b436e21058ee1ff64b40e7c19be2bde037003c21332af3c60e2fd92675af80526ef6faf84b8c1d7a095bb2c4d0b799e66599c |
memory/3800-596-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-598-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-597-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-603-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-608-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-607-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-606-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-605-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-604-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/3800-602-0x00000000060F0000-0x00000000060F1000-memory.dmp
memory/400-624-0x00007FFC03C00000-0x00007FFC03CBD000-memory.dmp
memory/400-626-0x00007FFC04970000-0x00007FFC049DB000-memory.dmp
memory/400-627-0x00007FFBF7050000-0x00007FFBF7526000-memory.dmp
memory/400-630-0x00007FFC02D50000-0x00007FFC02D82000-memory.dmp
memory/400-631-0x00007FFC04EF0000-0x00007FFC0565C000-memory.dmp
memory/400-629-0x00007FFBFB920000-0x00007FFBFBA2A000-memory.dmp
memory/400-628-0x00007FFC02560000-0x00007FFC025CA000-memory.dmp
memory/400-625-0x00007FFC02EB0000-0x00007FFC031A6000-memory.dmp
C:\Program Files (x86)\PremierOpinion\cacert.pem
| MD5 | 77eb3ade4c5b0db67c6e8a26f131073c |
| SHA1 | ad9e8c00174cc2e707f59df671f89a9d7fc2ffc7 |
| SHA256 | 9f19e7a7139cca8373b516ab1ae49c644aa1c8048e8c7aa5784774a081dcbb87 |
| SHA512 | 20eb7d34c80bb8d8a415bcdccf8e46cb36396c095ed1468b69c0cb91da915e3a14c7fd55247f68e64ff71cf8d336cc286c3662710ca6281840fdc2f1eb7ac6a1 |
memory/3724-667-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-668-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-666-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-677-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-672-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-673-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-676-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-675-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/3724-674-0x0000000005F30000-0x0000000005F31000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 9cdea01ace88b0e143f393543de84d77 |
| SHA1 | f5a2f70125573469f5f4b11d74bd7d2b981fede1 |
| SHA256 | 9e561fafcad5580dbf1392fc1ff71aa0db01b5ba1b00542b647bdff04d1f7000 |
| SHA512 | 7d397322aa85ea28979cf415adfea58bd71976f2213501c44d2bb45ae9540bf2032a2aa9fae543be80e8e73292e1e025bfac24a8ee6c27b9169198dab5adbddf |
C:\Users\Admin\Downloads\How To use Evon.txt
| MD5 | f9f39abb0e0a9c8953aef46733b24a23 |
| SHA1 | 533799df62153dc93d3c3e48c20e00b4d8a1c65c |
| SHA256 | e630fc474a3d55666a3757c84d9ac06d23d824d290e48b8cc369d032ccaeda51 |
| SHA512 | 02bf96316f7181bfb1c23da73ea833134719d8c07000fbd8baeb2633979e9f7f44fafb092b24924227d31fb6f90b88365bce436ddf04ecd0f4b4b22a5a7d9ad8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c0a923ffab212cc679fae5e1b422a1a4 |
| SHA1 | 5360ad7e66caff5781eda3518170e170674a18d0 |
| SHA256 | b76d237f340d145147187565af597255618944e54c4b1902753257fee913f3fb |
| SHA512 | 207df6ea63d140dbf4f26c56b9d17bc8c14b7aa0c15bcad9fa599e53d9a5ea674989d639866aaf416c6ab0c09755b1429346a4f21f917a011da3555738b549d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47877ea6f662105b5df7627207832bfa |
| SHA1 | 02b19fcbcebd7d0e9615850ec0f9e1cd00808fd4 |
| SHA256 | 42dfc0a9c7953c2f7d3c185f6835b260fb0bd3587c01f338cb27558601bde997 |
| SHA512 | 21acb8d0d6d6b5a335580629bf9a37b40017131f8a305cb35c651b4d4cc995e02790998bae354fc3efd9b14f79c795a1b3cd4122d55214f7baf74f00bcfbf529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a07cc8a04509c2b1fd76fb8caf3035c1 |
| SHA1 | 27de63664a47d2e675cf102df5f641dbbde51d14 |
| SHA256 | 0697a59aad3a54a3df92b98ace04dffabbfeef829ee7883c961af507f5e4c432 |
| SHA512 | 136b98a1bcc96b7399735ddec2c42d46ddc56de9bd07326d7e019d5a2901ed9be7c52fb8eaa3d4d6b670776d470c0f568fd199bf52be77932680c5bf575056eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | cd3bfd2c182381d22658fbcbccf0a9dd |
| SHA1 | f16089ae6b6d340025292aa8fef033207e912faa |
| SHA256 | f4df6e990bdd84515b64d2f5e5eba923217496519e682632e78bb9a05a34d5c2 |
| SHA512 | 9ed34b719cf233a86e615cafda626e9e547c164b9962c113b73eb6a336817f51c7ec94ec4c03ff63c126b77e52d92208469f9533eef7e10d34e155f51ecfa0fd |
C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0b352be5435a341156d0548a1e85718c |
| SHA1 | 40f07fa808b781596c18207c7e04093490be701a |
| SHA256 | 25149aa39ce5ce30f5de15e59491b500dc0f33f88f906c0a795f898cdc45fff9 |
| SHA512 | 3d4d509acbf88f22ce58a7423173dc542b8c3255669302422e7b5b72fc4c2fed988a45eb5f937bafc7681dcc2cab27d1899138eae6d16f1f9bfa4adb9cb41a4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 49397b6b903e5f6b10d7e6d36b87e6a9 |
| SHA1 | 2c22e754f7644964cb8cefd1b6abf6ab17aafc94 |
| SHA256 | 90a0243e6651abc3da22a09d9d488ed60661a31c49d0c2fdf971c20f6fd75b67 |
| SHA512 | 35349b4d12b182e453ee883ce18cdbb151806409f293f98d6dfa0f720b217519af1245db10d4b7dd839ff93eb7ade2ba79c52ecb26fe0504e4e6c3b28782aa3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5a7f568cb0116678fb9e3cfc8f7d2eaf |
| SHA1 | b071505d1fd11ffa7e78d210d19ce2685c7b1f02 |
| SHA256 | 63f1ef3b5f3a300da4e295d2ca115ab563fe96899f39168cd07ce2333b9c1bbd |
| SHA512 | 6e99a9047ba14b2a1feb669c83a4482adb9a74602fd761a7dafc212f9c26fd83b9fd3e4500eebb4526e7135f61187a1c7c4ac22c4c542be7ed331feb82010e71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37e7aae1ceb0309711385c5cd6ce8c59 |
| SHA1 | d464b7eba38a2cddd1fa02c8282849c3390c5654 |
| SHA256 | d4b527338926bc10dd93af8d47e746d60e215f6c406444280c9fb89cf9f7c9e7 |
| SHA512 | f69d5bd9e182c1b6e24609d64066d77f8a3d8d26b73b5e8dc40bc9549de0be56a2a047d1d4b2367fb78e28c340ff092a3605042b50572be6fdb4f0ca233673bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | de629c30c2478fd6869d9daada41326e |
| SHA1 | b9d2d3b95e208baf338275f95c0130a06711637a |
| SHA256 | 2e7b7b54c6d10737ef2d7facb9a3e85b5df91ae3aae30ef62559e5e9e5ffbe0a |
| SHA512 | dc07e6542f536aaa8719ab781e5a68a2c78c770a8dc12853e4f45ac9abc90372638f9b3a0f9c585ca3de4fe7f424f7e7067a8b07732ae06232071323162152b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6EJS3C4Q\POicon[1].bin
| MD5 | 3ef9efb5c3c17e2b685057beac484e0b |
| SHA1 | 92e7ae0ebf2b57d72ea4091f065f29187cdf76fa |
| SHA256 | 20b0f94844860501e115fccd5c1462b2e2c932041d7989dc51c6d885b3429d8a |
| SHA512 | 6631ba4269375b502eccbcf601b0daccc98538f36bc0e1e2e5e48a28b4b9f523e06cb46d14b7ac2c60f70ce258b873fc42e31ebfb5237cb43cba7fb6a428eafc |
memory/5104-1021-0x0000000004E80000-0x0000000004EB6000-memory.dmp
memory/5104-1022-0x0000000005630000-0x0000000005CFA000-memory.dmp
memory/5104-1023-0x00000000054B0000-0x00000000054D2000-memory.dmp
memory/5104-1025-0x0000000005DE0000-0x0000000005E46000-memory.dmp
memory/5104-1024-0x0000000005D70000-0x0000000005DD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vzjl2hzb.wv3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5104-1035-0x0000000005E50000-0x00000000061A7000-memory.dmp
memory/5104-1036-0x00000000063F0000-0x000000000640E000-memory.dmp
memory/5104-1037-0x0000000006410000-0x000000000645C000-memory.dmp
memory/5104-1038-0x00000000075B0000-0x00000000075E2000-memory.dmp
memory/5104-1039-0x0000000073510000-0x000000007355C000-memory.dmp
memory/5104-1049-0x0000000006A00000-0x0000000006A1E000-memory.dmp
memory/5104-1050-0x0000000007600000-0x00000000076A3000-memory.dmp
memory/5104-1051-0x0000000007D90000-0x000000000840A000-memory.dmp
memory/5104-1052-0x0000000007750000-0x000000000776A000-memory.dmp
memory/5104-1053-0x0000000007920000-0x0000000007936000-memory.dmp
memory/5104-1055-0x00000000079B0000-0x00000000079D6000-memory.dmp
memory/5104-1054-0x0000000006A10000-0x0000000006A1A000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | 47fbdb32feb8262d56358d80f812e2e7 |
| SHA1 | f55a5fc552101bc348dd4a219d19ff2af75f2b6c |
| SHA256 | 114df311ec1d3b5042373e417a2a460039795708e279dd9523cc189b41274ee8 |
| SHA512 | 376527c76a1b6e9a578bbaea9b71f28bbc91e92cb1b0335eb536ab7d4227f707bb5d3410a234786e15e2aa24249f18ba243992eae344b72ba0eb6030a43e5c4e |
C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d28a3a348e8e69a24f524f62189c7421 |
| SHA1 | 87185b6e4ffcc180220281881d69f5b93a6508e9 |
| SHA256 | 071ae84ea408e68d627e0ade481632806dff9853d4c892f58a7c228815a01cfa |
| SHA512 | 0b20c587fd3d9b8acc2af77d2bf60b6d4caf34b65c2f92856166c1f91947ffc205a1f5832d6d5547d6bfa7e86541c5a74bf82134a9acb5ea42b2bdae255754e5 |
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work
| MD5 | 4ac1741ceb19f5a983079b2c5f344f5d |
| SHA1 | f1ebd93fbade2e035cd59e970787b8042cdd0f3b |
| SHA256 | 7df73f71214cdd2f2d477d6c2c65f6e4c2f5955fc669cde9c583b0ff9553ecdc |
| SHA512 | 583706069a7c0b22926fa22fc7bedcca9d6750d1542a1125b688fbb0595baf6cefc76e7b6e49c1415c782a21d0dd504c78fa36efad5f29f2fd5d69cc45ad8dcd |
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work
| MD5 | a9124c4c97cba8a07a8204fac1696c8e |
| SHA1 | 1f27d80280e03762c7b16781608786f5a98ff434 |
| SHA256 | 8ad3d28aeff847bc5fb8035cbc7c71e88a4ee547821a8e1a3ea6661ee6014b21 |
| SHA512 | 537caaa75ac1e257c6b247f9680c3b9e79156ea1bcb3f1326e969a774db33b3c906800813ca6f79369c799a62f4260c91c6dd9a6cace3af25b7dbea5a73e0392 |
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work
| MD5 | c6086d02f8ce044f5fa07a98303dc7eb |
| SHA1 | 6116247e9d098b276b476c9f4c434f55d469129c |
| SHA256 | 8901d9c9aea465da4ea7aa874610a90b8cf0a71eba0e321cf9675fceee0b54a0 |
| SHA512 | 1876d8fc1a8ac83aadb725100ea7a1791bd62d4d0edc1b78802e0bffe458f309a66dc97e1b9da60dd52b8cb80bf471ccb5f8480e6192c9eb2a13eac36462d27a |
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work
| MD5 | 39b9eb9d1a56bc1792c844c425bd1dec |
| SHA1 | db5a91082fa14eeb6550cbc994d34ebd95341df9 |
| SHA256 | acade97e8a1d30477d0dc3fdfea70c2c617c369b56115ec708ed8a2cfdbc3692 |
| SHA512 | 255b1c1c456b20e6e3415540ef8af58e723f965d1fa782da44a6bbc81b43d8a31c5681777ba885f91ed2dae480bc2a4023e01fe2986857b13323f0459520eb51 |
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work
| MD5 | 4838ee953dab2c7a1bf57e0c6620a79d |
| SHA1 | 8c39cd200f9ffa77739ff686036d0449984f1323 |
| SHA256 | 22c798e00c4793749eac39cfb6ea3dd75112fd4453a3706e839038a64504d45d |
| SHA512 | 066782b16e6e580e2861013c530d22d62c5ba0f217428cc0228ad45b855e979a86d2d04f553f3751cf7d063c6863cb7ea9c86807e7f89c7e0ae12481af65af76 |
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work
| MD5 | 8e64ab95d5d2c4c1e7a757624cb1fffa |
| SHA1 | 9889f93ad60bacb07683b4a23c40aa32954646d8 |
| SHA256 | dff8902430dcae2fba05fc7f54157c4bc8a7445ed488c1d5727947a0c07075d6 |
| SHA512 | 3ecc166686c1d7d61e91ec972244118980bf626a88123b87136695ac206e159933ad9f9feb3fd565713dd5d99038f427b845637c51a57497f0ac716de3a7973c |