Malware Analysis Report

2024-12-07 16:23

Sample ID 241113-z4vkrazclq
Target http://evon.cc
Tags
defense_evasion discovery spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://evon.cc was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery spyware stealer

Manipulates Digital Signatures

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Checks installed software on the system

Enumerates connected drives

Network Share Discovery

Password Policy Discovery

Drops file in System32 directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

Enumerates system info in registry

Checks SCSI registry key(s)

Modifies registry class

NTFS ADS

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 21:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 21:16

Reported

2024-11-13 21:21

Platform

win11-20241007-en

Max time kernel

259s

Max time network

303s

Command Line

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

Signatures

Manipulates Digital Signatures

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\wintrust.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A N/A N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\wbem\unsecapp.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A

Network Share Discovery

discovery

Password Policy Discovery

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\compstui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech\Common\sapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\wudriver.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\microsoft.dtc.powershell.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\ddisplay.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dsreg.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\storprop.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.internal.ui.shell.windowtabmanager.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.media.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.networking.hostname.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dskquota.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\msdmo.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\trustedsignalcredprov.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\msorcl32.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\uxlibres.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\advapi32res.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dpiscaling.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\SHARED\imjkapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mprddm.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\msajapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mskeyprotect.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.internal.management.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windowsdefaultheatprocessor.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\wmvdspa.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\wuapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\gamepanelexternalhook.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\holoshellruntime.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\apphlpdm.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\credprovs.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\cscapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dialer.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dmcmnutils.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\reguwpapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\startupscan.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\applockercsp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\chakrathunk.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dcomcnfg.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\iscsicli.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\kbdindev.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\rpcping.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\cmintegrator.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l2-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\gamingtcui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\msphotography.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.ui.xaml.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\nlsbres.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\catsrv.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dsauth.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\gptext.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\iyuv_32.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mfplay.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\IME\SHARED\imesearchps.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.internal.devices.sensors.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\acxtrnal.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\container.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\cryptowinrt.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\defaultprinterprovider.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\en\authfwwizfwk.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\fidocredprov.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\editionupgrademanagerobj.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\odbccr32.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\prncache.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\microsoft.mashup.container.loader.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\dual_engine_adapter_x64.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\system.reflection.emit.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\windowsformsintegration.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\integrator.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\presentationui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\PremierOpinion\pmls64.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\vulkan-1.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\clvwintl.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\system.identitymodel.selectors.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\sharedui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\system.windows.forms.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\microsoft.excel.spclient.interfaces.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\system.windows.presentation.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\msasxpress.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Windows Photo Viewer\photoviewer.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.vi-vn.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.security.cryptography.x509certificates.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\presentationframework.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\system.security.cryptography.xml.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\localytics.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\en-us\hxoutlookintl.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\system.windows.input.manipulations.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\microsoft.reportingservices.reportdesign.common.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\presentationframework.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\system.componentmodel.eventbasedasync.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\onnxruntime.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_ja.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\uiautomationclientsideproviders.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jjs.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\msvcp140_app.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.diagnostics.contracts.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\system.data.entity.design.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\system.speech.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\presentationframework.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\myoffice.backgroundtasks.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\microsoft.build.conversion.v3.5.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\system.windows.controls.ribbon.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\uiautomationprovider.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\microsoft.build.utilities.v3.5.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\presentationcore.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\visualizationgraphics.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\adhocreportingexcelclient.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\microsoft.packagemanagement.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.el-gr.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\windowsformsintegration.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\axsle.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_hr.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_sq.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-compat-appraiser_31bf3856ad364e35_10.0.22000.120_none_8cb521b23207298e\r\acmigration.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.282_none_3891f56e17aabe62\f\lsass.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..ructureconsumercore_31bf3856ad364e35_10.0.22000.1_none_8f8ed1d38f291730\pdh.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.diagnostics.debug.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\es\system.windows.forms.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-onecore-inputhost_31bf3856ad364e35_10.0.22000.168_none_9821d51aafd475c0\f\inputhost.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-g..tion-service-modern_31bf3856ad364e35_10.0.22000.1_none_53d4ddce6d36edd8\lfsvc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..platform-input-wisp_31bf3856ad364e35_10.0.22000.1_none_276310a0e1949256\wisp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\TaskScheduler.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\taskscheduler.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.dynamic.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ja\uiautomationtypes.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-onecore-bluetooth-hfp_31bf3856ad364e35_10.0.22000.100_none_fcc620f8b745f789\btagservice.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-u..ccess-userdatautils_31bf3856ad364e35_10.0.22000.282_none_da1c238f2669a471\r\userdatatimeutil.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\sensemirror.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_10.0.22000.1_de-de_6588868cab2cde82\system.xml.linq.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..ionmodel-lockscreen_31bf3856ad364e35_10.0.22000.1_none_0f7a14e46bf85fe1\windows.applicationmodel.lockscreen.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-embedded-shelllauncher_31bf3856ad364e35_10.0.22000.120_none_3fbde764cc71982b\eshell.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..rs-keyboard-desktop_31bf3856ad364e35_10.0.22000.71_none_54a6cc49708e2d95\f\settingshandlers_keyboard.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\frameservermonitor.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_76ba4fbc0aad4f59\weretw.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_10.0.22000.348_none_237af9016c3922b5\f\gpsvc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-inputprocessors_31bf3856ad364e35_10.0.22000.282_none_956bcad602fe2368\r\jpndecoder.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.CertificateServices.PKIClient.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\microsoft.certificateservices.pkiclient.cmdlets.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-c..brokeredapi-onecore_31bf3856ad364e35_10.0.22000.100_none_0c1e18b3d482fda7\f\windows.cortana.onecore.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_11.0.22000.348_none_9107ffc16f9006d7\f\edgeiso.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.22000.469_none_f7ee9eea6a40784c\microsoft.uev.modernsync.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sensors-universal_31bf3856ad364e35_10.0.22000.1_none_b2c07d9d9774026d\windows.devices.sensors.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\mscorees.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\de\system.windows.forms.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\es\system.net.http.webrequest.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fr\system.management.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_dual_prnms002.inf_31bf3856ad364e35_10.0.22000.100_none_e8ff5cb04e9c2ce6\Amd64\fxsui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-desktop_31bf3856ad364e35_10.0.22000.132_none_cfc76ec3380113d2\r\windowsinternal.people.peoplepicker.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Resources\3.0.0.0_ja_b03f5f7f11d50a3a\microsoft.transactions.bridge.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\system.io.compression.filesystem.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.22000.318_none_5cc755143bc62566\r\appxapplicabilityblob.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.22000.194_none_213203c52af71b4b\f\bootsvc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..agement-commandline_31bf3856ad364e35_10.0.22000.1_none_85c196aa97db6b5a\dism.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-v..d-manager-psfactory_31bf3856ad364e35_10.0.22000.1_none_c60dd8f2a13d4cf0\vscmgrps.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\mssvp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_hyperv-vmuidevices_31bf3856ad364e35_10.0.22000.348_none_78f6988947c3f4d0\r\vmuidevices.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\r\windowsinternal.composableshell.experiences.suggestionuiundocked.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-userinitext_31bf3856ad364e35_10.0.22000.37_none_9cd695ac1f8aeabd\userinitext.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..ticexecution-server_31bf3856ad364e35_10.0.22000.1_none_2190613a83ccbdcf\diagsvc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-t..r-decodingresources_31bf3856ad364e35_10.0.22000.318_none_664d77c8ce2de3f3\tdhres.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\fr\mscorrc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shutdownux_31bf3856ad364e35_10.0.22000.282_none_d7eec83226b88ee2\f\shutdownux.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\fr\uiautomationtypes.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\de\microsoft.workflow.compiler.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..emsettingsthreshold_31bf3856ad364e35_10.0.22000.469_none_1ab76f7b63304e17\r\telemetry.common.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Activities.Resources\v4.0_3.0.0.0_en_31bf3856ad364e35\microsoft.powershell.activities.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ja\system.addin.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\microsoft.build.conversion.v4.0.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\resetengmig.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-shutdownux_31bf3856ad364e35_10.0.22000.282_none_d7eec83226b88ee2\shutdownux.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.resources\v4.0_4.0.0.0_es_b77a5c561934e089\system.xaml.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.identitymodel.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_10.0.22000.1_none_40a7418a5b7571f1\d3d10warp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-internal-shell-broker_31bf3856ad364e35_10.0.22000.100_none_866ff74e2001b8dc\windows.internal.shell.broker.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.22000.469_none_32a79bf4fb92e6f2\tpmcertresources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\bfsvc.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..tworkmobilehandlers_31bf3856ad364e35_10.0.22000.120_none_f716ce8b1368ac54\f\networkmobilesettings.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760062261811369" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-556537508-2730415644-482548075-1000\{4AE0B3A2-436C-4B33-A31F-F22B7FDCC78B} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a58102000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 19000000010000001000000012cab0233db2f09a0336851de92237df0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 5c000000010000000400000000080000140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c7619000000010000001000000012cab0233db2f09a0336851de92237df2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\How To use Evon.txt:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4552 wrote to memory of 728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 728 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 3492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 4836 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4552 wrote to memory of 1540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://evon.cc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98227cc40,0x7ff98227cc4c,0x7ff98227cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4336,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3300,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4692,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3248,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3356,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3524,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3308,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3328,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5080,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5116,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5404,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3716,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5372,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5416,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3028 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3140,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3104,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5652,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5348 /prefetch:8

C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe

"C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe"

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe --silent --allusers=0 --server-tracking-blob=MWNjMTI2M2E3ZDJhMzY1NTkyYjMyOGJiYTMzNTY2M2EyOGZhNjExYmVjNmFlOTliMjc5N2FlNzQyMTllZGUzYjp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYjQ1OWU0YjdjZmI0NzZlYTZhYTVkMmEyMTI0ZjJjYyZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInRpbWVzdGFtcCI6IjE3MzE1MzI2NzguMjM0OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCA2LjI7IFdPVzY0OyBUcmlkZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9QQjVfMzU3NSIsImNvbnRlbnQiOiIzNTc1X0ZpbGVETSIsImlkIjoiMGI0NTllNGI3Y2ZiNDc2ZWE2YWE1ZDJhMjEyNGYyY2MiLCJtZWRpdW0iOiJwYSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI4MGY0YzRhMi0xMzQ0LTQ5MDgtYTg2Ni1mN2VhYmI0YmQwNWQifQ==

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x718a8c5c,0x718a8c68,0x718a8c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3792 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241113211803" --session-guid=3ef42b66-2561-4864-a013-c764829948e3 --server-tracking-blob=MDI1M2VmZmU2NTVmOWU5OWFlODU5MmQ0ZDViMjdkNGQ2OWJiZDliYmQ5Njk0MTAyODA5YmQyMzY4NGYxOWQxOTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX0dCX1BCNV8zNTc1JnV0bV9pZD0wYjQ1OWU0YjdjZmI0NzZlYTZhYTVkMmEyMTI0ZjJjYyZ1dG1fY29udGVudD0zNTc1X0ZpbGVETSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTUzMjY3OC4yMzQ5IiwidXNlcmFnZW50IjoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMjsgV09XNjQ7IFRyaWRlbnQvNy4wOyAuTkVUNC4wQzsgLk5FVDQuMEU7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy4wLjMwNzI5OyAuTkVUIENMUiAzLjUuMzA3MjkpIiwidXRtIjp7ImNhbXBhaWduIjoiUFdOX0dCX1BCNV8zNTc1IiwiY29udGVudCI6IjM1NzVfRmlsZURNIiwiaWQiOiIwYjQ1OWU0YjdjZmI0NzZlYTZhYTVkMmEyMTI0ZjJjYyIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6IjgwZjRjNGEyLTEzNDQtNDkwOC1hODY2LWY3ZWFiYjRiZDA1ZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7406000000000000

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x70968c5c,0x70968c68,0x70968c74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0xce4f48,0xce4f58,0xce4f64

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Program Files (x86)\PremierOpinion\pmropn.exe

C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:KHWygqp2kV8G0PwKZCPOGG -o:0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4736,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\PremierOpinion\pmservice.exe

"C:\Program Files (x86)\PremierOpinion\pmservice.exe" /service

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe C:\Windows\system32\pmls64.dll,UpdateProcess 1084

C:\Windows\SysWOW64\reg.exe

reg.exe EXPORT "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" C:\PROGRA~2\PREMIE~1\RData.reg /y

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5000,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4712,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6352,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6364 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\How To use Evon.txt

\??\c:\program files (x86)\premieropinion\pmropn.exe

"c:\program files (x86)\premieropinion\pmropn.exe" -boot

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4956,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6492,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6528,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5880,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6116 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6324,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6524 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

/C C:\PROGRA~2\PREMIE~1\pmropn32.exe 3292

C:\Windows\SysWOW64\cmd.exe

/C C:\PROGRA~2\PREMIE~1\pmropn64.exe 3292

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\PROGRA~2\PREMIE~1\pmropn32.exe

C:\PROGRA~2\PREMIE~1\pmropn32.exe 3292

C:\PROGRA~2\PREMIE~1\pmropn64.exe

C:\PROGRA~2\PREMIE~1\pmropn64.exe 3292

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -s

\??\c:\program files (x86)\premieropinion\pmropn.exe

"c:\program files (x86)\premieropinion\pmropn.exe" -updateapps

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=e2a4f912-2574-4a75-9bb0-0d023378592b_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=f46d4000-fd22-4db4-ac8e-4e1ddde828fe_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.aad.brokerplugin_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.accountscontrol_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.asynctextservice_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.bioenrollment_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.creddialoghost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.desktopappinstaller_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.ecapp_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.lockapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.microsoftedge_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.onedrivesync_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.ui.xaml.cbs_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.vclibs.140.00.uwpdesktop_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.vclibs.140.00_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.win32webviewhost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.apprep.chxapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.callingshellapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.capturepicker_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.cloudexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.contentdeliverymanager_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.narratorquickstart_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.parentalcontrols_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.peopleexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.search_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.secureassessmentbrowser_cw5n1h2txyewy

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.shellexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.xgpuejectdialog_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.xboxgamecallableui_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.client.cbs_cw5n1h2txyewy

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.undockeddevkit_cw5n1h2txyewy

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=ncsiuwpapp_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=windows.cbspreview_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=windows.printdialog_cw5n1h2txyewy

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=windows_ie_ac_001

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -s

\??\c:\program files (x86)\premieropinion\pmropn.exe

"c:\program files (x86)\premieropinion\pmropn.exe" -installmenu:PremierOpinion -v:NONE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6788,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6692,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5128,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-AppxPackage

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6624,i,16092940070299820076,13169645621354333313,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6668 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 evon.cc udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 104.21.27.176:80 evon.cc tcp
US 104.21.27.176:80 evon.cc tcp
US 104.21.27.176:443 evon.cc tcp
US 104.21.27.176:443 evon.cc udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 176.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 guidonsfeeing.com udp
US 8.8.8.8:53 fonts-cdn.nexuspipe.com udp
US 8.8.8.8:53 scriptunc.org udp
NL 23.109.170.223:443 guidonsfeeing.com tcp
NL 23.109.170.223:443 guidonsfeeing.com tcp
FR 3.165.135.204:443 d1now6cui1se29.cloudfront.net tcp
FR 3.165.135.204:443 d1now6cui1se29.cloudfront.net tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.192.190:443 ukankingwithea.com tcp
US 172.67.180.198:443 sionscormation.org tcp
GB 18.244.140.79:443 ghabovethec.info tcp
GB 143.204.176.76:443 getrunkhomuto.info tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 18.154.84.91:443 alfelixstownrus.org tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com udp
US 172.67.180.198:443 sionscormation.org udp
US 104.26.13.166:443 sakpot.com tcp
GB 18.154.84.91:443 alfelixstownrus.org tcp
GB 18.154.84.91:443 alfelixstownrus.org tcp
FR 3.165.135.204:443 d1now6cui1se29.cloudfront.net tcp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 166.13.26.104.in-addr.arpa udp
GB 143.204.176.76:443 getrunkhomuto.info tcp
GB 143.204.176.76:443 getrunkhomuto.info tcp
US 34.195.224.242:443 jxekj.columnstoodth.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
BE 66.102.1.84:443 accounts.google.com udp
N/A 224.0.0.251:5353 udp
US 159.203.99.54:443 lotus-tab.com tcp
US 35.186.235.23:443 cdn.mxpnl.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 173.194.76.156:443 stats.g.doubleclick.net tcp
GB 173.194.76.156:443 stats.g.doubleclick.net tcp
GB 173.194.76.156:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com udp
US 130.211.34.183:443 api-js.mixpanel.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com udp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
GB 216.58.212.238:443 apis.google.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 216.58.212.238:443 apis.google.com udp
GB 172.217.16.238:443 www.youtube.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
GB 142.250.180.3:443 ssl.gstatic.com tcp
US 104.26.13.166:443 sakpot.com tcp
US 172.67.195.231:443 filedm.com tcp
US 172.67.195.231:443 filedm.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.189.182:443 getfilenow.com tcp
US 172.67.189.182:443 getfilenow.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 172.67.189.182:443 getfilenow.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 35.190.60.70:443 www.dlsft.com tcp
US 35.190.60.70:443 www.dlsft.com tcp
US 35.190.60.70:443 www.dlsft.com tcp
US 104.21.60.113:443 filedm.com tcp
FR 52.222.201.113:443 dpd.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 104.21.96.72:443 www.ovardu.com tcp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 104.18.25.17:443 api.config.opr.gg tcp
NL 82.145.216.24:443 download.opera.com tcp
NL 82.145.216.47:443 autoupdate.opera.com tcp
US 104.18.10.89:443 download5.operacdn.com tcp
NL 185.26.182.93:443 features.opera-api2.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50462 tcp
N/A 127.0.0.1:50466 tcp
N/A 127.0.0.1:50469 tcp
GB 142.250.178.14:443 google.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
AU 34.129.38.245:443 e2c11.gcp.gvt2.com tcp
US 34.125.80.210:443 e2c30.gcp.gvt2.com tcp
GB 216.58.201.100:443 www.google.com tcp
AU 34.129.38.245:443 e2c11.gcp.gvt2.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
GB 216.58.201.100:443 www.google.com udp
DE 172.217.18.99:443 beacons.gvt2.com tcp
DE 172.217.18.99:443 beacons.gvt2.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50626 tcp
N/A 127.0.0.1:50652 tcp
N/A 127.0.0.1:50703 tcp
US 165.193.78.234:443 post.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50772 tcp
N/A 127.0.0.1:50788 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50802 tcp
N/A 127.0.0.1:50805 tcp
N/A 127.0.0.1:50819 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50823 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50836 tcp
N/A 127.0.0.1:50840 tcp
N/A 127.0.0.1:50844 tcp
US 165.193.78.210:443 oss-ad.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50848 tcp
N/A 127.0.0.1:50852 tcp
N/A 127.0.0.1:50856 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50860 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50864 tcp
N/A 127.0.0.1:50867 tcp
N/A 127.0.0.1:50872 tcp
N/A 127.0.0.1:50876 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50881 tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 173.194.135.104:443 rr3---sn-aigzrn7z.googlevideo.com tcp
GB 173.194.135.104:443 rr3---sn-aigzrn7z.googlevideo.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
BE 66.102.1.84:443 accounts.google.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
N/A 127.0.0.1:50913 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
US 173.194.140.169:443 rr4---sn-q4fl6n6y.googlevideo.com udp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 172.217.16.238:443 www.youtube.com udp
N/A 127.0.0.1:50948 tcp
N/A 127.0.0.1:50953 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 142.250.180.22:443 i.ytimg.com udp
GB 216.58.213.1:443 yt3.ggpht.com tcp
GB 216.58.213.1:443 yt3.ggpht.com tcp
GB 216.58.213.1:443 yt3.ggpht.com tcp
GB 216.58.201.100:443 www.google.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 142.250.200.14:443 i9.ytimg.com tcp
N/A 127.0.0.1:50986 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 216.58.213.1:443 yt3.ggpht.com udp
GB 142.250.179.225:443 lh3.googleusercontent.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:50990 tcp
N/A 127.0.0.1:51009 tcp
N/A 127.0.0.1:51027 tcp
N/A 127.0.0.1:51150 tcp
N/A 127.0.0.1:51226 tcp
N/A 127.0.0.1:51234 tcp
N/A 127.0.0.1:51241 tcp
GB 173.194.135.104:443 rr3---sn-aigzrn7z.googlevideo.com udp
N/A 127.0.0.1:51277 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 216.58.204.70:443 static.doubleclick.net tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 142.250.179.225:443 lh3.googleusercontent.com udp
GB 142.250.200.14:443 i9.ytimg.com udp
GB 142.250.200.14:443 i9.ytimg.com tcp
GB 142.250.200.14:443 i9.ytimg.com tcp
N/A 127.0.0.1:51327 tcp
N/A 127.0.0.1:51331 tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
N/A 127.0.0.1:8888 tcp
GB 172.217.16.238:443 www.youtube.com tcp
N/A 127.0.0.1:8888 tcp
US 54.166.101.171:443 p-content.securestudies.com tcp
N/A 127.0.0.1:51715 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.178.14:443 google.com tcp
US 165.193.78.210:443 oss-ad.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
N/A 127.0.0.1:51855 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:51874 tcp
N/A 127.0.0.1:51882 tcp
N/A 127.0.0.1:8888 tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.250:443 www.premieropinion.com tcp
GB 142.250.178.14:443 google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
US 165.193.78.250:443 www.premieropinion.com tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:51911 tcp
N/A 127.0.0.1:51925 tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:51932 tcp
N/A 127.0.0.1:51936 tcp
N/A 127.0.0.1:51940 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:51952 tcp
N/A 127.0.0.1:51956 tcp
N/A 127.0.0.1:51960 tcp
N/A 127.0.0.1:51964 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
US 172.67.195.231:443 filedm.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
US 104.21.27.176:443 evon.cc tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
FR 3.165.135.186:443 d1now6cui1se29.cloudfront.net tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
FR 3.165.135.55:443 d1now6cui1se29.cloudfront.net tcp
US 8.8.8.8:53 alfelixstownrus.org udp
US 172.67.180.198:443 sionscormation.org tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 143.204.176.11:443 getrunkhomuto.info tcp
GB 18.244.140.102:443 ghabovethec.info tcp
GB 18.154.84.91:443 alfelixstownrus.org tcp
N/A 127.0.0.1:51968 tcp
N/A 127.0.0.1:51972 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:51981 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:52010 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:52029 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
DK 157.240.200.35:443 www.facebook.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
FR 3.165.135.186:443 d1now6cui1se29.cloudfront.net tcp
US 8.8.8.8:53 sionscormation.org udp
US 172.67.180.198:443 sionscormation.org tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
US 8.8.8.8:53 alfelixstownrus.org udp
GB 18.154.84.86:443 alfelixstownrus.org tcp
US 8.8.8.8:53 55.135.165.3.in-addr.arpa udp
US 8.8.8.8:53 11.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 102.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 35.200.240.157.in-addr.arpa udp
DE 207.120.58.26:443 rules.securestudies.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:80 rules.securestudies.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:52049 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:52064 tcp
N/A 127.0.0.1:52068 tcp
N/A 127.0.0.1:52083 tcp
N/A 127.0.0.1:52088 tcp
N/A 127.0.0.1:52094 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:52101 tcp
N/A 127.0.0.1:52107 tcp
N/A 127.0.0.1:52111 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:52114 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:52119 tcp
N/A 127.0.0.1:52123 tcp
N/A 127.0.0.1:52127 tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
DE 207.120.58.26:443 rules.securestudies.com tcp
N/A 127.0.0.1:52130 tcp
N/A 127.0.0.1:52135 tcp
N/A 127.0.0.1:52146 tcp
N/A 127.0.0.1:52152 tcp
US 54.166.101.171:443 p-content.securestudies.com tcp
N/A 127.0.0.1:52174 tcp
US 44.213.195.207:444 hawk.securestudies.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com tcp
N/A 127.0.0.1:52177 tcp
N/A 127.0.0.1:8888 tcp
GB 216.58.201.100:443 www.google.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 44.213.195.207:444 hawk.securestudies.com tcp
N/A 127.0.0.1:52253 tcp
N/A 10.127.0.1:80 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 8.8.8.8:53 p-content.securestudies.com udp
US 54.157.53.39:443 p-content.securestudies.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:52399 tcp
US 54.157.53.39:443 p-content.securestudies.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 54.157.53.39:443 p-content.securestudies.com tcp
US 44.213.195.207:443 hawk.securestudies.com tcp
US 44.213.195.207:443 hawk.securestudies.com tcp
US 44.213.195.207:444 hawk.securestudies.com tcp
US 44.213.195.207:444 hawk.securestudies.com tcp
N/A 127.0.0.1:52431 tcp
US 44.213.195.207:444 hawk.securestudies.com tcp
US 44.213.195.207:444 hawk.securestudies.com tcp
US 44.213.195.207:443 hawk.securestudies.com tcp
US 44.213.195.207:443 hawk.securestudies.com tcp
US 54.157.53.39:443 p-content.securestudies.com tcp
US 54.157.53.39:443 p-content.securestudies.com tcp

Files

\??\pipe\crashpad_4552_YYAFVCYQDICWLDLD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b5f6127c2fa76b8d74db9059b252ba82
SHA1 8dd002d72d5d2d6a0d03150c2ed787a61e6ebb90
SHA256 b72038ae49656e70391352089249d78a6760983e4b8e9ad29c7f2d6dd2b70009
SHA512 09c0414ca6b4387303b79b1ab7dab2bdae9866e74c72b946f5836044214622a972c612e545e4359813f82ad7fae4589dc139343249c4a789c209b5ec7aecac2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bab148a3de9973466a7488a8f9d9c78
SHA1 8a5c23b585afe141e09890084998e3d054b2d1f2
SHA256 3b69a4672e0609450b28ceebfc8a3061ae423ad6ddfbf959956f8bfd6394adbf
SHA512 8de986255fe6a48668e2c2df3a009d6e2e119917273db8fe8c10dbee0414a5ee820a26b096ecf318aa605aecabe8a903c819aaae86b829af47f17b7b93f0b846

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 2c005c5efb2fec3bddabbe84dec10967
SHA1 f5fdc5e9a9c17dbb3def064be73050c27c8e0b33
SHA256 04def93bc85c5bacc6a6891cb37b09cafbab8d09a19ed63538e029ba0dd15820
SHA512 812ee40c36543385e3a2d852726bbefc0471c0f3894d6decdcf0b659d5171b1157751d532b42c5da8ef8ac054072e21e125a87f4927e52eef22cd8eec5d8e923

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 384c44ef2f40e4cfde89119a78e8aef3
SHA1 72dcfee696ec203b00544439907ec1057bff5c6b
SHA256 3dd42237c8786f5fc97d514b6bdf88be042cdb958e7c1eef61fe35b1c49729f4
SHA512 338aaf470277d99757d556a63bf242da96a3272b27213cc12fcfb5f0a806f47e737f3c1953b1515581079c6afd88cf2cf1ca139ef90f948a98282cce5cdae1d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 636c4a6a908fa4de713aca93230c4f27
SHA1 541ff045135b548354b622658e36da8eeed7e3cb
SHA256 1f1a042def1576d28d4239e1acbf22d167da6af00f8f2f70b4f602a81f84db95
SHA512 82af4443a925e961e989de4ecb0ef3598bc8da19381dbf5304b1d61f0a7043dd13b9d66f8c0a948107c81fc9347d913c856749c1afe6eef65cc28985a304f540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0c0c12ef-4bdc-4689-875b-1cce109d4812.tmp

MD5 596809b8635c1d691ad967edd2802b0a
SHA1 4d420643298263a7c0adb942eed34a65bc90e636
SHA256 08bbcc4309dce54b1ffa550f0e4ff45f57c3f7eb40cc3029b2f041ccb2c389da
SHA512 139639f9d2b635946012417d287ffce9b0201319311a4246a51b1563f4d12b73af8589740c0d2e1698961d55ea038c518c10c5ef22e0c557cc83fae70d234851

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 149eb493114ed5f753383df4a60d0de7
SHA1 56c968915c14a53d3d9df525a59bcba2470f71b3
SHA256 03b43d685789b3df384b1a0d38cf96fd5e19c4ca1e625f85b79cbafe84b55715
SHA512 ebc9ecfc474ecdcc840ad2a264ba7d35cd62984f76534538e70218ffb25012f97606c7572d837a5686d73e837fad02fe50bb0919f3fee8ef4d19cf1a8066dd69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e1454c11fe90d328b3890b0e5abcf65f
SHA1 da8057a669fab099c0f0d44e8734702072d28fcc
SHA256 a01785f716dc841c7d61154acd94dff9382d84f90a285ec499499384a6fa318b
SHA512 7856fa9cbba00a10fd2c8cc8a0056c7f3332352eb7427efb3d6f2f2f6b9d7230f34e9c50d83900eba1174c915bb7f896d1e4bf81ad88f453598184ca32931915

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2dcfe2ac17cd88dbeaebd9d4c4417207
SHA1 c8fe6d54589a19968afa921d66b34ab324661ca9
SHA256 d970bf07495a87e944be3ea2129eac18c42bb61e7fec04da783b6524074ec772
SHA512 e4c88a86d7c2178b52c6f11a01fb1125ed041103b651f59af6055c227dfdf665ca4f47b5afad3096bf4c729e7a6cff20d04518e28ecfeaf2ab09328c20026761

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a58803b1b5fb32b1c5812563a2e1c429
SHA1 563ad1a6da5a642f26d6151cc5573699ed7fdcde
SHA256 b0300caf0012e58e0d6892b68f2657c844a380def442bcae7ad5a085c453b062
SHA512 1e06ae296471b7cc55441d2d2ba09fac5b359ec92ae19c774bd8d59f92684339ca5be5f02677f730fb3773f6fb3b0bf229136edb01f77447652ee4124fa43f65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d0cdfeb49f752f665f41a81ec2d72920
SHA1 e4900f672c53af4decdaf06c8f85d5b377c3852d
SHA256 9c5bd6685dc3a766b934c7da620c62d213477a4c5a25fc79aba7c32c39cffff2
SHA512 226b9836013c1a9b9fd9a95a760d8b31e69f4d58140d3336c63d7f59842615d8daa10fdb1fb28f5a576f4ede91ad7624ebfaffabf5a9aa4d33ff15fec8d4a70a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 37ae89d10182b5c5311c091883b8c59d
SHA1 731ad483fd041a23b9e24486d3b18670db46f105
SHA256 6b1666051728bfda0f61437cbb47fb43136d2b1aee7a2c5663495b7749ec3621
SHA512 c13c36f8d1820e6f096948cb4abd4ef726beb3de2bdd33a0d88502be0e37960a87b74603aac9e1c80c7289bbde405166ca8006d26905219637a7860483a87a07

C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 17203ed82577623f8ad51fc53dc81f22
SHA1 81ed953e7a3c9ec241c947ce837f19fd9d47bd37
SHA256 7afd34b98b639eb46cb9f23f025f1763fed43b11a38273c3f41a7e2ddaae7b30
SHA512 20be52150c7f0e46171634275994fc3cab36c48ad793d5c10d729f6fb4af78d01c241db25e90c383550326540fe68bca16ccf278b1da212170f4202fa96cd080

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f484ea49519e0f2527aa5e12505c6984
SHA1 75a6248fca9950bbc91dee0b255382f69772ae4b
SHA256 103d11e39f4e9d66d225c51b0bede344f98d3d5e00ccbdc21be1b64bf71e2a63
SHA512 1022d8dfb68605fc69ead0262622024bbd77785b436bab94a24d441420daf12345646bfca688c472674982ca0f52bb3f18f8f2b6dfe5eafa8792cdfe87b1dfb0

C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_53264730.exe

MD5 15d1c495ff66bf7cea8a6d14bfdf0a20
SHA1 942814521fa406a225522f208ac67f90dbde0ae7
SHA256 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
SHA512 063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 832a552c66094de4d54645ae1e5c9691
SHA1 e1753ab0c7572fc1b81cc90a7a373948c14f0f93
SHA256 0dd5da4d38761b8fee214a29a72cc4663ada235d6c0635b51b9fe290dee04734
SHA512 22572dc5a92399622130c1f18acd1afba70d37d0e80f188fdf01fc5ab3bf7150150a411f4a6bbfcc79778874b4e47b130228bcb593b35778265491171a3083f0

C:\Users\Admin\AppData\Local\OperaGX.exe

MD5 7b2333c6328a84b04233a57e1347987f
SHA1 8abed7573536b30227aab566b9e49b969062d36e
SHA256 1988b7a6e77e321bd5c41421a148a1ba21d9cd672625b1e32c3744ed7e5b4d34
SHA512 4c789cefa4b7b679fe523362e96e6c1719b3e0da9b782b6c2257cb6bd239eaecc6ac94f35cb4a94aa7dae22b11ac8538d7cad87d988a95ca679ac39991ad70f7

C:\Users\Admin\AppData\Local\Temp\7zSC1311088\setup.exe

MD5 dcc0d15e77a7872758e65deb0bfc6745
SHA1 1efb89e143bf5edd34d46ae8370ecc13d4c3339f
SHA256 87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64
SHA512 9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411132118026673792.dll

MD5 1b07ce60bc1c77f0cadf13c2e62b1383
SHA1 ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d
SHA256 e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f
SHA512 94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 3c625ce508c10b6268cd0a22980d4dc0
SHA1 03f165543aea8b2ad19e7709ddf9825a01ea7abf
SHA256 8881e995795c1e8af9e0a0e407edf9e60dd5be5a3744c37e21ab9682b5e76ab3
SHA512 f97eb471fab0d2c7a159976c4d97f41f036f966983eca0d986dffd6925a520c8cec2dd68b1023e11f3bedf8a39f67f2f01c46aeaefdb1a06bfbc74c7de7ae95d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 8e4581263cc57153f492a88c28a8ae4f
SHA1 41966cd490d0b56411d7ff865f0f3cef876827b5
SHA256 1ae5a69cf7f839fc4740b10dd2f35cdc435d02dcd363d505231151406d348aaf
SHA512 8775611fc3d17b156701ee5dbe69a8a7086f0c17cf0ccd10a14e819a1eca23978c034b3d5a17cd50d480f4961751fffd9e33e6e9d3dfe1f0d81e190cc8d8a780

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 da3a374f923014148971c386e132bfe3
SHA1 417beeb839df9aae928daff7ce39e61ff38e6e6e
SHA256 36634a56a09d97d38baf902703a331665379d24217b1b02a561fd4b9a4c34423
SHA512 bf3e4665bbb97f2a9322ced7688ce689d3ccadc08831ad8b60a5d8ebfcb1c97578e25b0e54716e5867b2938b7467b4ba79f9d2f2cd8e5a483dfc5eff1fab8d78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34e2ac8cb0e487e5fccc94e1856201c0
SHA1 c0a668d2126a006eef5799edfdb9f6394034fe6b
SHA256 c8cdd8a2fa67961d187b73ed9bba27c2e8a3a38c9322a7a273f67932462dc81f
SHA512 b59f1aa4717ebc24c9e12d3bca352e4cbb81554122688690b8658ef453ede50f2404e26dfe02a7d1537c2aefccc117e3720d20c07c2ce8ea61bd2806b82ba669

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dcb8ae455bd96b58dc95f914268be2cc
SHA1 cb0f90c5b381f912375e70d34f4321dfe63b5155
SHA256 5a95a0278bda1abc91d77e1e103c1f105d14208d9f14ac7cce24bfb001ce2ff0
SHA512 88ed4f27a81d4d359eca2c488271673752cdf8f435e95be0f55b44610d004ebe3a12f56ba397df0d9af2af9927273009d82b7c0f727ef59fbfd1c3aa8ba0ce13

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\additional_file0.tmp

MD5 e9a2209b61f4be34f25069a6e54affea
SHA1 6368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256 e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA512 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411132118031\assistant\assistant_installer.exe

MD5 4c8fbed0044da34ad25f781c3d117a66
SHA1 8dd93340e3d09de993c3bc12db82680a8e69d653
SHA256 afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512 a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

MD5 286684743456e47d0d4310e3351f7842
SHA1 fb0338f73a84e8e7f96104d84be80f6ba4feca29
SHA256 5c60a9e6355fcedcda99acc3dafc37aced5e6ea5427a3dcef141aac5598a3bff
SHA512 432984b8f33ec0ecce19c567794df3ece401620ee543699ea7a4fd9dd135833c7daea23b5d9d5a1ea936c2c64007c11a11d44169b0d22a1c1a5bcfe5d0dd5e96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9bae3a61e60a41147d509a17e24ae58
SHA1 2f50903ec2c4700b5e3b175a067d170bcab1c4ec
SHA256 8c89b235b1ad91b7a093f3afe3f09bdac90e344a858e92cb766d1fc0b517d15b
SHA512 b6a51798f074995ba514baaa6c2b7700c4831bb8eb47b5e05ad5f2c4ca54193299d6b119e576b346320ab8dfcdb2cc892f652d7dd2748e7bfb9f73167e2e5f83

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

MD5 bf6eed6cdc17a0130189a33a55ef5209
SHA1 e337f5a0931f69c464f162385f1330b4d27b372f
SHA256 ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168
SHA512 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b49ee139b88b8e81986267a7b50aded
SHA1 e9ed8ae478dd108b0c3bf20842862e6760bfd477
SHA256 01a9518f7c3c8bd209afca2ffc7f901d0e53d3e3795c5291b818d2eeb77640e2
SHA512 69cb0943834bd7d560d04c42df7a328f658fac213667db64816e9244ffd1902757e75538d9297cba72b922f3883b726dc7920bd9714e4e4c08e83ab20c97e47b

C:\Users\Admin\AppData\Local\link.txt

MD5 fee8c25eb478012706cb919f8c9734a1
SHA1 95df3baf392a2fb48ecc4d21a6320892861ae180
SHA256 e390461f0cf0e79ef59ccea90876e663bed607f29491b621e3664eb8de24a974
SHA512 33029b102cb0413af55c79c2cd400521fe7d61dc79e49932674a910f05c2563d15f8979709dc8c5a863cc622e94a33ed48fd3ac1f9bf51acd6065b589e3a9572

C:\Users\Admin\AppData\Local\Temp\~os47BE.tmp\pmservice.exe

MD5 4ef95918e313c7ca01084629416fc714
SHA1 5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c
SHA256 303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9
SHA512 75861731e9ec1a43741b2b84f60677e9fdf26d5db8d6e4e91297f826fc2c357272c18cede7f64c42798f5459900b33d693ababe4e1140e4cfc54ef7a04af633a

C:\Program Files (x86)\PremierOpinion\pmls.dll

MD5 50a0c6c01cdc5d2690ccd1f1541f6670
SHA1 c5e017a468efb70eabb1f861784edac62acb0e17
SHA256 f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99
SHA512 028d5a56c581d3751628c7503e83aa52c332678495943c3648049ae0b26a7190e98395ad205cf60896140d1a802c14a346a2d1553e7b53090c3f5beefd66e9b1

C:\Program Files (x86)\PremierOpinion\pmls64.dll

MD5 aa56cb7fd83150c3a75cd6a0de97eb78
SHA1 34415c5c8e57cfe9a7b4a498eacfe1403f3191ec
SHA256 034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765
SHA512 765f12e5e060db934d0f4e8159bb9bd10cdbe797d79488a0dc88215a73e49101e279ca69e10c1775a5e161bb4dd02585724c7c87bbefdcdd047adb4277804fa2

C:\Program Files (x86)\PremierOpinion\pmropn64.exe

MD5 ae5bbcc69b05359d0d5cc72ca6a1262e
SHA1 6843bd883d50216be44065411a983a4bcccdcc91
SHA256 12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425
SHA512 6417aaeb4ccd86504bc1f83e32c91a60920e98fff833c02fdbef974819a3288cab0c96d6b114ceed4432c305d49120cacbc7e0da69c911f4035aadfbec7a91de

C:\Program Files (x86)\PremierOpinion\pmph.dll

MD5 9d96ccb0d5ab5541b61d5c138d91796f
SHA1 cf3ee3e66c8f9c23e3efd29978215461347e650d
SHA256 379a1f1f02c8cb704f248c2f1ff79c8986f73c350a3bf6d9bbc93aeacd286e36
SHA512 69ca7d96896d872eefa63f0c0bd9613526a914e99c4cf12b5d221315277aa64894d99d0f5ce9c5e0ef640d61c9202cd3d51ddb2ab4c55f8fdf60d24a8c1ff6ac

C:\Program Files (x86)\PremierOpinion\pmropn32.exe

MD5 6e4d6b68e9565c4cc7791b00c2094ff9
SHA1 965a00a5a8bb05b35fbaa357951779ea3b71e392
SHA256 65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483
SHA512 0cb1396822c7350057cfc7280e1c67ccf1e1a2206347a10025e285f00e9364563685ba5282775960a9329511fd321a631222c87ae7ca8106eca00fb78722b20f

C:\Program Files (x86)\PremierOpinion\pmropn.exe

MD5 f27f98c1a877f9ca6f06c23bed4014ca
SHA1 25a231319659c30d6f86a5c9cdd1747d7c471542
SHA256 1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd
SHA512 f054a618d2f8e7a829c26548312b436e21058ee1ff64b40e7c19be2bde037003c21332af3c60e2fd92675af80526ef6faf84b8c1d7a095bb2c4d0b799e66599c

memory/4732-629-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-628-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-627-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-634-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-635-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-636-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-639-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-638-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-637-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/4732-633-0x0000000005C40000-0x0000000005C41000-memory.dmp

memory/3740-706-0x00007FF991410000-0x00007FF9914CD000-memory.dmp

memory/3740-716-0x00007FF98E760000-0x00007FF98E7C7000-memory.dmp

C:\Windows\SystemTemp\REG59AF.tmp

MD5 a73ae9ee157d735c41040b8dd9ce7304
SHA1 b8d1fac900178361688966e56903f9aab5ded526
SHA256 104e680a2cebd1b5fea25871d54a9e95176c9e27e6de7e0a4fad6c4486d620dc
SHA512 38d88bb14c596cd994d6bee89f2f8d594d3106f64b41d612f868f1e7c9ab458af5914dbc4ff77fa217c6c1c010385e62bf5d4ff7e26443c4f344ddb69fa5a020

memory/3740-718-0x00007FF98E550000-0x00007FF98E592000-memory.dmp

memory/3740-717-0x00007FF98A250000-0x00007FF98A35C000-memory.dmp

memory/3740-719-0x00007FF990270000-0x00007FF990A1E000-memory.dmp

memory/3740-709-0x00007FF97B3B0000-0x00007FF97B8AA000-memory.dmp

memory/3740-707-0x00007FF98F7F0000-0x00007FF98FB64000-memory.dmp

memory/3740-708-0x00007FF9912C0000-0x00007FF99132F000-memory.dmp

C:\PROGRA~2\PREMIE~1\snt.dat.bac

MD5 5f2fdc3246018aab6764573888acfac8
SHA1 7fcb4dd99baf05756828a6d324eb741227901497
SHA256 63b17c17967fbf9c10068826fe6c529bf729063e068251d03dad35be37147b87
SHA512 3212d28d378678ac5595a044f08130404b22227a5f2af7ea6fa06857fc7b6de2c15c1fed96a94a982f7719954d87cfde4abed9b2bf01c5bc2995c85688d64cbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c21adf5f65ea7bce5e6f8dda226e39c
SHA1 23948217dabf0e0eb9d25f0a02cfdde9b3ea99b6
SHA256 9844042a21045cb7fcab06556cd37aed0a0ddea7844c65a7735ef2aee5f519f4
SHA512 b120167cdf3452ba32b4f0ec734094ec97521eba91731ad131ebd352d76afd23dca73d2ff508f21a528a3da3cd8af15c7f740a4f5cd2e8c461b8ed0d0bd7cb04

C:\Program Files (x86)\PremierOpinion\cacert.pem

MD5 77eb3ade4c5b0db67c6e8a26f131073c
SHA1 ad9e8c00174cc2e707f59df671f89a9d7fc2ffc7
SHA256 9f19e7a7139cca8373b516ab1ae49c644aa1c8048e8c7aa5784774a081dcbb87
SHA512 20eb7d34c80bb8d8a415bcdccf8e46cb36396c095ed1468b69c0cb91da915e3a14c7fd55247f68e64ff71cf8d336cc286c3662710ca6281840fdc2f1eb7ac6a1

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/3292-773-0x0000000005A80000-0x0000000005A81000-memory.dmp

memory/3292-772-0x0000000005A80000-0x0000000005A81000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f696d47ef91be0a78b24531fc0ed64d2
SHA1 8444c37685533fa289703c2431ea2b6e3e261c2c
SHA256 f9d68e16b356c3f9cc35eb55bfa2d6220f354a93e28334a2d6507e890a0df86d
SHA512 21ceb5dc019c640fec6743d119cb323c3a62843f214dbf984940200737a410d24ad448581b2d992b7a574bce43e32779816e2e4e9981214b8e19c7ee3e8ca2d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8784d2ccb0215dccf972f8e942c097c
SHA1 8a562ac9ba2120338dc3542cbd0b4ca24b1092a3
SHA256 d4c84772580b27c4e7eaad08f79689e42c1ec3fbcfb21dbcf043e14a681a4a76
SHA512 b97fbb428c55e61d54dc221f3d088f224344f6fcac485016e1a02894355391118ba8379c17e2631c25b567665b6b6d113176c5e7142b4492bf1e02a61da15621

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 445f0db1a29a307e83a393babecd2a76
SHA1 f6dfc5796b899996c9ef342b012ca77425ed0996
SHA256 f79525c645006d28acfe67128e3b9fac9955eb56965fce78c2044178a019a24a
SHA512 d4e383c7ade7b1687c4e568a758b0f03ee2d573857a5254a775d7561164051a17e8aee2d25a0626a712f423df7fce7b0532cefef4ce6985526a50c4e620ccf49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 62fa2455ed85b84e0e0df43f18150ea4
SHA1 02e95272bd559669a38446bf92faed6c52464611
SHA256 d4f8765cf8f2a59e10f7903ede88cf4612c7508c75c0539afdb8d2cfd3de20d8
SHA512 f93978bff0f01a54300810c8950405aeb4ca2fc2cacb38755ca3698088c9bef8efea0a051c2533fe5d32e645e4d3c42b078000fb9bcdae31669de3c81fdb9c11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59aa5f.TMP

MD5 92d92170d2c325926835e66b96744b42
SHA1 e97f841ff79dd18429d5826a83d10a85bb1b6b88
SHA256 86d86a1ee8f4e0238af727c0d93301ccb5c512da9c3b718449dcd28a3419f85b
SHA512 db890a9c0729fbe7e94aa9cc29cf52988f84ff2bc6320f09a6f9da46ae90a9156cecc2e294d5701ceb4209a94501fcd7fd7627998428adab4a8b295a1099221a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 4835ecfcb14cad191391cfb6907c6502
SHA1 1bed76409532e55d23f6a2b8bee08ab31aa335a3
SHA256 6174eb9d63b8fd99fef2fcdc0268dde893e6411be1b6a40ccd0ca9c89e265934
SHA512 601c661b7cf5cb0b45879268b0f596fc7d2e391b2ebd5e1490d869322adc8c98af2da9c7b5eae2777c411bb7f5df2e3297e0e2006fc94ffac44e71936b63dfe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 dc3e7193929be3810340c38db2fbe3d1
SHA1 6e7ff442e85d1885076ed4eadb8781c1c9075774
SHA256 9d946f760da7f434edc21981be41aca6fdb71a25d4ba192d738cb9e1301c4a65
SHA512 433773bf962b574b65cdb7a1b5e16338d27ce5256c978961d60e1ec6d0315d429f71389b98678ce7b2b6017d639a22cc7c7906868678ed67e37c073f1759af28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4552_555387172\Icons Monochrome\16.png

MD5 1b3a4d1adc56ac66cd8b46c98f33e41b
SHA1 de87dc114f12e1865922f89ebc127966b0b9a1b7
SHA256 0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd
SHA512 ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4552_378668548\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 206fd9669027c437a36fbf7d73657db7
SHA1 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5
SHA256 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18
SHA512 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4552_378668548\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 529a0ad2f85dff6370e98e206ecb6ef9
SHA1 7a4ff97f02962afeca94f1815168f41ba54b0691
SHA256 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6
SHA512 d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db3d383f-8403-4ed3-97dc-a19944bfefdb\index-dir\the-real-index

MD5 94a169669a8af81343b22826d11cd6ac
SHA1 4b381df20f77941a83c5f92f1dc2b524184f27a3
SHA256 942c896d408c9844891f6d2ad501505068f9c7b53eabe40d3a8b15e389634583
SHA512 68fd89a9cd1f3c1ae824013dd04017c32e9edde2ded51b450b3c3b2bebdace5ff9fcb3382215c4bee756a1a46e90d87e6092dc091dcb86744dba5402d18faa8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db3d383f-8403-4ed3-97dc-a19944bfefdb\index-dir\the-real-index~RFe59b8f6.TMP

MD5 f077319a745084b0fa53522f213f6cf1
SHA1 55d64ecace05e379300a502b3fde9618484e685b
SHA256 127a9b2472aa07ca7f8addeee4e9ec4483d69504af394533f0904012573969e8
SHA512 b3ce4e2e5121cade25ab658827bfa485c6d947e57a9e3ac0287aeb39375df2d1875cdd613e1ddada3460702f7439a4db1314af2c83f57ff4df0a86f9ee371ef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3c339bba3b34de43c02c6eead63dbba2
SHA1 680b72d35e121462cbd25a0b8e67616b8fe48f6e
SHA256 23bf5fd88b061dc64f9d1c84e979026053d3056606983db6670891bc8bc9fa80
SHA512 de96ce6624395ebd6d1d6aa3da0a0f403158c68d33eb0ddcd0863a27e3f4974a26370c4b0f3907e57622bb83e104a21979d5ea02e65d74a7d6521740caa6b2e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e83d90a768450cd51e5ad026859c3e98
SHA1 0196a9cf47a7bf578fb9dcf36db139d7e0a58d3c
SHA256 8c28cf9a56b437002e9e8a649e9b68f1dc949935c9d9ee9df39e4941b22afe74
SHA512 89aed92fc0b3a9405537bebe35124c3fc6f5765c5de9518be9c1e5f2692a8c64705b57064c1373efd9b04b5715b0370f9f643868b89b7b1026e100271a46079a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 762cee62efa99cd4568e8f1546f89d8d
SHA1 fbce763a2707954f4f4d27087119cfc439c4873d
SHA256 1632551aae9a136bd2d7aff50286c4897ca488d1e773d5a2d95474487347c7ad
SHA512 423e39fc75e1806d29285c6f8df879b63238de43db5a23b26fb617b54d2ac82848695ac583659d83d887fddb4c08f19c9f692189481f3d690c178a381c98a611

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6bf66e6-2c04-4ba8-9396-825cc1a50374\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 5dcaed9132be7cc52a451b6cb681b36f
SHA1 6b2af28d6a26e6f1e4e8664243a5985f5962139a
SHA256 d52b910c8f385a14b4ef2b40daee0160ae6eb061f84c8f8e5e7b8f407a365da1
SHA512 d2acc8cc8819609257866bf2fadc3f33cba926606ae643c2322e386245f6467438abf4a19a3be0e0dea634cd4ba3e235db72799fff0abf9f0a10201fce7a53b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b433ccc9aabd827396b8f7c016a5619e
SHA1 9645c059ad9daccecab0487eef6914758a4f8275
SHA256 9ae03b58db3dc2e52b47fe4cd8c7b3fc816e444563d4de936a22f2fda7c71db2
SHA512 244ee3d9f21573bb627ffe0e880f6e9cf7308eeefcca620117d1c7ae66556b71cae672386b792108f75e0d827d45c642971755b393b17f3c37aebf1f6086bff7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ceb29ac296bcea196e6feb65a2b8668f
SHA1 a227b42b4c8f2665b3a1b84d90f534cd99774270
SHA256 513d56938c9c930ad825fdaa8a9df4d09067ae420bbec676938a7e34b3672bc2
SHA512 debbeeae149e548799037539d2de9d935b375916d3147c7ca83dfdb8c797da9eec4f30706a2923edecc06535b03c96fd0dc999fe09cbd90175fea88feb2a2318

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 33af078f59d9da8987934657405db9b8
SHA1 96527f9ffe5a20cbfa7f0515a3b925feab6e6491
SHA256 986a9db747347e311d3a7b99ef16bcaf6e10e5dedf6b1d3dbd000bbb52d0ebbe
SHA512 c2b0a14ffe3cfc8e8e2a5bd366da46847f42ce805c7932fe820ac870cefcd686ab197666c5ec68d882937b13febbeaaceb18b3824327a2a3accc2de81ef77c7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 219929c2fe75785a3775b223c65cee2f
SHA1 9dfd024266162f06f1256026f1c45557092744ad
SHA256 d6335aa3d5692ceab9a4019acdfeae76f0ab9d6a4186a064a967aaa9d95c2177
SHA512 af70f5d0ab7300f36eff684bd21b1897deaebf22363712b42a702ead40932bfffa8a57bf929cf61659e6261c54d883d447c2c6b5ddc9ac7a4550ea56874f39a9

C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 0083b29045af4f4d3ecd49f5fd541bfe
SHA1 83b92c5187e7b93298f86d83826c73da1098850c
SHA256 cc62ff55c91b10f17b0543d59486a3fb907d7be658043a3b23ece70dbfac797d
SHA512 006257f5be6341184434d071f7c38984d9f1aee74602475f38ca0637c66a5169856e21603d758c3f3a47fbf1aa65aa5f798e2e49b598f75147c4fd47207bbc51

C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 2e56822cad031b72223f47167d62bf5b
SHA1 1403ee99a61e9ae9d15a22106700044e30873b91
SHA256 8200a2554862473fb558df7f62dea2553e92d883ff9c808aba22d7c9572185fa
SHA512 852b024b63259d5a6b6690f94761faed40bac758662f23496fb1c3839e99062fe37d6487b423cf1d145265e1bbdfb3d4bda37b3e74eaa136bd5b8e61838d5817

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8462b24ef271112d245d074693766809
SHA1 b5483ef046d38274a1f86faab646dd7284815094
SHA256 250d9d434a6eeb1880a71060e4f07428f83615a12a1ac7e7279326b46632bcaf
SHA512 d15e196238ca5b92d9b821f4f8406b5a570f467b8d34176fb4e94ce4019697f52530d6902bd764539f8e85744de90491357c11374ee010f90b8bcfa984eaecb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 3d1994c3271d2e6c77c1eb63c68971bb
SHA1 e2656d3687f7b466973894959f8d3baf1d5c2e1a
SHA256 6c1c63ad58db1375cfd7a6f8279a361e8deb936d4a64faf0a8658c88a949fb17
SHA512 51f2242c90c1da687407c577ca579789017a5fb2a9612ca8c4b355d11574bd35ca01379b347b4507245db10f0c88bfe6098edca56af917dc065f9856984b5c94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bda19a772c34336818bb6aebe6acbc61
SHA1 44110295a422555e37f036e85ef29cdd4a0d0bb8
SHA256 da061a49aea2dae785a7ec4d91d0268139b50e09d8740e43cfa520d60d46ce8e
SHA512 4162256a2419fce957dc0effe40de821a18a8a20f4f1a9498786816d1ed496c39a0bc0bbb1fdf8539695a8e0f1c2878d608829c968dac635d7b8f26cde5f23ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd877cf80f479fbd2586ab55842d4523
SHA1 7b5a82f429b8cff79a0a2545cb5cdce4e34d21a6
SHA256 ae3ec720bc5d85a77298b21ec549f5ae586451564da329a59ccf22927c6eb357
SHA512 0175c936c837326aaa6a0aa7210838a55a67b595d5e330ae65a50e9f33a4f2ece1f5ec42dde61b678d49e7da17ec8b261d8b9b0db81179e3fcd63f1367f800c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6bf66e6-2c04-4ba8-9396-825cc1a50374\index-dir\the-real-index~RFe5a1704.TMP

MD5 575974bf4009e80ca9c4005a4ea4f702
SHA1 a477b275be0294480066e774f6ad5fda202e0967
SHA256 01a0f39d20077c3c8c4b9319415efc2645e257363a94fd9ef040e94c1e28a7b0
SHA512 0de15d38a8431ea72afd01587bfc33bed7478fbf48c899f25cdaad1c20ab7f6e161a55d7f610ffabdc78513bc78a1fcc6d94d18a896d30d55bed21e31a79fb57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6bf66e6-2c04-4ba8-9396-825cc1a50374\index-dir\the-real-index

MD5 53506b8e2db01fae75e1be81de12abb3
SHA1 cd7fbc37791574375ad9310c27a886afeb36ab06
SHA256 f6ce7126e38f83e60fc970d928db335b11fc05626becbe99d70b12e472bc497b
SHA512 7f888471026f98f6e43b1f1c38ad3a39c58cbc701f2906e05a40d2039805b5ccb6812ada585adb9a1027f2c6f3646a735f59f0327a7ed5a4f9609ef599a3c209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db3d383f-8403-4ed3-97dc-a19944bfefdb\index-dir\the-real-index

MD5 330b9be953f163d634d0ba815083cb79
SHA1 9149101bd3bd47715941fbb3435ad12c0c13469e
SHA256 b8eaaa71d81f84c5659903375a21119e3ac5a7de356e51c6086ffc0ec42bfe15
SHA512 57d9c229d91d01a64f7d5a34a00271e58dc5e4f88cd62a6773572187bd72ff5d1fc70037e28468b933f3c6e3e157d779fa53d7b4742943edda452dd2069ff0cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aab54ec17d46543a2bfd0d7a8cc1e36e
SHA1 957d54ee349e8af630058575b6bd763d72aee4b1
SHA256 04d28118c1f9fa44694c8ad9fa48944bd6d60be7c571a29f3a0f883cce3f55af
SHA512 81950563a412d6df07e8f33e4568436d9cecbe36858d7dadd46795b55e33f8763b0d37ae68bab3ff0da5cb039bcdb8cb74789c74f43e7092f5b9a2eb147119f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c87e2f516c85a40e2929d4e410e0dac
SHA1 ac07d61dff016aad24dac58537aebdfe944554f1
SHA256 95ac60114fadfb0c1ba250bfa79c31ddfe0880c48efcb7f542857f7b55cd59d4
SHA512 2ec33f2ac316b64f071b80a87e8412c64aa4767b5c18fc39b1d0c68b30e24230f6fd07771b9944ed1489de26eea7cebab282d85a42acba52da8dde8ce87173eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53e020fd0101876559c2b5165fb3314d
SHA1 36cd5b952eb35f3b3b1e64d0dad18caf71b5ed7c
SHA256 5573cdd11b9a395211a2855bc9442c4b35b1366ca2358ae4f30a7e0651453be5
SHA512 c58351aa3ea007fc201991b60b99673ff6d6655d941c5cf89cbd913681a2d498788151dc825057f37d0cffcb040e89a85fcd11fd1f7a56e7bd49a8c764dc43b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d43be8ab1dcebc00ca19b03606d97308
SHA1 2634dad1efd6b6328bd8c398ec26d725dc8cdd81
SHA256 ffecd386a19d5aaa8634f3111807eaf6c97f1295d99b37319d2afa6771d0745e
SHA512 4a2c2ceae0b0c4a02baa278a17dd5adeb11dc214060478fb8e2226c6662c74fe6b7dc90a595aeb3550e98e134eb8d90b8b0c95cb533ba713f276b45fd1368671

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UAEG3M06\POicon[1].bin

MD5 3ef9efb5c3c17e2b685057beac484e0b
SHA1 92e7ae0ebf2b57d72ea4091f065f29187cdf76fa
SHA256 20b0f94844860501e115fccd5c1462b2e2c932041d7989dc51c6d885b3429d8a
SHA512 6631ba4269375b502eccbcf601b0daccc98538f36bc0e1e2e5e48a28b4b9f523e06cb46d14b7ac2c60f70ce258b873fc42e31ebfb5237cb43cba7fb6a428eafc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74c6386ea1a8c0fa8c7f62c132dc3366
SHA1 2903e55a83b9098679031344f41091d6320305fa
SHA256 6390dc43ac1e36c72aaa34fced8c20ccd77471baacad999df9a5a742ebc59cbf
SHA512 24726591e615ea24843b0d1852be5df1d1dceda366f269500ee02f2f3471effd85d9cbf71b29f8d871faca2e2b5ece1e41a650d00b2ccdd2fd8d3d1e24eeed38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b46e310f4a60b18a8a2285b8ab23ce5
SHA1 bbfa2d84f774ca2e7ddb0a3a13b8030fe73b8ad9
SHA256 7a3f9b3c007eb9ba3cfd3add3128bf4761be99cf31c82f491b4ee98ac5a28d20
SHA512 2bf9b8fa1cdce90bea3328937c2c57fa4431a2a5361106b92330cab5d19318f22695f9ad03bb2321e124ac50ce16399d5821056d58c94fa13f29e6a23545e0ec

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 eb9897789695a6de4a3a9afc811129e1
SHA1 c8637e3aea166065c6f926b1007c8f4e9bc01f57
SHA256 9d1ab11555677d8292dbc0a9c7514071d8cb1e915f1e3c46ba7c7ad8481f70ab
SHA512 8a21e38964f5cdc755e28468191bfdfcaed7450a878842fdfb4c8c9bdec44b8a4c8bee0b116cf61f634186d7094874c2908d2c85686bdc6f0c05e7dbd34c929e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 339d042c07193e9073cc1d594bb111de
SHA1 a7af3284a4d7b8f4fea179d550634120f2d6072f
SHA256 cc51ffb5694686e06fe02961a858aee9afbaa4847b47f8bc36f397e76d485e48
SHA512 fb7d5048991a4e035285fcf338fbdfe6ce3ce07414afc5954fb91a76726ba2026b677c4d39315fb87609c394eb566b5ad2b8467bc2374b1cd25dabfc237f9074

memory/4732-1953-0x0000000004E50000-0x0000000004E86000-memory.dmp

memory/4732-1954-0x0000000005540000-0x0000000005B6A000-memory.dmp

memory/4732-1955-0x0000000005360000-0x0000000005382000-memory.dmp

memory/4732-1956-0x0000000005B70000-0x0000000005BD6000-memory.dmp

memory/4732-1957-0x0000000005BE0000-0x0000000005C46000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q5xuak33.uoc.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4732-1969-0x0000000005C50000-0x0000000005FA7000-memory.dmp

memory/4732-1970-0x00000000060E0000-0x00000000060FE000-memory.dmp

memory/4732-1971-0x0000000006120000-0x000000000616C000-memory.dmp

memory/4732-1981-0x0000000069020000-0x000000006906C000-memory.dmp

memory/4732-1990-0x00000000072C0000-0x00000000072DE000-memory.dmp

memory/4732-1980-0x0000000007280000-0x00000000072B4000-memory.dmp

memory/4732-1991-0x00000000072F0000-0x0000000007394000-memory.dmp

memory/4732-1992-0x0000000007AA0000-0x000000000811A000-memory.dmp

memory/4732-1993-0x0000000007450000-0x000000000746A000-memory.dmp

memory/4732-1994-0x0000000007630000-0x000000000764C000-memory.dmp

memory/4732-1995-0x00000000072D0000-0x00000000072DA000-memory.dmp

memory/4732-1996-0x00000000076C0000-0x00000000076E6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 35a43f2f84600f722ab26e0c4e9515ff
SHA1 a7f026db4bf9d53bd5ecaf45f1ec248e8146d7b7
SHA256 64c1ef1c8227c0a05c09f88ca3e240dbe3a73030a008d21709b41da0d75396f0
SHA512 aec7ac95644336a38a880c50dac53126e926c8c759e7ac588aa1f0701be115d71914d6c4fbb57a6af9bb27dae99c5454634b637a7c687ab25d44b14f9fbc702e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64608c57559bb1d58382c969bfdafc66
SHA1 a09121eec77c28292853f124f98cea1433f33a94
SHA256 2d781a3781e2cccc833eeb648ac93ce96243b920ceec2f4cc4acbb444809c764
SHA512 a14cbce039b6f9f16ad478e7ae8656a04066d196072054065d338b7eca0069cd5703cbd20d4e90794cbf760bc03ffd52a7274b2931a1849932f25e0c27f36ef2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7050b69793e5755901a8b52c8fa03c16
SHA1 ca2d8b04983e227c5d805ae9a6abe68dc5df26dc
SHA256 82f9cd8a769ecbf1292dfec0ef1945f5a5d17ce633eff828842eadffd16d27cc
SHA512 04a03a6933a4aa663df2fcf57c0fe327f59a5cb3350db9170b290caf0e66efa4023b6d4f598a3dd8dfd2b47e2de52fe44a2e16599df878c30320335748a1fdc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4c008406ce94103a27bd232fd98499f5
SHA1 f38ba931d03e92885be65bdfbc7716ab7d267d4f
SHA256 c946ff9ac4f0a4b0a1ca4d1d6b83c127d393d8263b56152aee52275a1827cde6
SHA512 ff9215b6e479356dc222a24377cc5b883c0cde41e84ce5eb6a2c3bde273588086f4c6ba881a8ef3dc5dbfe8690ef306c999832b3bd933aa367fe61a45f4d7bcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7a423a0221546ad82ca0ae4f940d32c
SHA1 3c3b8fdb487e7129f28ae9dfd1a474ecc89488c8
SHA256 7e9a57ce5b962ac66400d53bc4cbb51d1d5da18080de4c5a144da39727e1736a
SHA512 13dfb249867f8a9445aeca44a10f8dd92c1bf34c35f45aa92beff4b5f80cb08104fd67d486dd0c8fed3ba13d7686c5082f11910549188c022380323ef099b5bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b86924cea73cd07ab8ef66f23aedc11b
SHA1 71975a73aad7c589a14bb6dca35315f1e4a13fed
SHA256 cc1dd3bd2f71ba02abdece99f970525e8d2ba4ff2419af42fabc4fd7ff3fe025
SHA512 a31fd8e745d7e6e9a53813ab158bc4c069e1423f84828a9d7c1e2e9cc6cec8b43d936fbf7c4498b33a10f4543546c732d11db4ccacba8267d7796497b485b10f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc09858c7717a8e195686041eebdb75f
SHA1 700b3d64ff2092f6ffa1a5a21a98a5539c931f0a
SHA256 a1538a1aa9e561b03be13c0f595d8f3b1643713d38fbd3df36463ddb4518bf5b
SHA512 b2c8e1539321d0fa0f68eb5cdfb398e5e1fd5a3e2a2aa241b0dbf9ac64db23c7b8b8f28bb13875fcde9d89b66f885927e9a31557d9d68add93f4e0c028da8e8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 897c838f2416a155a8e4215f6dcbd5c1
SHA1 37bef8f6031386eeccd519a656fc1850666ef192
SHA256 d245c2e2aacbc8b33c1e7799c3c6adde5875891e912f37a20ccd2a6fde07ba47
SHA512 a9c3606c62b4ff2ec38d3ecb989fb2811f96480812574f0248c6392164c7ed452e284887d00afa85731c9cf09a318e64551f34bb7a37cfbd1f1f87580c352b25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d866f9ce2078ba6925bd2e9a6d8178a3
SHA1 8196eef1b6108e553f6245bf1e7eabc3fec5d26c
SHA256 eca5cfa5e3736e360a8bb773560a98528dcb48cddcacd73f82dff1d383382b8b
SHA512 3d51a13e3db25137b54db063f5d4c3f910ca7d6692f4b4ba1d026fc54c50acfb1b6b1c7ebf1c3c0e4fdce5b55773f8e5a9acafb50b9ce2e25619c6e4be7579f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ae8211261e54141ff59a2184ad183b0
SHA1 d9bd32617bf505b3002bae68e9b9ff84f42f53bc
SHA256 638f0a22016cf2c787d78cba533e44f9fe926cb29fc912b349598c720f37ac83
SHA512 f93035e25ed1f6164ffb1012642cb10e8998e35cafdd56120e030e854f8e30c5e200850ecf6b6edb532dea05f695f36cbf4ccf1a294b25fc5e8a4fff7406fd82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85b982e239e54fc9a1efdc78445f5238
SHA1 d07891e9b43095691b034d343e947529687f7e50
SHA256 445adbe593956b39066894978156af02496a7a1e2c68f3cebb8d57887db4f099
SHA512 9191f77938f5923cbf8eff6a2332f041e2757bb3e3616ffcec5f85603c06871158586ee50763f437c7ca9c85663b10fb7e253b4dce748c5fb99f3b93d715ab0d