Analysis Overview
Threat Level: Known bad
The file https://filedm.com/KA1rz was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Xworm family
Xworm
Detect Xworm Payload
Manipulates Digital Signatures
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
Network Share Discovery
Looks up external IP address via web service
Checks installed software on the system
Password Policy Discovery
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Drops file in System32 directory
Checks system information in the registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Uses Volume Shadow Copy WMI provider
Opens file in notepad (likely ransom note)
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
System policy modification
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-26 08:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-26 08:13
Reported
2025-01-26 08:31
Platform
win10ltsc2021-20250113-en
Max time kernel
1056s
Max time network
1057s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected google phishing page
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Xworm
Xworm family
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\wintrust.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BootstrapperNew.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BootstrapperNew.lnk | C:\Users\Admin\Downloads\BootstrapperNew.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BootstrapperNew.lnk | C:\Users\Admin\Downloads\BootstrapperNew.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Network Share Discovery
Password Policy Discovery
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\colorcnv.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hid.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\microsoft.bluetooth.proxy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\microsoftaccountwamextension.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\resampledmo.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\sxproxy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\agentactivationruntimestarter.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dialclient.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dpnet.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_8418b8585d9586f6\Amd64\pscript5.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdno.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\twinui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\biocredprov.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dsquery.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ir32_32original.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mssitlb.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\MUI\0407\mscorees.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdgeoqw.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\kbdsyr1.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mciavi32.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\contactactivation.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\F12\diagnosticshub.datawarehouse.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\flightsettings.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ieframe.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\InstallShield\setupdir\0015\_setup.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mssvp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\perceptiondevice.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Speech\Engines\TTS\msttsengine.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.devices.pointofservice.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\provcommon.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.devices.lights.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wsmagent.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\elstrans.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\fxscom.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\removedeviceelevated.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.applicationmodel.conversationalagent.proxystub.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\uiautomationcore.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\walletproxy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\appvterminator.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\hdwwiz.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ja\authfwsnapin.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mtstocom.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ntshrui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\windows.media.playback.mediaplayer.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\wmadmoe.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\cemapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\mssph.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\rtm.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\serialui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\tempsignedlicenseexchangetask.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\syncproxy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\systemsupportinfo.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\vcomp120.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\comrepl.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_d5748f7a3c584c26\sensorshid.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\inputhost.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ocsetapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\subst.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\winhttp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\dictationmanager.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\execmodelclient.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\vbe7intl.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7lexicons0011_v2.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\windowsbase.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\appvisvsubsystems64.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\presentationframework.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\reachframework.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.xml.xpath.xdocument.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\windowsbase.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\vulkan-1.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp120.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\msb1xtor.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\system.identitymodel.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\system.windows.forms.primitives.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\presentationcore.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_mr.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\system.linq.expressions.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\system.windows.controls.ribbon.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\syncfusion.core.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libglesv2.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_gu.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\system.data.entity.design.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\windowsformsintegration.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\common.clientconfiguration.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\vstoloader.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.formats.tar.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\winword.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\inquire.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\syncfusion.grid.grouping.base.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.es-es.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\microsoft.data.datafeedclient.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\system.printing.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\system.xml.xpath.xdocument.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\windowsformsintegration.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\presentationframework-systemcore.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\wwintl.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Dprt\microsoft.ceres.docparsing.formathandlers.filter.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cy.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\aceexch.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data001e.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\bibutils.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_cs.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.ko-kr.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\system.windows.forms.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\iecontentservice.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-processthreads-l1-1-1.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\system.data.entity.design.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\microsoft.build.engine.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\system.net.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\microsoft.reportingservices.progressiveprocessing.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\system.linq.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\windowsbase.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\presentationframework.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ochelper.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-e..sedesktopappmgmtcsp_31bf3856ad364e35_10.0.19041.4355_none_b9ece6b1224ccad8\f\enterprisedesktopappmgmtcsp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-rasmanservice_31bf3856ad364e35_10.0.19041.1202_none_137dc32b55dedaf4\rasmans.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_1.0.0.0_none_1ad99b7886d3621f\microsoft.powershell.commands.diagnostics.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1237_none_9ad73d125ac89655\bfsvc.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.4355_none_b8d30a8d19a7b2e1\f\jpnkorroaming.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1266_none_1e3229580ff745d0\r\tier2punctuations.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_10.0.19041.1288_none_05beeb4f6d31c3de\r\msmpeg2vdec.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.virtualiz..client.6.2.settings_31bf3856ad364e35_10.0.19041.3636_none_6c4c51b590041ce5\f\microsoft.virtualization.client.6.2.settings.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.componentmodel.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.19041.4355_none_721de25b71c1bd05\f\pnputil.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.web.confi..apphostfileprovider_31bf3856ad364e35_10.0.19041.3636_none_5a40766501b3dd2a\f\microsoft.web.configuration.apphostfileprovider.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.19041.1151_none_f68db62a3702882b\mssitlb.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-cmisetup_31bf3856ad364e35_10.0.19041.3636_none_8f4b9d850da4a552\cmisetup.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.4355_none_cf046cc6b9e7cc72\nlhtml.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_10.0.19041.4355_none_9037b6c6b064aaf7\r\wpdshextautoplay.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\typeperf.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-playlistfolder_31bf3856ad364e35_10.0.19041.746_none_b68d778e4c528f4d\f\playlistfolder.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_networking-mpssvc-p..l-windows.resources_31bf3856ad364e35_10.0.19041.3636_fr-fr_3be645d3b4fa7ed6\microsoft.windows.firewall.commands.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.build.tasks.v3.5.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_e364a53db109a8d2\microsoft.build.tasks.v3.5.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.transacti..ridge.dtc.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_a76749a7bc0b6c9f\microsoft.transactions.bridge.dtc.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\x86_microsoft-windows-m..ponents-jetxbasepdx_31bf3856ad364e35_10.0.19041.3636_none_aa8a47b31dbc5886\msxbde40.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\system.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-deviceupdateagent_31bf3856ad364e35_10.0.19041.3636_none_cd1b823e72354eb2\f\deviceupdateagent.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.19041.423_none_d8a242bf396f7d4d\f\spaceagent.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\system.servicemodel.routing.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_10.0.19041.4355_none_11027550b9bec7eb\imjpapi.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.19041.906_none_21ab306fb502b2f0\rpcref.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msutb_31bf3856ad364e35_10.0.19041.546_none_5c5d89e88308dc0d\r\msutb.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ae693cf36a495170\system.speech.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ja\system.servicemodel.discovery.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.ink_31bf3856ad364e35_10.0.19041.868_none_64ddd2eeff35b37f\r\microsoft.ink.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_10.0.19041.3636_none_bae4fc996e99e387\dssenh.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_10.0.19041.546_none_93b8eb238c554662\r\cscdll.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_10.0.19041.4355_none_4c3f274606888f74\f\shsvcs.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shutdown-l1-1-0.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsAuthenticationProtocols.Commands.Resources\v4.0_10.0.0.0_en_31bf3856ad364e35\microsoft.windowsauthenticationprotocols.commands.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.4355_none_595283fa5810c8a8\r\eoaexperiences.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-s..tentdeliverymanager_31bf3856ad364e35_10.0.19041.4355_none_2c3d9bc23f4a46d7\settingshandlers_contentdeliverymanager.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_sysglobl.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_91b490944b28ad76\sysglobl.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-c..dtc-runtime-cluster_31bf3856ad364e35_10.0.19041.4474_none_158e60be76536f83\f\mtxclu.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.19041.789_none_2dbefc6b526e20cf\f\licensingdiagspp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-iis-webdavbinaries_31bf3856ad364e35_10.0.19041.906_none_487601908ee46f8b\webdav.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.4355_none_fb02aca0c35ff08e\r\netdriverinstall.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\msil_microsoft.security...licymodel.resources_31bf3856ad364e35_10.0.19041.4239_en-us_f0fb146039df29e8\r\microsoft.security.applicationid.policymanagement.policymodel.resources.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.4123_none_4c46068f14181972\fwpuclnt.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.4355_none_c4afc27485870a77\f\nlhtml.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-i..-system-userprofile_31bf3856ad364e35_10.0.19041.4474_none_253168bcb6ecb165\f\windows.internal.system.userprofile.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_hyperv-proxy-onecore_31bf3856ad364e35_10.0.19041.928_none_49810de45ba21255\r\vmprox.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_10.0.19041.4355_none_99c3dc161c02ca63\f\sdrsvc.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.4355_none_7cd4c5c527944f59\r\wdagtool.exe | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_10.0.19041.3636_none_ae2538ecc4564735\r\wlanpref.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\wow64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.4355_none_e4866b6e1da945c6\f\certpoleng.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.4355_none_1befe316116bdc0f\r\sfc.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_10.0.19041.3636_none_319a23aae15c40ec\f\wmicmiplugin.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.19041.1288_none_1cec63974464878f\mpgear.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_windows-gaming-input-winrt_31bf3856ad364e35_10.0.19041.4355_none_879db5aae8b6a989\f\windows.gaming.input.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-s..ncehost.shellcommon_31bf3856ad364e35_10.0.19041.1151_none_bd92f65e0ad89a3b\devicesflowui.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-eapttlsext_31bf3856ad364e35_10.0.19041.3636_none_2739901fe487fca9\f\ttlsext.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.19041.4355_none_3af4cc5593ba3c7d\f\windows.media.playback.proxystub.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\f\vmsmb.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.4474_none_718bd205b42eef79\n\inputdial.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft-windows-smartcardksp_31bf3856ad364e35_10.0.19041.4355_none_2aaa8ec73892fc16\basecsp.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_netfx35linq-system...del.dataannotations_31bf3856ad364e35_10.0.19041.1_none_c8a9e002987322b7\system.componentmodel.dataannotations.dll | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61\Delta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\OperaGX.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\PROGRA~2\PREMIE~1\pmropn32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CheckNetIsolation.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\mfg | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\Class | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823528181359388" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | \??\c:\program files (x86)\premieropinion\pmropn.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Opera GXStable | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Delta V3.61\Delta.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4069049685-955655941-4058287599-1000\{3157B028-93A4-4B8C-9CB0-CF4099A48402} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 19000000010000001000000012cab0233db2f09a0336851de92237df0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 5c000000010000000400000000080000140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c7619000000010000001000000012cab0233db2f09a0336851de92237df2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a58102000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb | C:\Program Files (x86)\PremierOpinion\pmservice.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\PremierOpinion\pmropn.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperNew.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filedm.com/KA1rz
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fffad90cc40,0x7fffad90cc4c,0x7fffad90cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2348 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4624 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4820,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5188,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5196,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5452,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5176,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4480 /prefetch:1
C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe
"C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1d023b748ed0461e9952f31abd2194ef /t 2644 /p 2384
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4740,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5332 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488 0x4e4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe
"C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe"
C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe
"C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe"
C:\Users\Admin\AppData\Local\OperaGX.exe
C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:$a5fRRQjAhKWUm3A$aPOGG -o:0
C:\Program Files (x86)\PremierOpinion\pmservice.exe
"C:\Program Files (x86)\PremierOpinion\pmservice.exe" /service
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\pmls64.dll,UpdateProcess 1368
C:\Windows\SysWOW64\reg.exe
reg.exe EXPORT "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" C:\PROGRA~2\PREMIE~1\RData.reg /y
\??\c:\program files (x86)\premieropinion\pmropn.exe
"c:\program files (x86)\premieropinion\pmropn.exe" -boot
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
C:\Windows\SysWOW64\cmd.exe
/C C:\PROGRA~2\PREMIE~1\pmropn32.exe 2404
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
/C C:\PROGRA~2\PREMIE~1\pmropn64.exe 2404
C:\PROGRA~2\PREMIE~1\pmropn32.exe
C:\PROGRA~2\PREMIE~1\pmropn32.exe 2404
C:\PROGRA~2\PREMIE~1\pmropn64.exe
C:\PROGRA~2\PREMIE~1\pmropn64.exe 2404
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -s
\??\c:\program files (x86)\premieropinion\pmropn.exe
"c:\program files (x86)\premieropinion\pmropn.exe" -updateapps
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=e2a4f912-2574-4a75-9bb0-0d023378592b_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=f46d4000-fd22-4db4-ac8e-4e1ddde828fe_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.aad.brokerplugin_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.accountscontrol_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.asynctextservice_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.bioenrollment_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.creddialoghost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.ecapp_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.lockapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.win32webviewhost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.apprep.chxapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.callingshellapp_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.capturepicker_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.cloudexperiencehost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.contentdeliverymanager_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.narratorquickstart_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.parentalcontrols_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.peopleexperiencehost_cw5n1h2txyewy
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5228,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5428 /prefetch:1
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5760,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5752 /prefetch:1
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.search_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.sechealthui_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.shellexperiencehost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.xgpuejectdialog_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.xboxgamecallableui_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.client.cbs_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.undockeddevkit_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=ncsiuwpapp_8wekyb3d8bbwe
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=windows.cbspreview_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=windows.printdialog_cw5n1h2txyewy
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -a -n=windows_ie_ac_001
C:\Windows\SysWOW64\CheckNetIsolation.exe
CheckNetIsolation.exe LoopbackExempt -s
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6120,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features="NoStatePrefetch" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5816,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5808 /prefetch:8
\??\c:\program files (x86)\premieropinion\pmropn.exe
"c:\program files (x86)\premieropinion\pmropn.exe" -installmenu:PremierOpinion -v:NONE
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\*\" -spe -an -ai#7zMap29932:188:7zEvent10499
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-AppxPackage
C:\Users\Admin\Downloads\Delta V3.61\Delta.exe
"C:\Users\Admin\Downloads\Delta V3.61\Delta.exe"
C:\Windows\SysWOW64\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\delta_core\error_logs\ERROR_LOG_30001857.4144.txt
C:\Program Files (x86)\PremierOpinion\pmropn.exe
"C:\Program Files (x86)\PremierOpinion\pmropn.exe" -brandinfo:http://www.premieropinion.com/Tile.aspx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.premieropinion.com/Tile.aspx
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x140,0x150,0x7fff978946f8,0x7fff97894708,0x7fff97894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff6858b5460,0x7ff6858b5470,0x7ff6858b5480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5748,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5784,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3264,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3824,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1084,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6104 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1492,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4056,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5732,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5512,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5820,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=840 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features="NoStatePrefetch" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5504 /prefetch:8
C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\BootstrapperNew.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperNew.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\BootstrapperNew'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperNew'
C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5388,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6240,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3292,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6288,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3552,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6424,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5996 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x488 0x4e4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features="NoStatePrefetch" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6464,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6820,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6828 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3120,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6720,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=4980,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5180,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6768,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5780,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5640,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6468,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7076,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6728,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6744,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6840 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.80.1:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | 1.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 104.21.80.1:443 | filedm.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 8.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getfilenow.com | udp |
| US | 104.21.64.1:443 | getfilenow.com | tcp |
| US | 104.21.64.1:443 | getfilenow.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.21.64.1:443 | getfilenow.com | udp |
| US | 8.8.8.8:53 | 1.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.64.1:443 | getfilenow.com | tcp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.35.26:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dlsft.com | udp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 70.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.69.228:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 35.190.60.70:443 | www.dlsft.com | tcp |
| US | 8.8.8.8:53 | dlsft.com | udp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| GB | 18.154.84.81:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 81.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.214.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 18.245.147.27:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | post.securestudies.com | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 27.147.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.78.193.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.234.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | filedm.com | udp |
| US | 104.21.96.1:443 | filedm.com | tcp |
| US | 8.8.8.8:53 | 1.96.21.104.in-addr.arpa | udp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| US | 8.8.8.8:53 | dpd.securestudies.com | udp |
| GB | 18.154.84.58:443 | dpd.securestudies.com | tcp |
| US | 8.8.8.8:53 | 58.84.154.18.in-addr.arpa | udp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:80 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50205 | tcp | |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| N/A | 127.0.0.1:50209 | tcp | |
| N/A | 127.0.0.1:50212 | tcp | |
| US | 8.8.8.8:53 | rules.securestudies.com | udp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | 25.58.120.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.premieropinion.com | udp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| US | 8.8.8.8:53 | 250.78.193.165.in-addr.arpa | udp |
| N/A | 127.0.0.1:50289 | tcp | |
| N/A | 127.0.0.1:50328 | tcp | |
| N/A | 127.0.0.1:50374 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 165.193.78.234:443 | post.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50377 | tcp | |
| N/A | 127.0.0.1:50381 | tcp | |
| N/A | 127.0.0.1:50385 | tcp | |
| N/A | 127.0.0.1:50388 | tcp | |
| N/A | 127.0.0.1:50393 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50397 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50401 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | oss-survey.securestudies.com | udp |
| US | 165.193.78.210:443 | oss-survey.securestudies.com | tcp |
| N/A | 127.0.0.1:50405 | tcp | |
| N/A | 127.0.0.1:50409 | tcp | |
| N/A | 127.0.0.1:50413 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | 210.78.193.165.in-addr.arpa | udp |
| N/A | 127.0.0.1:50417 | tcp | |
| N/A | 127.0.0.1:50421 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 35.190.60.70:443 | dlsft.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50437 | tcp | |
| N/A | 127.0.0.1:50446 | tcp | |
| N/A | 127.0.0.1:50451 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50455 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50459 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50467 | tcp | |
| N/A | 127.0.0.1:50473 | tcp | |
| N/A | 127.0.0.1:50476 | tcp | |
| N/A | 127.0.0.1:50481 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50485 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50498 | tcp | |
| N/A | 127.0.0.1:50502 | tcp | |
| N/A | 127.0.0.1:50506 | tcp | |
| N/A | 127.0.0.1:50510 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50514 | tcp | |
| N/A | 127.0.0.1:50518 | tcp | |
| N/A | 127.0.0.1:50523 | tcp | |
| N/A | 127.0.0.1:50527 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50539 | tcp | |
| N/A | 127.0.0.1:50542 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.directfiledl.com | udp |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| DE | 167.235.218.62:80 | a.directfiledl.com | tcp |
| US | 8.8.8.8:53 | 62.218.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:50684 | tcp | |
| US | 8.8.8.8:53 | 219.180.201.52.in-addr.arpa | udp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:50777 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:50856 | tcp | |
| N/A | 127.0.0.1:50867 | tcp | |
| N/A | 127.0.0.1:50870 | tcp | |
| N/A | 127.0.0.1:50878 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 165.193.78.210:443 | oss-survey.securestudies.com | tcp |
| N/A | 127.0.0.1:50884 | tcp | |
| N/A | 127.0.0.1:50900 | tcp | |
| N/A | 127.0.0.1:50905 | tcp | |
| N/A | 127.0.0.1:50909 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:50913 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | 4.38.16.2.in-addr.arpa | udp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50919 | tcp | |
| N/A | 127.0.0.1:50923 | tcp | |
| N/A | 127.0.0.1:50927 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50931 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50934 | tcp | |
| N/A | 127.0.0.1:50947 | tcp | |
| N/A | 127.0.0.1:50951 | tcp | |
| N/A | 127.0.0.1:50964 | tcp | |
| N/A | 127.0.0.1:50968 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:80 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:50971 | tcp | |
| N/A | 127.0.0.1:50975 | tcp | |
| N/A | 127.0.0.1:50980 | tcp | |
| N/A | 127.0.0.1:50986 | tcp | |
| N/A | 127.0.0.1:50990 | tcp | |
| N/A | 127.0.0.1:51003 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51006 | tcp | |
| N/A | 127.0.0.1:51013 | tcp | |
| N/A | 127.0.0.1:51017 | tcp | |
| N/A | 127.0.0.1:51029 | tcp | |
| N/A | 127.0.0.1:51033 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51037 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51041 | tcp | |
| N/A | 127.0.0.1:51045 | tcp | |
| N/A | 127.0.0.1:51057 | tcp | |
| N/A | 127.0.0.1:51060 | tcp | |
| N/A | 127.0.0.1:51066 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| N/A | 127.0.0.1:51070 | tcp | |
| DE | 207.120.58.25:443 | rules.securestudies.com | tcp |
| US | 8.8.8.8:53 | hawk.securestudies.com | udp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| N/A | 127.0.0.1:51157 | tcp | |
| US | 8.8.8.8:53 | 173.125.19.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:51179 | tcp | |
| US | 8.8.8.8:53 | hawk.securestudies.com | udp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| N/A | 127.0.0.1:51209 | tcp | |
| N/A | 10.127.0.1:80 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 50.19.125.173:443 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:443 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| BE | 74.125.206.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oss-ad.securestudies.com | udp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| US | 165.193.78.210:443 | oss-ad.securestudies.com | tcp |
| US | 165.193.78.250:443 | www.premieropinion.com | tcp |
| US | 50.19.125.173:443 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:443 | hawk.securestudies.com | tcp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 172.65.251.78:443 | gitlab.com | tcp |
| US | 165.193.78.250:443 | www.premieropinion.com | tcp |
| US | 8.8.8.8:53 | 78.251.65.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:51361 | tcp | |
| US | 172.65.251.78:443 | gitlab.com | tcp |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.premieropinion.com | udp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.109.54.23.in-addr.arpa | udp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 165.193.78.250:80 | www.premieropinion.com | tcp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 34.234.232.38:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | 38.232.234.34.in-addr.arpa | udp |
| US | 34.234.232.38:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | hawk.securestudies.com | udp |
| US | 50.19.125.173:443 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:443 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| US | 50.19.125.173:444 | hawk.securestudies.com | tcp |
| N/A | 127.0.0.1:51413 | tcp | |
| N/A | 127.0.0.1:51416 | tcp | |
| N/A | 127.0.0.1:51419 | tcp | |
| N/A | 127.0.0.1:51422 | tcp | |
| N/A | 127.0.0.1:51475 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:51481 | tcp | |
| N/A | 127.0.0.1:51491 | tcp | |
| N/A | 127.0.0.1:51501 | tcp | |
| N/A | 127.0.0.1:51506 | tcp | |
| N/A | 127.0.0.1:51582 | tcp | |
| N/A | 127.0.0.1:51684 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:50829 | tcp | |
| N/A | 127.0.0.1:50914 | tcp | |
| N/A | 127.0.0.1:51040 | tcp | |
| N/A | 127.0.0.1:51183 | tcp | |
| N/A | 127.0.0.1:51194 | tcp | |
| N/A | 127.0.0.1:51214 | tcp | |
| N/A | 127.0.0.1:51217 | tcp | |
| N/A | 127.0.0.1:51604 | tcp | |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| BE | 74.125.206.94:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 52.201.180.219:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:52060 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.96.196.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 34.234.232.38:443 | p-content.securestudies.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| N/A | 127.0.0.1:52297 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:8888 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:8888 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:52468 | tcp | |
| US | 34.234.232.38:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 34.234.232.38:443 | p-content.securestudies.com | tcp |
| N/A | 127.0.0.1:52716 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.69.228:443 | checkappexec.microsoft.com | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:52811 | tcp | |
| US | 8.8.8.8:53 | p-content.securestudies.com | udp |
| US | 44.216.141.188:443 | p-content.securestudies.com | tcp |
| US | 8.8.8.8:53 | 188.141.216.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| N/A | 127.0.0.1:8888 | tcp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.201.110:80 | youtube.com | tcp |
| GB | 216.58.201.110:80 | youtube.com | tcp |
| GB | 216.58.201.110:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hnednsz.googlevideo.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| NL | 74.125.8.231:443 | rr2---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.231:443 | rr2---sn-5hnednsz.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.8.125.74.in-addr.arpa | udp |
| NL | 74.125.8.231:443 | rr2---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.231:443 | rr2---sn-5hnednsz.googlevideo.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| NL | 74.125.8.231:443 | rr2---sn-5hnednsz.googlevideo.com | tcp |
| NL | 74.125.8.231:443 | rr2---sn-5hnednsz.googlevideo.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 172.217.16.238:443 | consent.youtube.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr2---sn-q4flrnes.googlevideo.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 173.194.191.167:443 | rr2---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.167:443 | rr2---sn-q4flrnes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 173.194.191.167:443 | rr2---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.167:443 | rr2---sn-q4flrnes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| US | 173.194.191.167:443 | rr2---sn-q4flrnes.googlevideo.com | tcp |
| US | 173.194.191.167:443 | rr2---sn-q4flrnes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 167.191.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 142.250.200.14:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nsr.googlevideo.com | udp |
| NL | 172.217.132.72:443 | rr3---sn-5hne6nsr.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 72.132.217.172.in-addr.arpa | udp |
| NL | 172.217.132.72:443 | rr3---sn-5hne6nsr.googlevideo.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| BE | 74.125.206.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.46:443 | google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:20857 | tcp | |
| BE | 74.125.206.94:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.croxyproxy.com | udp |
| US | 172.67.158.52:443 | www.croxyproxy.com | tcp |
| US | 8.8.8.8:53 | cdn.croxyproxy.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | cdn.userreport.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| GB | 108.156.46.76:443 | cdn.userreport.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 52.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.46.156.108.in-addr.arpa | udp |
| US | 104.22.71.197:443 | static.addtoany.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 172.67.158.52:443 | cdn.croxyproxy.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | tcp |
| GB | 142.250.200.6:443 | s0.2mdn.net | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 193.26.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bannerflow.net | udp |
| US | 104.17.46.71:443 | c.bannerflow.net | tcp |
| US | 104.17.46.71:443 | c.bannerflow.net | tcp |
| US | 104.17.46.71:443 | c.bannerflow.net | tcp |
| US | 8.8.8.8:53 | 71.46.17.104.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | udp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.46:443 | google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| BE | 74.125.206.94:443 | beacons5.gvt3.com | udp |
| FR | 51.159.194.250:443 | 51.159.194.250 | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | tcp |
| FR | 51.159.194.250:443 | 51.159.194.250 | tcp |
| US | 8.8.8.8:53 | 250.194.159.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | start.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | start.duckduckgo.com | tcp |
| GB | 142.250.179.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| FR | 51.159.194.250:443 | 51.159.194.250 | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| FR | 51.159.194.250:443 | udp | |
| FR | 51.159.194.250:443 | 51.159.194.250 | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| FR | 51.159.194.250:443 | 51.159.194.250 | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| N/A | 127.0.0.1:20857 | tcp | |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | udp |
| FR | 51.159.194.250:443 | 51.159.194.250 | tcp |
| N/A | 127.0.0.1:20857 | tcp | |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| NL | 142.250.179.163:443 | beacons.gcp.gvt2.com | tcp |
Files
\??\pipe\crashpad_5048_RBURPRNFXWBTHTMK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 82ab293f5d21f6b061ebe31581340aa1 |
| SHA1 | b0a174059263aa08b18915108cc6a9d4aa3586e9 |
| SHA256 | 9d344a2d41cc70ddb50aed02941450eb949a2c915cf23a27a4b3a9470fdb5070 |
| SHA512 | db239b3297c04ed2cc513e8c3210d404fc851e958458a745d43936cb26c7474780f8038b9deb6381c2532e09a3e757e8a72593350411222e8a552c2456193097 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b73c5f6a10868a0a6e536843a7179ded |
| SHA1 | 615e1b50bd0649534724e56cb4926801c2398fed |
| SHA256 | d97b135d034f60fb944a086e82576c9be661b9ff7621ae300625aa67e6b80e7c |
| SHA512 | 8ca4489dcaaac1a799bed8992703ca6e48e64729a34b5f3a345a5911927646b29db6611ec3eb1e6ec58ead4c659ba398062acb00920e173c0e5a234fc995f86d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8f0ecd63ccd6cdf165fc7bf80ab2038e |
| SHA1 | df9b7e4ff4f72b1e0cddf4a2330ecfbadc16d835 |
| SHA256 | ce4e3469636a2318aa66a25fd05360fc26ae42d2d8b75ec86a281334afa77a10 |
| SHA512 | 1a79f888f320c60364bd887998d3e2c80a96ac93ab69f0c6cc01bd205dbf27ea4a5251a2a981aa2688dfee8fa6ea56f49ca0eca2827f0e22f2812f736ba8c106 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0025f89faf0d089ef9788966dad2ca27 |
| SHA1 | 67215554d3fd3fb20d8ef9ff99fcc237cf91e9a8 |
| SHA256 | 532cf224158b1e570595dcc0bba216d79fa4d5e0d8c03b380a2e621f1dedad42 |
| SHA512 | 3704506fcfc12e19d4b1923d20dd487458a2e15f7269abf137def4b79da0186efe5a3654127b22e7e2ad96d906b081c287837addf5f8b9c4a2508527009e63cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 656f06657818a3b93c9ecbe5d98ce22d |
| SHA1 | 0e6867748d8a34b7a80aea0817f0157a1aa4b4ab |
| SHA256 | 48cddc1a1dc90889142b07ebb59c05530871ecc51df689eb99def0733d446f10 |
| SHA512 | beba2dedb636e22af363571e044cfedd9d8adeb3a3236428481e9001b72c89480e8cace01c1b49df35c85cfd1989782e3187c6faf7f459596b5c89c4e5438b04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | edd84f08c5b5ba37447ed875f04fed78 |
| SHA1 | 0947ba2357ad6ec9ae4ca00aa6d14f1fa51e6e22 |
| SHA256 | 6dbac44cd5e9b52944e69a9e6ed4eb59d7d8b3677e4b7bf7d843e24c80c80f0a |
| SHA512 | e22429cb079f3d67b3451a370aa83e85a022e21e4d7f2bfd6234914fb6ae42c01e0a6a3616f906da7995c37ca1c467bbea9d4bfef6f15cab77f9071f5bb48ea1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48e85fe5b2704b75422fe43d2b020ca5 |
| SHA1 | 603e14cff52de3493863643b51e5bab80f9afb71 |
| SHA256 | ed394f62135569b85d73e448012838c8d4e927427a910acfe38b80ad8552a4a6 |
| SHA512 | 076127c704ca9ccefc0c14548f71503cc93ad2f362e3d063c8b0a975047a036a749bc51fa7fb5c8939784f3535ceb4a9f9e7ce2a636381630ed51dcdddabaf7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ac78dc3edd3f852f3b71abee3220b7df |
| SHA1 | 8778dccbbecefc4c71c09851cd55e571ce18179d |
| SHA256 | 8078daf06b02e9dcd6b50baca69f64bb1bff7eefb9cf45ed26862e38722721d0 |
| SHA512 | 3e87fd3dd818ae357e5756d978f52d993a29ef4283fc5954bf096c6a4244ca419b38c67978e8cc6b6372b7a69b677357686d8f5cc558716377c9f7a9801c8f3a |
C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe
| MD5 | 15d1c495ff66bf7cea8a6d14bfdf0a20 |
| SHA1 | 942814521fa406a225522f208ac67f90dbde0ae7 |
| SHA256 | 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42 |
| SHA512 | 063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8 |
memory/3208-128-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-126-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-127-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-138-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-137-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-136-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-135-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-134-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-133-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
memory/3208-132-0x0000019136FF0000-0x0000019136FF1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 251f25f8ef750fa1a678ba536e0785e5 |
| SHA1 | 981f1ab637356c96b519cb50a129f88e0fecb01c |
| SHA256 | abfdad0f63c8682ab107e937da44c06e30c199e52317845face1197f5a7bc30c |
| SHA512 | 17309e47355c454229d6b2f7fef8dccf250ee5f5bff1178f8f58afca52e1faaaa58b494fc0e0e9f1ebfb64848692e7f12f3f81013bd2334a943a5c7f919c1648 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2f89c4550b2c30607a68e28099f1ba9 |
| SHA1 | db56a4fd319779e78564635aba5b254a9fa0bd5d |
| SHA256 | d80dbee9556d3a64e1badaaeda06e8803b5a5c48148d6c4670713534335aeb68 |
| SHA512 | f6edd00a11d00e93215530a3671746fb26f21a385f67f8d25c96fbb6dbdc0fe2a6a4a1bf5f68fadf285a726315c2f809373534f650dae28622e2f70fa19d70c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e68e7ebb9f282342bba32c75fdb9e3af |
| SHA1 | 97ce0066b47b9d1f74775f587065217fc3e8adcd |
| SHA256 | f6b69a32b284f9b5bdc9d7857ccf884a1c76d22bd1450629f1722845f9c30a9c |
| SHA512 | 69f01c2921c5ead142c69e25a42178c4b45116a92efe48c1b91a7080187185d2d6506eb503ebdd445d59877144025df33667e1f64a8effdf070608b89dfab396 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bd5af37ef2ace8db0c87654b4fcf402 |
| SHA1 | 76661d553d78e7be737e1bf9c864f4ec95f143d0 |
| SHA256 | 286c856a3711bb44f39c8d631167916e9d69b00438f39af3f2aa4318c0780003 |
| SHA512 | 594715cd1aaadd0ea2a8bee0f69ea73bbbf28be6d01c7e70b73936977dd961f95f43a94b6dddbdac585bfac8b41d3b6e8b442f1eb75d6a723b3ca542b9b58a3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07edbd9413e4e00ed8f51310761188cc |
| SHA1 | c8f11d2948fc121dc4665dde3bee087799f56549 |
| SHA256 | 080bd0dfce3bd636c1d63c17c96428d8eea8b7b0a3a9b75a1f678c57ef7687dc |
| SHA512 | 92bd1e59d9df5ec35be8a83df549a7a06d74f2859b60e9b23b452d49aad0139b0da6d10fa977cc9a0df1422a63f587d8ed465b7480608695b25e3881e8124eea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 22855151e661d30b755ef583b35d9538 |
| SHA1 | 613bb04bdee91ec57ba8d6606f81b16c6b4d41a3 |
| SHA256 | 09ea503047404b56b3832b46d940300f304193c9644c0648629c7299ad8a4708 |
| SHA512 | b2d9d935cb864893d5b2fb7cbd16b2cf5b39e2aa09471e8432f6d1c9daab8e3fa31b55164095e21523e0b092c742a29c138e521d669cd630434b0d6aca2e9605 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86b4789bc8c8028540ea372181a26134 |
| SHA1 | 95ef99e944455c7852859d2d212ce3448927f581 |
| SHA256 | a63f9b57c4194d4561bb1c7b17d4ca149e40207d2e5262338b1e9c074f68921a |
| SHA512 | f90635c2652e1d5959347222f57a4008dd9af49e86aa206a276982f0acb4cb5180ccdaea3b584d4ea3ab1cae71f20bcd00bf76cd99784cf4caf65dd9f3bf9f11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ef3fed159dd62328f0d5be0ba10a42bf |
| SHA1 | 5770be3375686d0c3e6b235056b81a7c2293e521 |
| SHA256 | 517e15b2a125d1b2d94c0fe7f8b65f26f3bb1e59d6e7a6e5c1543bfa1c19c364 |
| SHA512 | f939078d339d26cbfe565571d7a59e9739a869bd40fb125f932bd2850be619671955f6c67430160922232a143df4cc85f236a4d2a064af6893dffea87bd95e43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e5e05f327cdbb7f592018874b51f2bd3 |
| SHA1 | e590269744ea931252903eb9e28b1aad7dc9330c |
| SHA256 | a8bc56181221cce96db3846cf0aaa6aba7d6acf4086fbe51a12f290856782835 |
| SHA512 | 6ebfb2443f63347c5503f5cd889ab2f611168244e34e66272373aee3ff3f8648a1eacdef6cfb75e5ef2fce98cc36813769c1fbf22dbf9e7761132c785f0ab1ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 15610f50a1443428cd81ebd251105034 |
| SHA1 | 08922c9a9d80346351a5d8182a8ad234e4c66fd6 |
| SHA256 | 2c24517ea4e3410b025d6988d9a38f33f911f1394e16090bd00309350753dbc2 |
| SHA512 | b0fc2b519a555f427ea396331bde4165d5234d91a390cd9877c9acb28bb17999d71d44ec90b31e2915b95f8406b2019549f96a7f20315ad9b7390fc072a0227a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\923CD0F3EDBB3759A875E7FE664C6C90_E177412028F15791C29E67CACD8927FC
| MD5 | 94fd46fd3cc1e9163cf6415619952df2 |
| SHA1 | 4cc7673dcda3af54cdc5529d9e8c3ce905ba569d |
| SHA256 | 8c3e6c1db236cb4d4b564d1bdc63e3423657888fd6c60b398fb5a7d3fa018ed2 |
| SHA512 | dcb73ac90f22c35ab700587c46a18e80ebc494cf7348f089eb73e8f6ddaea8ec156b70656f6dd2e765fc03b084bff46ceb61d8a70db23e437d5e7204fc134ace |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\923CD0F3EDBB3759A875E7FE664C6C90_E177412028F15791C29E67CACD8927FC
| MD5 | b2f0977d11bc3e05723564684070b52f |
| SHA1 | de8daf8e656919096c7c338ed32d23a2014ec200 |
| SHA256 | 755ab075984adb46c563354d3ba284c5457fc9523aca22d8eab7cc24653d9ab2 |
| SHA512 | a6bacb9dcd50d188e72fec458152da4db7d8559f32c01bbc117cfc5664fbadcd7f2fb697c5b3eb9db23a00b5b335b830be38a3240b055685a952716afa3a7a53 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6EH17JN\service[1].htm
| MD5 | f9d4655bbb31d3745d1d1671e3a09f4a |
| SHA1 | 65fbfa8dd5aa8f0ab41f0c101023290878c78162 |
| SHA256 | c09dc2ba6150d341e056631e8fbc1a91afcd6d87759bde08e75a1fc506641203 |
| SHA512 | e8bffc091d60e2addf583b4d33e3b698104372e9b2b31cba3b4e1331a6fb5301632c19f7c2d7f209273115b9d478efde5ee02e7f314cd734871d3a07ebc50076 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c056f28d382a2e47cb41a4c7c64be425 |
| SHA1 | 83c3b030dc60a72b57872fa86ca9d0217e49ce65 |
| SHA256 | bfd558b7ee8aeab0d645956066f3f400bb225a88191688834364d89cab61de28 |
| SHA512 | 39ecd0f69a3c8b8cf5831717353eb5dc9641ac30f7a82eca186f0f29bb8ff34d6d1c6a2137cbc78b97cf7b36e1c005932285b607dc9195173d161f8513c93d79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C2C9D7FCC58B6FD9BF152E66809C1BBE_9962014287DF49023620C3F0C27B8ACE
| MD5 | 0c435a566e6cf15ae858b1ce5daaff78 |
| SHA1 | 3d767071883dd69cbeb5da9931e55328789e535f |
| SHA256 | 21db62bf4dab27369e9881e6a54fae9b3ff09719f4a3fac7b66f9ab3d3b59a94 |
| SHA512 | 2ea611bc0e725e2a93204124ca20a66de498bf771df1bd98e8c50d1654d1ce5f8a4fc1e43631a09a2936dea1a2aa2f406a187ef22fa8e8f2847916e9f2211f32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C2C9D7FCC58B6FD9BF152E66809C1BBE_9962014287DF49023620C3F0C27B8ACE
| MD5 | 8da6e2e64984f043adfd8bf4327381c4 |
| SHA1 | 7d10a80cec713f336cfa4eaebf03bfbb61ec5061 |
| SHA256 | a76298a51feef2577cae66469a8539f5ff3353c9518803a14ba1f8298a62e2e6 |
| SHA512 | 026b615af310ec023f00b580977b267fd66d4a3a9eea09e4528efd388a098830aa014d1aeacadd527be97294a3e57f3ee1ca756b90224692ed13037d23649808 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\975YIRAS\geo[1].htm
| MD5 | cb3a75524ed2c9cf9d2db6ff967d60c1 |
| SHA1 | 3f371ccbf44b82de81da03e457d69c32599f4784 |
| SHA256 | 9619cbe373384f52988fa35be01f2c73a2faa28746bd92680d7094770adf376d |
| SHA512 | 7fc4dcc461ae3396feaf3b0290aead28d43019bdb0ae9a28e61a1c42af7a945152ed93f6a185b2ed098f03dbe2c80d5ee7596f4cc7a094fbf50b5f8b843ade34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | ba602cfe647fd03ee95241889aefba7e |
| SHA1 | efd3945961adda8bc7dd84e1007bbae361f80f18 |
| SHA256 | 3a4a0844bb8b1f71049abeb3799886b496713caacffd47672ea9c99e469637a5 |
| SHA512 | 02beb0baebd5d8811199577b3694ae6e9864736096b4ee9fbdc7652249912f88b8b3bbd66d106bda09c03dcfa5815a8503d7896a58688c5a54d54a9bdfc3b0d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | c9be626e9715952e9b70f92f912b9787 |
| SHA1 | aa2e946d9ad9027172d0d321917942b7562d6abe |
| SHA256 | c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4 |
| SHA512 | 7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | d8210a49cc296afb0e44228a597f1897 |
| SHA1 | 91896db4eaf5d4166113d3877d810233585115c2 |
| SHA256 | 99b35d31c63377094708e07416494b8c9bef939888bfacff02d659f00019a9ed |
| SHA512 | 102467f6bd0a0e289f078fdda98c41c1b70a84c29dd9aa7314bbb7288a29c8844da4458443b6e5f9e0f46ebfc9ae65dc2bc6647f2eee0a5b69c1134184fa34ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a1fe28b749482a52946739348abd3cb8 |
| SHA1 | f5892b145cd34c238eee63cb7e76f6772df19260 |
| SHA256 | d982b391403041183d190317034125081d6171a21c65c44dbd8563e1bbd5f0e4 |
| SHA512 | 7b6e4980f9212ba02c9de4a0f426b07c285d5fb68e8157a8475a5765ac5d074f32f1138acac977533f2e6f6d050504ede5243dbea640a57a6430d2ef9ce9d239 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6EH17JN\logo[1].png
| MD5 | 2d4e9e8198f0c3eade53c619cd1fe4ea |
| SHA1 | 80b29f8dd0c4951ce7cad0db1fad1d9fdb275fc9 |
| SHA256 | c97e703578120c1f7a570acac3b461178a5e051ce16be9e266c1789c1d610ac0 |
| SHA512 | afef06bfc6bf857a1b7966a04a8779aabf3e8a6d79b4c51867335190959acc469a4e1929b4c66430a3eece1aa5d1decddad005b326ec830c2b3a57179f3c626e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 52df824c5e1d09f8423dc3725b394f7e |
| SHA1 | d8d026f8f4bddde54306a19fe38e40b27e1e878d |
| SHA256 | 1c710fa385acdd1a42cb08ae1a26fbcb13a2c24f7e147ace1cb7a007ff700f03 |
| SHA512 | b14bc477ca67a1679b373cb6a40807710bb233ff09f511ebc531767dbe996a49e2631900e37e7486545c50eda976aee99e1e378e9ee8954d24a83415370be90c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 927f4451612d1efcdd211324eb4a5b6b |
| SHA1 | 7d7fdc933a9d165d0d8c2df955cfc4d8052c3777 |
| SHA256 | 35fe8050661e0e4312d39cfdb1730889fe99f22b92751be30d0b12b57c491de0 |
| SHA512 | 554dc119486cb7ab13a28f2e93aff6d446360bbb1e00d60fc7879bb0aabe03c23f3d83b0f0557ba1a71698360612340e0e3b86b4d26830e9b14835ba284d761d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | f382943121f4e867108f11cb3e0c6afb |
| SHA1 | 506b354ca8005870da33c2630641af65c9d29ec9 |
| SHA256 | fe13fa77d7a464b2d9bcb1571d8ff3fe2c1f904d0533b898f45fbe765b0eb307 |
| SHA512 | c6bd45d57b464c6b224a5fe99ed0474ac88b62bac45157f15b4bf1cdae8ee68f57c032564332e0bf3575fb0f42d9ea0b452dfeb2207be380f06493c4f2652932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 32a7f3e577a7feba5a4c5f6ef63081ab |
| SHA1 | 3600fcf6c0d3551a02c02d25d659c514a85f7620 |
| SHA256 | 2f9676217b2b5a159d0c33cb4f1c0a40bdb38612cc96e3e95197cad4898a290d |
| SHA512 | be1ecff8327f2c45eacf2e9385dfe6a50e3fb583d4a47f223a1537caeeafaac853f5ef65fce35f9a2d67afe9ef80aea4f1d418d211e34c1cb075100e65682ad7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d71d7d0448d3195031e3d7f7dd5a8d0e |
| SHA1 | f537389677368af59be9593637ada2a25240d1a8 |
| SHA256 | 1895e0d2f1a3223054ddf0a948a386e572e27001ff59eeec60bff15e63f7565e |
| SHA512 | 173cdb17623b75bf64c87777efd2b7562761b8152998f52f9d36975973b8ceaabd0be81f0847dae4677c2041d1c8cb044863c492b4db0a3e5709a896ab37f1b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c4ad3b0ce80c62981edb61eb07da1d74 |
| SHA1 | 3c57e6455909291249f3e1669f9a2d3831fa8b93 |
| SHA256 | 2fe135e367af364936966c724e5f187e0ee309f1b9d92387b3abd087cb438416 |
| SHA512 | ea5f77f8581068dd2a6595e8d4027713895a63d90e01defdaf11ee25e87a301d11c7626bc18976123c486f1c8c74d63359571c626797b437cb35639c60072d48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 0411f06faf7dca0d5c203fb46c89661e |
| SHA1 | 46a4013655768b8026da0ca8349a8404ae1dbdac |
| SHA256 | c17006fed4cc7a1cc61763502995cf72c822d0a874e2c20f6d95a202291e2e9a |
| SHA512 | a056f4a460991fe50de086a66045d87fd1f1852d1aea17707934fc39d4baccae951d7db17ac31556cc12172392832b595a5ca2e80e638c7fd1d1f2a137c09835 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B
| MD5 | 5fad78933adcabfe68fa9bd5007630db |
| SHA1 | efb75601e67c4c6e725098a002c7b06737ab25b0 |
| SHA256 | 1dbf9b1ecb6de9e74b74c4b8c241da432d9042a34765ad6a546d1294fd113d4a |
| SHA512 | 13e3cff45bb5880c1655131e24b4445bea7b56d44909b2a78a88d373edb0b45acce434f593e05098e84fea66ade10da8245cdb2577955a80ff8374bd33d85f85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 1377275d5101b19fca91b1d9c3598e4a |
| SHA1 | 1ae691c76fd89c93aae8d7cac235ef82f2def01d |
| SHA256 | f198314ee09f7adc845d9fe2f67e9c06c63430c4b3ee0946d1e5b2a88d8bb997 |
| SHA512 | 47fdadefaf686888a3ce69b646929229fb24bd9bb6082b031c5d54e2516eec1244c9c159d986a7456f6fdd0dbca143a55591ee37e8fbc65e2b37c3249e5a73b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | b471d332c7e0d4210147be0346bd9a18 |
| SHA1 | 0e3fa06bc1cdb0c08e8c95026a4f1d50a2ba1478 |
| SHA256 | 28e42ed86e910aac693e5b718e6fa32d9ab53dfcb0da0d639e4bcb360617bb4a |
| SHA512 | 0f95342b8a97049610e3bab93c9870fcade47528703555e1304cffa1741c5d9d31ac59a8b240e33539000649905886eb90d447d5af82d5ef7facdf8ce805d8b6 |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | f6dd4cc1b21bbad0d7b8f47db0c38388 |
| SHA1 | 8f9f6bc3a26143585b203feb9b1454d1191e78d4 |
| SHA256 | aa679f51259117fea9baa4fec16286c211087c2d177104b347f6f0fb6515ea87 |
| SHA512 | b65a9e333bc29c5481779f2b93982e99c041bdfbd4eaeac0eeb1ffbb9b5cd5e807ab98ecd5dd5798ac0884d2a3ac49be983e3cc97aa9c7bdc9672e1d1c3cb836 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b0a0eee6460ada5ef1bccb127641d24c |
| SHA1 | 89296995a7645bc8193823211db366d884d211ab |
| SHA256 | deb2109263af23e6e1148e9f296ec8d42913fcedc29da24575a3bb798d8b9032 |
| SHA512 | 831f46c45d3469a8fda3eab8709ff052dfba2eb913bfa16cc72ee436198c219117b6de25757c536fcd31294b60bf770994a80ebe1aea36f3370c536ee9d77c93 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DJ4QA6DW\dpdv2[1].htm
| MD5 | fcbf2eabfc15730a7c441a01d4eae2de |
| SHA1 | 995991ddae2088f7791c894b8b600646af1af138 |
| SHA256 | df3b48bac33b50c5a36a9e7ed2b2f6bd09f82772558c4ba8c5a2067dc8162074 |
| SHA512 | eb32d2ccdc2c80fe3dc713a0fa59eafa1f823521aa2d49c1c8ef7a471965a8c892088b388cc883e5d376eab35d74ccea4ab7ef1790373beb4439c79581ea755d |
C:\Users\Admin\AppData\Local\OperaGX.exe
| MD5 | 66151baf4c7973df9281d00141bd4d7b |
| SHA1 | 805cbe1b3d938962aef72b17f476954a0bbad93a |
| SHA256 | c321f8b1b87d033cfcf86e0ebd92a2db16cbe4b9106126401eea99567cfbb171 |
| SHA512 | cddd8fc511d76a69bb38c4686b3d60bbf475f376b5cfffb65054fda6f6229e8d70d55103d5307c80c54a3fbb95bdaee0fac98fb2c8dea9bdbac877dc724d5b8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 583dff4027d74add934958cbc4281b05 |
| SHA1 | f51d32a7a67dc9b3429f421319b9a01f93b6b330 |
| SHA256 | acbe777e4ace9fbf98f7e0e44b31ec8d373d827b6c21bbe5f31565222eeb31ac |
| SHA512 | 8f52b5081036bd2cd1988ab1541f54b1288958873fd8df079cfd9eef72f31cb1ca13820f8c23d9e56e14ab063c0e9b81fc2fe26e60dc62f4be503d8e33978d99 |
C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe
| MD5 | bf6eed6cdc17a0130189a33a55ef5209 |
| SHA1 | e337f5a0931f69c464f162385f1330b4d27b372f |
| SHA256 | ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168 |
| SHA512 | 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmservice.exe
| MD5 | 4ef95918e313c7ca01084629416fc714 |
| SHA1 | 5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c |
| SHA256 | 303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9 |
| SHA512 | 75861731e9ec1a43741b2b84f60677e9fdf26d5db8d6e4e91297f826fc2c357272c18cede7f64c42798f5459900b33d693ababe4e1140e4cfc54ef7a04af633a |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmls.dll
| MD5 | 50a0c6c01cdc5d2690ccd1f1541f6670 |
| SHA1 | c5e017a468efb70eabb1f861784edac62acb0e17 |
| SHA256 | f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99 |
| SHA512 | 028d5a56c581d3751628c7503e83aa52c332678495943c3648049ae0b26a7190e98395ad205cf60896140d1a802c14a346a2d1553e7b53090c3f5beefd66e9b1 |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmls64.dll
| MD5 | aa56cb7fd83150c3a75cd6a0de97eb78 |
| SHA1 | 34415c5c8e57cfe9a7b4a498eacfe1403f3191ec |
| SHA256 | 034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765 |
| SHA512 | 765f12e5e060db934d0f4e8159bb9bd10cdbe797d79488a0dc88215a73e49101e279ca69e10c1775a5e161bb4dd02585724c7c87bbefdcdd047adb4277804fa2 |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmropn64.exe
| MD5 | ae5bbcc69b05359d0d5cc72ca6a1262e |
| SHA1 | 6843bd883d50216be44065411a983a4bcccdcc91 |
| SHA256 | 12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425 |
| SHA512 | 6417aaeb4ccd86504bc1f83e32c91a60920e98fff833c02fdbef974819a3288cab0c96d6b114ceed4432c305d49120cacbc7e0da69c911f4035aadfbec7a91de |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmropn32.exe
| MD5 | 6e4d6b68e9565c4cc7791b00c2094ff9 |
| SHA1 | 965a00a5a8bb05b35fbaa357951779ea3b71e392 |
| SHA256 | 65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483 |
| SHA512 | 0cb1396822c7350057cfc7280e1c67ccf1e1a2206347a10025e285f00e9364563685ba5282775960a9329511fd321a631222c87ae7ca8106eca00fb78722b20f |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmph.dll
| MD5 | 9d96ccb0d5ab5541b61d5c138d91796f |
| SHA1 | cf3ee3e66c8f9c23e3efd29978215461347e650d |
| SHA256 | 379a1f1f02c8cb704f248c2f1ff79c8986f73c350a3bf6d9bbc93aeacd286e36 |
| SHA512 | 69ca7d96896d872eefa63f0c0bd9613526a914e99c4cf12b5d221315277aa64894d99d0f5ce9c5e0ef640d61c9202cd3d51ddb2ab4c55f8fdf60d24a8c1ff6ac |
C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmropn.exe
| MD5 | f27f98c1a877f9ca6f06c23bed4014ca |
| SHA1 | 25a231319659c30d6f86a5c9cdd1747d7c471542 |
| SHA256 | 1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd |
| SHA512 | f054a618d2f8e7a829c26548312b436e21058ee1ff64b40e7c19be2bde037003c21332af3c60e2fd92675af80526ef6faf84b8c1d7a095bb2c4d0b799e66599c |
memory/3344-396-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-398-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-397-0x00000000060B0000-0x00000000060B1000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
memory/3344-407-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-406-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-405-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-404-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-403-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/3344-402-0x00000000060B0000-0x00000000060B1000-memory.dmp
memory/1080-428-0x00007FFFBA600000-0x00007FFFBA6BD000-memory.dmp
memory/1080-429-0x00007FFFB9AF0000-0x00007FFFB9DE6000-memory.dmp
memory/1080-430-0x00007FFFBB5A0000-0x00007FFFBB60B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 557945ae4c9b92582d6d1868a8fdd710 |
| SHA1 | 3e0a0d92e5317f4fedca238bc1e060c3354980cc |
| SHA256 | 24e25a5bc8c99d67b232877c8b5e600a3c74c45d3d3403272b9ff31b517ba7fd |
| SHA512 | 9bca8622a241f634470d6483d0da357292750f5b1c40213c92aaa2c4bdd55615ea177998e3330ca9f1d316ab39656fab223e99a25d2d515bd3068d908effd618 |
memory/1080-443-0x00007FFFB9920000-0x00007FFFB9952000-memory.dmp
memory/1080-444-0x00007FFFBBAC0000-0x00007FFFBC22C000-memory.dmp
memory/1080-442-0x00007FFFB25E0000-0x00007FFFB26EA000-memory.dmp
memory/1080-441-0x00007FFFB9100000-0x00007FFFB916A000-memory.dmp
memory/1080-431-0x00007FFFAE400000-0x00007FFFAE8D6000-memory.dmp
C:\PROGRA~2\PREMIE~1\snt.dat.bac
| MD5 | 2b07f882f54b2ca757da093c52d16d48 |
| SHA1 | 344db6cda0d7116cc3940ed814fd7d9e59545a12 |
| SHA256 | de9e99ca237d11c8777463c8209f6a0a5be7dab1f995ada9317ad5c86e8e6686 |
| SHA512 | 12ae04207249206a11e162338c316088caf203f61d56f827688a495b62aec154e537110a3534a207a5f7972edaf6eab84508afe8815d9885b60e00611d511c39 |
C:\Program Files (x86)\PremierOpinion\cacert.pem
| MD5 | 77eb3ade4c5b0db67c6e8a26f131073c |
| SHA1 | ad9e8c00174cc2e707f59df671f89a9d7fc2ffc7 |
| SHA256 | 9f19e7a7139cca8373b516ab1ae49c644aa1c8048e8c7aa5784774a081dcbb87 |
| SHA512 | 20eb7d34c80bb8d8a415bcdccf8e46cb36396c095ed1468b69c0cb91da915e3a14c7fd55247f68e64ff71cf8d336cc286c3662710ca6281840fdc2f1eb7ac6a1 |
memory/2404-482-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-481-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-480-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-486-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-491-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-490-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-489-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-488-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/2404-487-0x0000000005F30000-0x0000000005F31000-memory.dmp
C:\Users\Admin\AppData\Local\link.txt
| MD5 | 363947067c994793f31ab733fce1380a |
| SHA1 | 5f0c987b72d090119ce2a268eabe7dac163e9b37 |
| SHA256 | e33dda2b67d46be195cd6b16bb3a265f8692a726045e45ab98dc04374626ac03 |
| SHA512 | 2871633127c2df969fd56eb1cbb6b2d11473d1eb2fad083df2dcf93d897bf4e79a0a8ab7a322b8033e5ce02d1eae6173c5656b64e5be870eaa2faab8ad31724e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 045bdb360cce783f2cbcca50837f2bfd |
| SHA1 | f5fc56975973724652936e590ffdc7205b543cff |
| SHA256 | 0a9e0dbb56ae226ecdb763ce9dfbdd3ef892d3282a5f6dd806d6cdfd90d54024 |
| SHA512 | 0aeeb36264eca1dc4cded38bb678ff7ad2a08e11e7bd983871f3ee2c3ad7b9f78ae6f38b23e0c8719dc214a7b3d814b56c47a887ca14457b8bf6237fca3120b5 |
memory/3208-584-0x00007FFFB9AF0000-0x00007FFFB9DE6000-memory.dmp
memory/3208-585-0x00007FFFBBAC0000-0x00007FFFBC22C000-memory.dmp
memory/3208-589-0x00007FFFB25E0000-0x00007FFFB26EA000-memory.dmp
memory/3208-588-0x00007FFFB9100000-0x00007FFFB916A000-memory.dmp
memory/3208-586-0x00007FFFBB5A0000-0x00007FFFBB60B000-memory.dmp
memory/3208-583-0x00007FFFBA600000-0x00007FFFBA6BD000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1fba1a0ae44b5d033d909f2e6bb952dc |
| SHA1 | be27b737e0bddcc4bf355b4eeb05b6ab191e0100 |
| SHA256 | 0b5400c9ce5d57f6c90271028f027eb6037408b4c16e0cacc6296e00196da870 |
| SHA512 | 54661e5fc7b8c39ca1710b788e8619f043db81bebe24f7f9ef8a15d59ba5ed44017c68c09bcfc5bfe1198f8865de9189a394d5c1ddb157d92d782ff7b509b479 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0690946036df9eaafd16bce721336dca |
| SHA1 | b327fd705af43cb9170c8c1eef54306d4c54ea4e |
| SHA256 | 837411e32d392bf0a2410a91e559de071b6d325583cf511fcbb0bd06d65d92c7 |
| SHA512 | 2d974baf79d486e685634115b5594a253aa1ecd6500d6674d3e098c1713f54ff531886ba888ae8153ee6333f5f103fcf065e46b65d20dd1b8b7291711d834c9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a70d40e37f755e35de6363cee92c6801 |
| SHA1 | 55de04a02d595409c22ad250d95ba8d99db7b7c0 |
| SHA256 | 4609207386a4c41c9cead6fbd60d3c52c88282f9ca416e90524b49b1526d5b7e |
| SHA512 | 40ad105437ea2946d2f6cf673775729a5c42593e1de64c65648ab6e3849d05903679c3981f2f2b3f1dc01e37fe0a1dec44cc6c1effa9a986ba9928badbaf17f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6227472db2633f465964a61cf8c924c5 |
| SHA1 | f7cfe0eae3be1b3cb0ec0f9f5876f53ed5505ea5 |
| SHA256 | 5291494a78ec8e6e316ecbb5134b2af819c4b16e13469a6a065e92d4fd2284af |
| SHA512 | 89c8e911e9b7c94dae9c1ace05096bdb7673e395bbbdc61b5f2cbfaea04348b00ab9b0a10d53b0479c58e0e1be67377cfe8fe4e67bdd9f793a463762111590da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c10f126d6ffd2ab2d03694c7823dd364 |
| SHA1 | 309872012524698c89a05fc2918f2b9b85dfdeb2 |
| SHA256 | 630b3c68d0ba8783f488d43453f1cbfdcb100a19d9a4115150a5eca1cc5cc22e |
| SHA512 | 452f3fc144a6f6070ffa280e3c4e8da166bd1b792cdff499c478c760b544255f39eade9d9f074e6d120a73ef98ba1b901c85f98aa1f07c7912d06769745d05aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe858c0a42ab6ce4b67704f61ce9f2ef |
| SHA1 | 9667ecd40a4bc9527f9bff225ce42b236bde3a26 |
| SHA256 | 1a3bc3af3041afac5057c315d3c27684ca556a3ca08c906cf41c6a82cd81f0d3 |
| SHA512 | 6068d1f570e46d4725a34726bae202f3b7f21e91779e1ea36d8324b6659a0796bc9137ad45216264937068d34b99c75694488dd98c853c532bcca35e4eef70ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2463e1be567cac0493f192c188f6971e |
| SHA1 | 4ad227ae7c1679338a84b213d225f2c8762fcd7c |
| SHA256 | 651094db164929204bfc208ff4f5bd2900b77f41aba43029afaf5a967c692f53 |
| SHA512 | c7cfedabb0e9c6f93a1eae6efd7f9e4ede0e43ed302cad8f412e479d68837453c65b290b3b6dedf81ff88df86ba107f23965abdac00ff81ded2b73b369f83a9c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6EH17JN\POicon[1].bin
| MD5 | 3ef9efb5c3c17e2b685057beac484e0b |
| SHA1 | 92e7ae0ebf2b57d72ea4091f065f29187cdf76fa |
| SHA256 | 20b0f94844860501e115fccd5c1462b2e2c932041d7989dc51c6d885b3429d8a |
| SHA512 | 6631ba4269375b502eccbcf601b0daccc98538f36bc0e1e2e5e48a28b4b9f523e06cb46d14b7ac2c60f70ce258b873fc42e31ebfb5237cb43cba7fb6a428eafc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 801415ca253dce240cd0af601257b094 |
| SHA1 | 7b50e05038c5073972957e1c177d5341faa5efe4 |
| SHA256 | 925123bb07045d36b60cfcb953122ab4605ba497982a87a35a983d6ac1fc2f25 |
| SHA512 | f25fcbdfc042aaf46d4690bb1df9d301ccef06337408996d38e16edc702d1ccb954b36662a0308ecac592692ddee443f4b7b03479d5977940bc64ea83ce535c9 |
memory/5824-1063-0x00000000050E0000-0x0000000005116000-memory.dmp
memory/5824-1064-0x0000000005960000-0x000000000602A000-memory.dmp
memory/5824-1065-0x00000000057E0000-0x0000000005802000-memory.dmp
memory/5824-1066-0x0000000005880000-0x00000000058E6000-memory.dmp
memory/5824-1067-0x0000000006030000-0x0000000006096000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3secbqbr.c2r.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5824-1077-0x00000000060A0000-0x00000000063F7000-memory.dmp
memory/5824-1078-0x0000000006620000-0x000000000663E000-memory.dmp
memory/5824-1079-0x00000000066D0000-0x000000000671C000-memory.dmp
memory/5824-1080-0x00000000077D0000-0x0000000007802000-memory.dmp
memory/5824-1081-0x000000006CD10000-0x000000006CD5C000-memory.dmp
memory/5824-1091-0x0000000007810000-0x000000000782E000-memory.dmp
memory/5824-1092-0x0000000007840000-0x00000000078E3000-memory.dmp
memory/5824-1093-0x0000000007FE0000-0x000000000865A000-memory.dmp
memory/5824-1094-0x00000000079A0000-0x00000000079BA000-memory.dmp
memory/5824-1095-0x0000000007B70000-0x0000000007B86000-memory.dmp
memory/5824-1096-0x0000000007820000-0x000000000782A000-memory.dmp
memory/5824-1097-0x0000000007C00000-0x0000000007C26000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | 47fbdb32feb8262d56358d80f812e2e7 |
| SHA1 | f55a5fc552101bc348dd4a219d19ff2af75f2b6c |
| SHA256 | 114df311ec1d3b5042373e417a2a460039795708e279dd9523cc189b41274ee8 |
| SHA512 | 376527c76a1b6e9a578bbaea9b71f28bbc91e92cb1b0335eb536ab7d4227f707bb5d3410a234786e15e2aa24249f18ba243992eae344b72ba0eb6030a43e5c4e |
C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d28a3a348e8e69a24f524f62189c7421 |
| SHA1 | 87185b6e4ffcc180220281881d69f5b93a6508e9 |
| SHA256 | 071ae84ea408e68d627e0ade481632806dff9853d4c892f58a7c228815a01cfa |
| SHA512 | 0b20c587fd3d9b8acc2af77d2bf60b6d4caf34b65c2f92856166c1f91947ffc205a1f5832d6d5547d6bfa7e86541c5a74bf82134a9acb5ea42b2bdae255754e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cebda4d39fce5f9ff3ae93ea2c5325e6 |
| SHA1 | 4250f628dcc6088aad71930fb3e88ade2c3136d0 |
| SHA256 | 9e8d9f63054d0dcb2d3e27e8066d9d825665eac5a7247c1160fded696b9576b6 |
| SHA512 | f4fdce9e51e6dc7dd7491ef6077f3dcd2c22dfe2e69c37128a1d8f3f5d9c7bb44b211a41c0c6d7f298a50ae5d4bd789a03cc476342f4655ab82ca69cde52858a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 691636403cd01e5193a1b6a2bb8ba229 |
| SHA1 | d35dba71de3928784d1fbbda7a4ce62d1495f8fe |
| SHA256 | ecef670de664986d254a86e3475e2a80b6295ef032a07ba331e25f5e930405c6 |
| SHA512 | 7ced6c8ecf01b85b122e281a542b2fdb29d3a202c840c2f2b26830cf59c9e24dc849cd0898f0a1ee50cf30847c4672f526ed4014b72d6acf525d5a5f706237df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31103015031c22bb1a5bd42d9105c08c |
| SHA1 | 5b21e346d80af6722be722ae63736c69db1a1f47 |
| SHA256 | a49995e17bdd8fa3d3df9130c4c992f756b74e4e4bfd7bc0c9e7b6da19ab52c4 |
| SHA512 | 4a5a5612ecddd283a240d09159c5894f63af18490dfa4555c0f2a098e17976b84eadd971a06438db111ebedbf1e72178995a9a1bf8a63db951e2819bdbb6be55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9183d074d999caf91ccbb117116593c3 |
| SHA1 | fcc35e31b1e2a073a4d7f120e3f2b067f766f917 |
| SHA256 | 6c87556c5eff9f3810aaab1e1ea8cf96bcae94755c9bac9dede5a929420425c8 |
| SHA512 | 5c24df30ac6996bd19bb39241b57c91140877fb02ff2f19c4afe11544625448bf12a41f7aace656c526cda1e4267e1a3d05272e192b22393c42e85a378eb6601 |
memory/2992-1352-0x0000000000CE0000-0x0000000001DE6000-memory.dmp
memory/2992-1353-0x0000000007790000-0x0000000007798000-memory.dmp
memory/2992-1354-0x00000000077E0000-0x0000000007818000-memory.dmp
memory/2992-1355-0x00000000077A0000-0x00000000077AE000-memory.dmp
memory/2992-1356-0x00000000078D0000-0x0000000007980000-memory.dmp
memory/2992-1357-0x0000000007D40000-0x0000000007DB6000-memory.dmp
memory/2992-1360-0x0000000007DC0000-0x0000000007DDE000-memory.dmp
memory/2992-1364-0x0000000008270000-0x00000000085C7000-memory.dmp
memory/2992-1365-0x00000000086E0000-0x000000000877C000-memory.dmp
memory/2992-1367-0x000000000D730000-0x000000000D738000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1da9c45db89e83eddb3eb46f4d3e0f71 |
| SHA1 | cf6f0c9bb53ac92e5d690de71aeae67d228d8a42 |
| SHA256 | c81d55bd05953440d133453e0049490749e15a1cad5738aa0314977455095e87 |
| SHA512 | f4d5c22a079bbb08117d50574858c4bc09b66c93f8f6e0ec77fb7fd494657192031787fedb2a8b8a037af81589c2b96d6c9571e905276fe818ebd6dc9d638874 |
C:\Users\Admin\AppData\Roaming\delta_core\error_logs\ERROR_LOG_30001857.4144.txt
| MD5 | 9291adeb61c8e5952eb17ef4229acaa9 |
| SHA1 | 03ed13c61257375e7b1b334b9031362c713de6fa |
| SHA256 | 8b1ac7bf256b5162c073cd0e3122538e50a6636c6ce5b980ba05f3853e3f4206 |
| SHA512 | 81deee04790c4e378700e35a504e2d842fe894cf7a86ab8670b830819ef1d7fc328f9000788c3460b84440c83bbd15cfe644014cf8c2f8ad936fb46a41bcf059 |
memory/2992-1453-0x0000000011B40000-0x00000000120E6000-memory.dmp
memory/2992-1454-0x000000000E910000-0x000000000E9A2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f842e7b06a2c40926d629408af8468d |
| SHA1 | a763f2697689b6f284bc8f866758b1ff0f2dc782 |
| SHA256 | 8aaf99f599f82f5df3e3cfd58892a57f9fefbb3daa820f09dd982ad787a50d6f |
| SHA512 | 67073374ed8e576f58ff9d5e6b27d867cf1467d84a7cbbd25e624f038fc430739ce8be7b0b8e5495871fb78ab8c7d5f878579dc2ead0c318212d7399b24990cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2103671a28b4f6f76dbcd09ba9f91ce6 |
| SHA1 | 3c040e1c25b3c34b5fa2bb84d1ccf27b4e2022f1 |
| SHA256 | 00365c469eb6998c9f20d6453103daf9a490e4c9b3f6ec1de0ebb994874c4906 |
| SHA512 | f49e9a6aa565faaf8e9842cc97761a8fe72a154bf11a49507394455e732d3112b6111633fe650ab69c7fbed15019708d57e862e7d4413bf7098cf83afa267b59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 20ce33649b0aa2e62230849d9203743c |
| SHA1 | 0a13c95b6bfec75d3dd58a57bdb07eb44d8d6561 |
| SHA256 | 482bd738c304fb1f7fafcf92f313f1faccf57164c944c38ae8d6d4727164d72c |
| SHA512 | 332cf2a0a7fe494643b00ca829d0f49e9f0835f158dbc37ada16564a55eb60ccb1cee20e91f1caffa0a0229b85e43da41f508a356c36d9109cd8c3beae2a5620 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 78789c91e16d10f550331b6172ea4751 |
| SHA1 | aee25d6d200d75e8a0f753f888d19545278999c6 |
| SHA256 | b91a0fcd45635ad28ba63d3c214d22a8c58f33965a8fff5aa72bff0bbe65fb24 |
| SHA512 | ba1c51d05f1165e2044b94edf8520af3c20bde4eac62b730714da8a484ca691fddaa2f436debf78f60c4e60aab2f4cb2ced8448531b3bf2731d206af4863f815 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 185080eb3d5b0a66db58e0095f8c331f |
| SHA1 | bff8dcc035b163b0c9ec6e4407733b86affef965 |
| SHA256 | 113641bc7ae03411b69562ecb967139fd6193ce3f49251ec79449317ace9d331 |
| SHA512 | 75ff3e926bb1a6bcbb6cca5b735511a0e3d203e7fb90416c3cdb0b03aafc9db16ce824e0f018ecf721166f589ff8d5fad6cfcb9287418716d50256348572a790 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7920a51d2109c7caafb77168c4a683db |
| SHA1 | 4dc3309991e6a4fae7fd1a849cb9f9551175a9ae |
| SHA256 | 17c594b71957603b3322c453a028cf4df8e97a239fbfd76019147eaf406aa098 |
| SHA512 | e2bc19cb01d0a4845b683366242a68d53d8eadce730f2c159753948f1c9b9baaf7d99110b4f743b556863770176d53d8d338a4aa3d057278b3e8476c5098282a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a34b0dbf70077e3fb72cf0da4a389483 |
| SHA1 | 91b424d74ae48825873cdc62d5c29710b4f40429 |
| SHA256 | 24c30c14b8c71ccf8396781075f9edb48bc77e17eeb43a556964dd5b366b0dd9 |
| SHA512 | 6ea8f95ebc0d5ba6e7e710a16b24c659e78728040ddafa5369421470f421b54e4f8ddb6595ea1131ae34db73c5c1194697c0feac48b1450504c9f9f03681df14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 34bef20c203975103af18976fc465e09 |
| SHA1 | 772c6de558e7beaa4589790d675dc31e20992e95 |
| SHA256 | 19aa8e59566cd089dd439a91198e894f6203554bb5eec0d576104b4874b29334 |
| SHA512 | eea8a2aeedf0f039c91aa4e699cc894a37c6215d9efbc001642f032aba8a320a842868bcda0c21e930709e99e1c65cfbc22a9ffed05cb5a0d865b9fd64fa7bdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1289c41e1d384d9ce56b3f0efd0ca7f1 |
| SHA1 | 55f2725a91ab99ea7982901b42e9eab098697ca8 |
| SHA256 | 93032022c2cafe58eb431b23c166e0bc0a8bdc60927714c29b3fcc3339b73345 |
| SHA512 | ea5e5c80ce4667dacd6ee78ea5d32e89b07b4f73ff74db4d23731926c609c9d8a7c2cdbaa367611df5b7eab777dd5a1e1fe74e1252099877fd928d0d49d9af6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | bdb9c70863cf1ffbddcb6814aba83c7d |
| SHA1 | c4bf4a635db75cef24d82238400810e3da7746e2 |
| SHA256 | 3c11a1619eabcd8ae8cb0034501ec1bba652a40d6f79682ea0682d296587220d |
| SHA512 | 8d02d22a62c87efe9735340e14d9dab4676612e0866be8577718fbbde30494f2175e9a4a65b4199e4b2c27e8387e13b541597485e0c4818cd52f9678582a4618 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d98beb7e6f1999e18b4369134ec62e3 |
| SHA1 | 9c97aff003991cdf9e1e2ed7b0ecf38d91d00c9b |
| SHA256 | 07041eb14c89ffcb90f3bf140164a456e47936b4aa1e9f30f0d37926320e144b |
| SHA512 | c869a7680a02b932b5f7e40def6871ca3e5b30d6631416d5b0d0b4d02564ce65b5651cfd785b68dca048be1d4098fbdf5da3dbdcba831095ff117dad25078473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 699d4ebdde22496367fc4047f0f02edb |
| SHA1 | 10bf6e1687881714b62abdd55b35943cbd881c36 |
| SHA256 | 3070c51d059a50c2a53ed0f114e810d4f885a0503357d15b6c99409fdff52dfb |
| SHA512 | 1f45c6f918ede26708e088cc2a886a4e0d5017a202ef7d535deb47afce100fa8cc72aca9a32b8a3ac53899cfed982a6572e4c5596a71fa8e58a6487176de7264 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 42d9f14859d1501c30a0491dd149ea04 |
| SHA1 | fc0cf0ad7dfbc659dc3c7e9637e6f96a400aa89a |
| SHA256 | e2d3efd9f1e70e03410b172a01ecbfd5fe72d10bedfb0a8333d6ed1d6d90dfb1 |
| SHA512 | 31a195905d73fe656585d3fb7891c7330ba81a6793e993c4a5de75aa19110e5e6e176bdd2efe103901c4091e737eb552004fd24087a85c2c3ff9bbc60bb24442 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f892f1f7b6b51d5e01b7acb2b5ce5c2 |
| SHA1 | 6d0f36aa881f7256b26a0f7e6fa5fe9597262035 |
| SHA256 | 44aa4851cbee1cc0912230a09ec6ef3c4ddd753635b18c8b93f895126d3ba1c6 |
| SHA512 | 615377b277c18e965f766e93d3496859a675d93227409204e81ffb9194765fb69b8c27e411627e5b9d6fe5eede6c8c2978dbb7e5bdbfc4c6e74030afb2eec593 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9d7caeb64a05c94a1253aeddcb72c227 |
| SHA1 | 9c3fffb9c529805570a374681d2f3ae8c7bfdb62 |
| SHA256 | bf0c85ed1c69b78369194e5ac22914b88a1b3eeae7b7770ff80e529979bf5569 |
| SHA512 | f26f037fb5fce9902baf0337992c69d8f91ef9a8d4bb86a0564f763e03652e226316b30122718e9e83dd6100d3d7a79fbe6d34d9f250e547e5b47b89ff834a63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75379bf6122a48e96107e5511c5b0d46 |
| SHA1 | 7822ebd84800711044eae8a714f4ca49a8ae4ff3 |
| SHA256 | 31dc54ab5e62715704ebe22517d334dfbae6b1d0fd63a7af4c184cc5bb48514b |
| SHA512 | f1be1a3e7075d37803493e853883a2aea9f0eb82604364c2aca8faf7f2dc001e888f93b1854cc305a9c7ee4532988d374a89f3485bfa83980964edd675434adb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d473451ab751288160b2e80acf685c54 |
| SHA1 | ade143647d3e45623fe92b8515f46e41d3ced5b9 |
| SHA256 | 7b6e804c72c32007fc8eea7b7fd66fe22a2f35e2376923495f133fbb57ebf15b |
| SHA512 | 67b6cba208d35a7a874395ecfd1c7702f6d7628ae0525776d3058e5465e19b5d54d42924a033cc2f0b97d807414972decc9c97483d4ec90dd6891340ea0996f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 85f7658a42d9ee562d2f7f5966e30c48 |
| SHA1 | 723296d11b6f2896edc07327e07f516146d10f72 |
| SHA256 | af47cc52ff2740e5f68e516961beff37ca051184475c123285a638b4b76307be |
| SHA512 | 31fe5c7139d95efa6023160a1f2df62861071f2958d0c630cdf8582c252ae14476cf13de9912e143cab38d2cfa17fa7a49a491e1999eb8256977155b65a75838 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9282da738c30dcd06827e3c4de6f88f |
| SHA1 | f96de837770a48331d47ef89d035cf27b28f82fc |
| SHA256 | f8bf51fedcf652745f52c438cb5dd85313bd1b37f444a0bfacd9820eb270ee8b |
| SHA512 | ba5d2803b03a4bbca3c1a5408e8f9b0b1c9e47754fca302875090f6ec809592fc9b5679dcd80e75475889163469e13d66b137d5489be2fa45a1bb41ec7aceca4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f97f284f5519313db979404974c37af |
| SHA1 | 65a96537a6aec725a52e08149ce79d32ab0581c9 |
| SHA256 | 0ba22c704a9aa608d284bfd2398b0a6403294aa3356305cf4f76a27584746705 |
| SHA512 | 62f7a01fcdd1ab659ac4e6610f394eb72ca9b8d87747ec933aef974093b979562cb9e2c8df06112981eac81bbf9b5cfefc71f0296bfe685f23887f40c3e7cda8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2424523cf90981dbda140cd31c7670f7 |
| SHA1 | 26a58abba54eb97940097c40f4ecc11eceb92fae |
| SHA256 | f692cec6a5c70b8eafb1431889e4b8bc42e7d9e6a7ecf3feee71c5336a733c48 |
| SHA512 | 37723d43e68c7ee5f0b568619ca333927d53fa1479fe3da4e75e13cb63c99a98dc4ed98b7c6dd24993b3cc8532eb6c312b5674681536646444664bebe650b64b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d33581d97e9b52677fb8366863e7e8a |
| SHA1 | 4a797e61110ba8437cf0cf7803212d44cdc8d999 |
| SHA256 | bef62121aacb5755f6197b347f4fde57b3c62a33122f78b535685c4c32c5c245 |
| SHA512 | c6f4ec4d77c97512497b5a172a4420fc20fae4304488bd11825c515e8c9499c005d6d919a5c0a59b14d226c3a629179d99be2aa73ce66d0b7bab7e0cbe374a78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | da912f0db337d989e62958ca4717705a |
| SHA1 | b28a675b22387efbda2d53bb0400a282710d55d0 |
| SHA256 | 09ffe0f14d9f9f5fc2930c3e611f821e997029a937e9c163e86cd2c42dc760c2 |
| SHA512 | 14202e484407afc0d73c5cc149a6564770610f54fb632e2a09ad2f4b475b35865940c46251f997820efd1e7e2c6d147fb57b7195642993755ff2ab474da335cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 69fc46c140125c0ab850ce14cfa56a67 |
| SHA1 | 522b962a1e1ac33ef5ddf380077208325f29c247 |
| SHA256 | d8916c6ab103eb5a592d5f4111f9b91748419860a83bd40608b945d2a68f2008 |
| SHA512 | 8bcef5544902b3097e8a3578362a441ace2c93a490ac4b5d1085350847a6b74cfefe541412f96a5638b8a1c6a35dec22a080640fab118d7b9b86dc7c22fac2c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b2eacae2dcef06533612f1c7980aef7e |
| SHA1 | 0c6329865ce1611dc550cd4da8ab90c449809908 |
| SHA256 | 57d60b46404ea7952d9c513131a8aa5e4ff86c4c0bd9b09585ca446bcb9f0533 |
| SHA512 | da7d3d296b5dc01cb96c3cd7f69685b00bfbebf6dbe465016a2f4f674b1a602992ce0d4ea159da7739a5bff17f655dae3b3042645adefed4c714189179f11452 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f430542bdfbca0b60be944290cecdf7 |
| SHA1 | 890116a00354f85f1ed57b4dc92f58ffb0cb7442 |
| SHA256 | 5f5c9a8d97e74923bb83754f9567992964c1d7e176d00b09e31feac3815575e4 |
| SHA512 | 763f6f5a75aa6c7288e60721b96c451af5b1f760b02cdd643ddd6d11beeac6c2babf3d42e9ab186a08c150a1edaa2b7eea50e6ac03cfd81a0a2d4457fc80f176 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47bf41d73579a35a088f64a7f4305bd5 |
| SHA1 | e46afc52a5e96ca011a018d04b7c89bb3e35e624 |
| SHA256 | 5fbd031e1a7782dd4c8ae906ffdf55d4fafd1c8d2fb2c8a5f7a1ca3043fa0cde |
| SHA512 | 3233c6eaee031d9cda28176e873b3707acdecd8019d59d8adbaaf3e3895ad7ac5408baa9dd193be23a594e23e2a6587da87c728f22cb749dd97c18842d266a4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc416416866560defd0bc1cfc700ad44 |
| SHA1 | ef8981e84fd32a468ce27744121fd59e04d61ffd |
| SHA256 | f57ed613c030895f83257fda820cb64d5980f1636a4a47aca52e2a5717812f91 |
| SHA512 | d99691c03f35b7bab997fb031ee7a5c97af53d750058f7ea38389cd1c369d9307dec78c1e23126d007728d994fc690fad4288a863c8434790bdd1e665a181d7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d431189cd227ec93caf0fbfbe02ab09 |
| SHA1 | 2df54a04c25fd51d3dad767ffb45d7f2a1836e0c |
| SHA256 | dbecd88cd73bbe82ad2d20614ac286e5f5111d1082d88d26d9a689e9433170c0 |
| SHA512 | 369f781801cd4fb740cdb16776e67b2b2295ec2bc13a9456c2ded1b87955f7194c793d92358b5ffdea6e3f34227844de4a52facbab9b4d0bdb133af68f6b5012 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f5f5bf94488559e2d8eb194492e341aa |
| SHA1 | fc15de41d571473a32d83ba32e3eb64b3a39216a |
| SHA256 | eb2572b4665be565bcfcba6bf9d4061f33a1cc09f200120504a75a0ecdc0b3b5 |
| SHA512 | 5485e9001a9bcba1ab9f96636792b2d4a209f445aef0501ecfeb3ac7338cf26d0866db5d181e8da905dfb7be4e69212e8e4275baef8246b7f53e1eee02455cb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5adb7535299b82e07eb7c195d725930b |
| SHA1 | b6769500a4ba462f19aaa4b5b7f2a40c8ba24239 |
| SHA256 | 00441563497ba618fe56905fa0a1d42979ae3cb1ea056b7b139e491a2dd7ea60 |
| SHA512 | 5c3b73fb28a5ed47ef886789ee972224949282842776c10927d1b0153b8a2bbb237dfefdc1110b0e0556a1819980dfeb3b25862fb682feb094ed50d4c29ae2ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d48487e6ba900f3ce4e2395174a3696 |
| SHA1 | f6f01fb5974ea7871aa5429d19c80c44eb67480d |
| SHA256 | 984109979a23169b72f8364faedfdd803c8276e4bf90c944f2730d1fb7418ab2 |
| SHA512 | 3f7cb7440b0e9b6225cc42fcfd2d41b9e40a4899bf44a2e8ef2330072080a406aa2d85cded4e6642f7ef69b508f03bca60f3b9c93701eedb56b7efa4842ec198 |
C:\Users\Admin\Downloads\Unconfirmed 784807.crdownload
| MD5 | ebafdc046620f21a1426e2dfc6d614f4 |
| SHA1 | 0a214199901d6e7d680d31a4194ae0754c1269c8 |
| SHA256 | 099ec1d7676ba695a1678a43e007679bf68ad5a5991ed4ac1a385e8355e111e3 |
| SHA512 | 7222bb80d75a7f67b8d504a08d5dd2cdefdc8ba7b0b77a45476355c0f8db948a2798f0aaa08bc122d05351848156fd45ccb8b9e6faf153417a9135b986407828 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b2c8f6b31887113be9491034c9984f3 |
| SHA1 | 1763aff5ddd0311f9d654d70a9778890b420a474 |
| SHA256 | 08b2cdc265831eff93fdfa01bb60ac2aab09dae86a3c24afb71b5c4be9b43ca6 |
| SHA512 | 62896ca453859fdd190679f261e71cf107b0f85d44daec278fa659f05ed7155f543897ed192bf081c6be90af238d6552b7f8b22b15e0cc68992b757133dc7091 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c28b5cfefdc673d48abcdc9838d59787 |
| SHA1 | 56968b562aad991560d2d2957fee04c928c48ce5 |
| SHA256 | c3f2e25e521576636af350a962215de16d32a8cb402615dc15a23dfe2c48fd44 |
| SHA512 | 1ba2dbe25150ad61c998435cec8128fb1536d79f5ea247b04a0023ccbe8333a7816a52e387bd30a25b35886cdca4c15f9e78302190a3b35b977023a12ccf0acb |
memory/6408-3550-0x0000000000160000-0x000000000017A000-memory.dmp
memory/6536-3567-0x000001A87BE80000-0x000001A87BEA2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ef6eab1aa06f77c137ba4b5b00347979 |
| SHA1 | fe7b1b70479e200b43ffff7937c26725b444a538 |
| SHA256 | 0f18a9208b00c5791a79d1ac6d0907c0f0c7650d3ea43b29892b7a78ffee93cd |
| SHA512 | c90e0b79861b2d4561f2cf1825acf0fe02c3c2d9f536873e037e219506e936c70a37982b6a66193b85f783c8992c0a7567259b374f9ce5cc0f590934c04a20bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe482b020c3029c2af24575ff9135e23 |
| SHA1 | da4e96ab1262f95b0a04f6513ec0fd5239ddbd87 |
| SHA256 | 058a39a1064f38b5079f165f9189e1816d67133bd9a0247b7c67791da69c88ca |
| SHA512 | 323160c379e1d0e98d5b8e7f835c0ccaa68af0acf04a223b5fc9544e1833f1ede90f38c7ade96706edc4a8e4b9a0f49c88bec329cae46cb8c389280b94070989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8b311ade626bbba5a289d898b98281ce |
| SHA1 | 5b5bc073551d72ef4da9adab914281edfe4dc600 |
| SHA256 | 02d30f18e442a6200198967be44b98454abbaf507c2557abf7b52c7141bb24d6 |
| SHA512 | de343fdd5566856cd32ed0bb4442987ad0d4984efef15200c51ad341e710b68c64cf4659af73c5d42e54333003797c061bc329f3998d93c8896adb81525965ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fc7ce7c7c50781972a647fcbd65ac870 |
| SHA1 | 4f677a2074f66c387e31ea1b89e3cec9564feea5 |
| SHA256 | d7388a4918bd21282e88623035cb0c798da1e8f3b82576d99bc850946aa39fd8 |
| SHA512 | 588687e9fe1a367f9d9fadabb719d386a580131b93ef8e128b32c9c4ca8c2201151d7b1a2f456a1323088c831df977f02e8324013ad50f3da43f7da0de8a9d4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e06d02bc422a27a2852c9c8b1819626b |
| SHA1 | f01f7f6e04bd3bbbff6093615de990fe500b77a9 |
| SHA256 | 4e6f48f4e7a5b791f904e4ab3dcbde54af24fcf3c4cd8930f80dcea68e701b1d |
| SHA512 | c8c7b8b15ad7dcb38ad5a577a3f191490f27ace75d0260ec981f541a2532c7012e5604aa7ef96e59cbfdad0b281caccadfbf9acb52d823649849af0a3efcb6a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e97bf03742ad5468e004d8038d065a82 |
| SHA1 | a6c4fa420d49460b04102e00478cf6af79f0db06 |
| SHA256 | 113d5710a1a8e0db5e38b45501895525b7407c0353d1f54a137e623ab9207713 |
| SHA512 | f217798433578823aecf3831d9b1732f2d91c19701eb13f9d862389ccb57f83a6e5e99f3be7c0cab29787dc4bbc1e2e5bb61a2358cfbf9e65ee1164d5fca4b74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6a0583572e4f57489295445da3190a54 |
| SHA1 | 37f10c8dfc6067bb9e4aef346507532d505ac3b0 |
| SHA256 | f13e46304ce42e3b33bf8b11b362c664aa23943478fb627b69b6fa4324c4b0fc |
| SHA512 | 5f7bedb606e61651605a10bc4922fcf9e009014d399fe5e976ec33769eb747d49556ccae273568f7bd5cf9912234e851764f84e0af344447336f645d35788135 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6475b618e71ae5517a6668930c2bae17 |
| SHA1 | 53eefa3aa39d0bec02c21f13f4ff0f5148afe9b3 |
| SHA256 | 380f80a82e8a8225a532034815e0d94d678d301ab9d085e00985d97f3ba12020 |
| SHA512 | eba0ff540cbc9a1438f965527abb12e78a66b310060cfe1a5bec827718d083d29b91067178a3e34652a004615839d1f8d95b171acd36e27e28738f185bf69c49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6cfbfae7f96834d25b3c6fc998f45c5 |
| SHA1 | a456732c67bb67927f23661c156ad7e2166ede2a |
| SHA256 | e1ea7f303f575c4d6019360cbceeddb2f70018de1769b34f6f27d3556bb464aa |
| SHA512 | d1eca5a4f332f3942d78b0cf306bb53cdd0d127eeca7f33ed63003d479325a922c92f6e7227497b194b1a71eef47fc45c1a4308893b7c6c42b53a0ff1c51039a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1738857b066466cbee1c1265a0c016bc |
| SHA1 | 86e57f63d2e913834fb1ae449e22fa35767be24f |
| SHA256 | c0169f173ae821fe095cfccc84f21a8aec05044f622d07444f06731feb31352a |
| SHA512 | 73425ff279e4dd636adf459e40f81ab070d0a08e17f3106d47b0d462c3339e1487c1b00d987de12f96211dd200fdc2ba0cb49e34e6459ae4947c8671133d749a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b8aa19d2efbcbe5303478b292930db0b |
| SHA1 | d946c4cce26e303d2ff7d706460c88c3b7b1ca2b |
| SHA256 | 34d8826678c2b19505b35e71b414f62dd95b02a7f7a8def49fad3f27cdf9e82d |
| SHA512 | 6178eb4c20bfc6b28f775ef3d7cef56f3779dd8caae958026152dfc6d9595ae148c07a9d906552b9c87afea0d180bd1ace0bacd3a123f1c1ba2ff87fb916666b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 72614aee9749e8b670beaadac740a8be |
| SHA1 | af91aaca7b13cb6d80cb81ea263850d39a4544b0 |
| SHA256 | e6d772683f7b05027a87239353ede67f75f3d747ad62318b1df7c8a0fd0b5545 |
| SHA512 | a27d4b7c1557deb71b5d421bf239099191d84be3776d46d2faa5844a28e099801ac0dfe648c4d67bb2e4951aa16d0c9b72f0713431c484cf2b5fc5eff744ed37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f5b0b6cf32b6a491009b9b61cd084572 |
| SHA1 | c9d8614461c0102d4a5a000a01bdad0485829d12 |
| SHA256 | 5f5022d69903fc02e66689f3bd01e24b7cd3296ea593b94c0b5c14dcea7dc6fd |
| SHA512 | eb878e2445310de89b13378abe611f3e42cf7ae3a203eaafe4e00d9c9aed5458b4c2d2a639f84c926e175d90caeff434c77edfef7a70619a8d52ebccc2d937ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 45ea100c8e4d27f9143c54790021bd51 |
| SHA1 | f270a26adc0055fb9aa73c40f1df4000ccadf7a0 |
| SHA256 | 8ce438cf1cb4ad414d8f2efac79e107def9dcef759568e0eab63b11167240c0b |
| SHA512 | 96b46d03995cf23b8357f1676d5b3a9202d2ebe398570b234241fd0a7713a66a0eb1dc2b4c938815f87f6bc98c8388c3ae583fa09eb5f69cc9fa98673819ee0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe642c12.TMP
| MD5 | 8613d2866d6bf0feaa38583dc809a13e |
| SHA1 | 2ad580558a05c56e9262ea772520f5f4c52ebadc |
| SHA256 | 886f28d1f7045edb1655f55254d1d73ac46b99e04b5541e80690da870d165abc |
| SHA512 | 3324af0a0eab60229a36caeae7e3ed6630b979ed05e6bd6f0f89da838223ce56d1239c4d807e9bf97cda86ba4588e4dacf45d447f5d04fbfd484af1c21985932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5048_1041024307\Shortcuts Menu Icons\0\512.png
| MD5 | 206fd9669027c437a36fbf7d73657db7 |
| SHA1 | 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5 |
| SHA256 | 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18 |
| SHA512 | 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5048_1041024307\Shortcuts Menu Icons\1\512.png
| MD5 | 529a0ad2f85dff6370e98e206ecb6ef9 |
| SHA1 | 7a4ff97f02962afeca94f1815168f41ba54b0691 |
| SHA256 | 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6 |
| SHA512 | d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f50f8109f4e5c055062e65cd11a8aa5 |
| SHA1 | cd1b58a87ded86a249cea6bfe8eaa7c2aa5dba97 |
| SHA256 | 7f748f441a8ab1a65d60c6cce466f2c8dc37a90457312b177301b91f6fdbe11f |
| SHA512 | b7522c816c58f21741aae7853830f7fd7c88de5b682b3b37c97881cf3b80cd45c3d5ff90fa7401a661c638afaef8ee515522547eb138ea90ea185fe7e622edcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2a22ffb6e2f07f09543a55776387ec5a |
| SHA1 | bf42d86366b38a1a9f4342dbda101569b2ec7975 |
| SHA256 | a1ac1a3e9f23e7fc21cf14b830caf8e1c7d08cf830b29e3ca51f1e88444e3f81 |
| SHA512 | abf99b6f28d63699433923673d26d7125dd5b056ef1b5cdccb35b32d6a380210973cba7a3501af7d923e5ac4d78eda3cc6ea6f12fa1fa971a2eb314c74a134ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bdf61fc-9747-492c-871c-73f69d575ac5\index-dir\the-real-index
| MD5 | 5f9886822304b691f09e3b3c36c5d480 |
| SHA1 | 71147861bacd51f79afcdf578faf180ad9f2b42f |
| SHA256 | e7129abe04afb03d3931d727534ba97d7eb518c9ba76d29df81a690120a3f58a |
| SHA512 | 70c30965bfd217e6c2b925a83182bb49a39e3610f7c92e993af6a0f04910dcebecbe58e68876555772a1484642f391e7647d23a83ac0cc3c542ec590a7f40a8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bdf61fc-9747-492c-871c-73f69d575ac5\index-dir\the-real-index~RFe6454d7.TMP
| MD5 | dbf5dcfccac4d02d8ed37878f53252aa |
| SHA1 | 81f1d93fb58a9d898c526884a8671896aad7ced7 |
| SHA256 | 4b6c5e1afead58f808655cb7a436542ad071000ecc4845606a62abf400df2abd |
| SHA512 | 013344166227cedb5825b4fdc18ad36010a8a32f71940533074e04403a6a51ae52e65225195a8670e3681f4d2cfe5efb86062f0cf8071963d8d0f51f75477449 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 86a4bcd96cb0fbd7cb3146ab5fed30f7 |
| SHA1 | 952cee13b1ffccdf36586b446fe4aad7f26e76ef |
| SHA256 | 49023dec60569b05ee4b8582ac39dadd51454832bb2e6988a1821467a067a325 |
| SHA512 | f98ebf42d30d4be6409813a7d34ce5a2457b0575140bc16c627f1cd5367c9957f883f163fc4b60651e6fa436430b8a0b913a3f60280bc6cf7727be7c933ae462 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 08b96aa3fd7431a500e23a17a30a56b3 |
| SHA1 | cae25d029280670fd5c391041894524fd01b4bd7 |
| SHA256 | a70536cdea39141870b79b84bd6705cd60f1f4a92141597784ab9c33cbc55a41 |
| SHA512 | 8ba5a63c7e9491d359ed370d323a2002517956ac0092f4e814921f489589fb4312caf26c52b7a3a09143ae7acd368e8fa2507e2c8231ecc5b72ecec7fb36b6cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f854aa8969d5b8c2f2b0d8dd539ca36e |
| SHA1 | f1f69455a9653dbb0c8235fb552d3a648f64766e |
| SHA256 | bf06cc185ed270f1cab2a42c794c8fb7675cc7994a0745e0953081a1f738afe6 |
| SHA512 | f33a717875a1e398fe5b8c94b40624a55c7ac9be21ffa227c891c684b67a0e96ff585a88d4770526e175d739d182a1952ac552a02d266ea70c1944c0db1f5360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | fbd295b721ad3d5804bdb2a278eea75b |
| SHA1 | a3a9b097f14b9fdf4174d16c249764fc4a4778d0 |
| SHA256 | d6ec901270bc92b63f7e074e112541f2eac59e1e8e2fc05c7e8314281b621f7d |
| SHA512 | 73e54ed80d1867d318a5cbb6bd552b5ef58dd4cc8a45233796dbd9f5c44f02040761733b0968ffc6d322727f3f16001b943ae124e097904e1a22d5405ba70421 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 166067ab4e8e0e4360a5ef617a3d9e36 |
| SHA1 | b5412c8099e10e7898e877f4a3e9b03582f08a83 |
| SHA256 | 0573502902ebd67c929cfd48f869ff80dc91f340442dac9dd4099d136fe01fc9 |
| SHA512 | af9590fd696a7ded64245216ca22e8d8f39b990a191eb3402c755ec9233515c449b32c976793f15593d8134c1b7b16133bafc00be7a2e6b5a110a8d54977f69a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 19aae33887c6287c6db80d79cdd34f5a |
| SHA1 | 3d453a877bdff0097cf125addc8f5f1b85580362 |
| SHA256 | 09c5b498a942533c54c94c229aa8129af67b0cdaabeffcf8ee6c03d04552ea52 |
| SHA512 | 0fac3cf3a46aab179cf054de5544c19ecadd740f87770c5ea92ac665f7ec5646d29ef17ef4d9f4bc7889d8060431319b9fcedd59acb7156bc8c8df3ee99b83e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | da6e34fae9b3ddef29ffcbbb0912d6fe |
| SHA1 | 2a5d74cae10d2a5ec12d5b6dbf042bfbaafd9336 |
| SHA256 | 5c9383ba24395c1c8b5f9ae51d4290a98e4a6f3910d2c71d91399e7c4c5ae661 |
| SHA512 | 1eed354367473e403f8ad55e8527b6ffe10646a436abd6b3c81cd1bd17107465bdddfb8a5507ba43904054f03678096780063f254619ac76f5a0c0839867ab4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | 08f9985e49aab1e6c5e9810ef6f8afad |
| SHA1 | c0b6d51c227bbe3e7ae6151536b633c007d4c609 |
| SHA256 | ed2477616a2ca75ef014c2dd86b28c1d9a042c8df9bf72c76a61763d430d7f18 |
| SHA512 | 80cd2c3133e37db5be277b48a1e3b1a319f305e52bff72ccd73775bed04ed64d7fa0a2ae24ac7ef5937257a31bfb7e19c2c95a851a52b2ce398bbafe4f04993d |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd10f37480f24742f9e6ba58027ea8f3 |
| SHA1 | bb8b354490fbcb3b7fa11a843a58269b86aa2538 |
| SHA256 | b0425c8c8630a6671dbf11f19541974a74164ac016f1ae80e78b781f1aad8a97 |
| SHA512 | 8a1abb0233778d2002f3d388c8c21cf2e6af0e5d6709bbff4529238bb47ef0d89c01546b734bf5d5778c19c49c4e404ef27f095cfafa6279f7a25ec380ac40de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4744515289c2a77ef992f02d791277d |
| SHA1 | a22e286f2ef490b8157bf2aa3afa6d6d8eca93e9 |
| SHA256 | f91e657d930ed357e1ba2aae5f97f84101438b7c3f4bd82f4f445e5faa6127c6 |
| SHA512 | 3a170da6ddeb1853465b0439ea6c6addf3f5e2352dcda8af1d17e8c6ce1ef608aaa56ec0176678e14ea4f6b924e1bd481d38d95168304e763a329de4b39e613d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2e75234911d9c2a862cf0f6166f3a532 |
| SHA1 | d0e4928efced920b2ef51ae0ce8f5c8eaa69db19 |
| SHA256 | a3cefe0ae2909ed2f9046a1c1bf4a7a91dcf1703b79466d95b7927dab6777099 |
| SHA512 | 26a90726cd4b4afdd41c159819b44617f2c5adafeb45cb0d2eba70795a0e4693d02a08d08af4e05807ab23b8529ca18708672265aab034239a54c6e77d396a4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de9b98a4fa830f7e1113fdb3e3de0b0f |
| SHA1 | f7b78a001e0be5f73257f5fd91096af02b703b20 |
| SHA256 | bdd5744f616a8b448824a8768486cb1d756751f0414fb6bbf27690109fd40df3 |
| SHA512 | 9dff8b08fd31b982f82c468054b8ece3f902a9d481bb838f4f0ff5b8ef96c775aedd3ae7d6bc7687afc9b1f810fe5151514ace0306c3b41ef5ea69dd7750ea85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\index-dir\the-real-index~RFe64acac.TMP
| MD5 | d67d58c26a2812dc1a9d45e659b51095 |
| SHA1 | 5886ba6cf828021a017f739d4152a7359189fe13 |
| SHA256 | 73977eb43d5248b6c25dd6722f5d38d4e56df23914a597c38e810ed683af3279 |
| SHA512 | 4a36ced6d75427e6ab7c59fe9289bf19041ba03bc7f7dfd19a863cb86eb6b5a0a4fef3084348659d46a350c7bb166380a04f16f234d337707087eb7b3ba6e34c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\index-dir\the-real-index
| MD5 | 64b5a0c50d62d311f8d54b8b52b5d7c1 |
| SHA1 | 8d34c27c900fc53a6d26620da24e30a0e8486050 |
| SHA256 | 339a1f79a7ac2f207be07127084868fdf87be172f7fae675d4ee2ebf68f03c95 |
| SHA512 | 5307abe49f93d7ac9524e4702162309ec61ad13d085dcafd5a7d9fd24fe5104d700a0c533c5a8b42f360305b4c0079a28ce222ebf150a6fe427818ad6cfb8b44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2bacfcd173e08162949d78fa97d177d |
| SHA1 | b95f466286e43b31c8e84ced6de3b0b2066f06b5 |
| SHA256 | bfdb1e33b04663c94a48f297a7aaacc0ce03cfc81a8ca091272788ca217fe1ca |
| SHA512 | 0d467e9975d8a1bad10564cf75110d80e5c51ca5f5003d69cd18c5d83f33dc0ec75b018d1f6d202b820cac33257f773162e7703c642208469b79e092016994c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed629ce943088ab71f43e6a390ce4932 |
| SHA1 | fc79d1787489ffb09ee5ddc1c7f95eaa4f501b1e |
| SHA256 | e476cad2ed5cf836f971040447eaa730d9ee8fd8c3957b22a68e57f393dc3be1 |
| SHA512 | 10f76babc67178b16d8564fca68a2fcad2b159fac7adda8ddde9675dfaf93b5aabaf942290c3d86b9cb9668f4cc532599229b738d4b2a56357cde1f428152524 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\7acd421b4864a864_0
| MD5 | d298db790e81ea9195d5c35fb8778af7 |
| SHA1 | e25a1c718f42a9ce5091e02c5db8a09932b713ad |
| SHA256 | e063642e29f21706f75a5cb84ad8998734c21906143b9cb5e4421914933551c7 |
| SHA512 | cc4950ffaccaf685b3f890d83644cd5358ce8ccd18c66d436437def253efde92e1b8bcf5c19c59b69b7a2ee58a8c9cba1ffab72a529fa3cb761431357c3bba12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52b4b71f282401b411ab7f312ce2f3ba |
| SHA1 | a06ee5e1ecdab016b4f0ad227b94ac208673ddcb |
| SHA256 | 3b772b3a52664e2575db54c4564bef2ec11c158f9f7272447272052bd113d7bf |
| SHA512 | 48e2e57f38aaf72663a4aa90dc293feaa58faf2e9c7abaf35b4bab05dad144e12424de00e6ff3d72210d57bf5c8361128f5ae5e41a6bf4d7309699db7fd19e98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 04ce3dcfdd1576ce918bc3fcb134b022 |
| SHA1 | fd05474fe51ca92c079856a4366da490b47d25fc |
| SHA256 | d66e1b0f1f576a47e2a20d9c04fe0d60e1bef6c46ab439f8e1dae55e5fad3c94 |
| SHA512 | a4ca553ecd1ebfff9799f8101fc052ad66343258b1bab939cb4cdc6585483a627a872744d154e40ff28d24c9180f5053595bce5b50762b1bc730679a5abeb783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 08458c650a5465c9e3195dfafbdab872 |
| SHA1 | 48782f51fda25e5f3e68a220472ff699f3e14676 |
| SHA256 | 467ae62e009883e962aafec43e2e0c7472a3b204bb9b19853cacbf6db4df9583 |
| SHA512 | 1e878c816a96fa815ca3814c30a9eb415029abbd5b678b620b525c7548dea44db8a654657f0cb3a229c3fefd228b81b138679ad423d924bd388d3913b5d67df1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54326371036a7a54baf6c440292d8e47 |
| SHA1 | baf6b721a64e2c06487b3f1da84608245bfb4fdb |
| SHA256 | 57c9b101f70375818f292f4c802c9c632034e43e32aeea82dcec71e7d43586fe |
| SHA512 | 0ae992afa7a12966d223f9ec3fb0fea98d43ac5fade978360f79b6160c130ea2eea5b57ba3a729dd5bd706fa6e10a58e07fad3a5155c15628461690d83481d00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
| MD5 | 7b49e7ed72d5c3ab75ea4aa12182314a |
| SHA1 | 1338fc8f099438e5465615ace45c245450f98c84 |
| SHA256 | 747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6 |
| SHA512 | 6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bdf61fc-9747-492c-871c-73f69d575ac5\index-dir\the-real-index
| MD5 | 6af3565c52a9c955cff19e237117eac6 |
| SHA1 | ef7de56fde4e749a8eb08e36560a829eaacc5fe0 |
| SHA256 | ec95e55709cba59974172071baf2821bbe380839d08e04c4275f04193e355240 |
| SHA512 | 5bf9aa4cf99bc591316d3216df25db0a28844ed0ea8b536e9c9148d9aad456bfa680e5b2ddc59db746f0b4f942cb0f9a778f788911e233bb61c05cfe434899c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | af662528129d78921e095df3a29182bd |
| SHA1 | 2e8dcab0d728b517ec39df648a3a1cfaaad722d9 |
| SHA256 | e4099e84f6b3d4249ba08b00c55289b94ecb2851f539d1a714635b64c78d2757 |
| SHA512 | 096ca5a7197e5f2e43008d65ec8b1a85f4e59fc8d5d49ba6f91cae4efa661211bd7df7b4018c0b2d4a6fe3cc4ce3cf2b694f506d2839bafa4b4eee381d6322b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 178686016086a18df8bdabcff1db7f2b |
| SHA1 | ec88ecca6de5bce3d3f5f09049c097a997e1a799 |
| SHA256 | 11768eb1b388570dfd7072fbf70e41278838d803a58f37d981a54cf3177febea |
| SHA512 | 9c0664113a0196631a1976edbc3a1042b5b48f01ac0ec691365ac5f5982b4ac45beb728ed112aa3120d5940878eed13453c9b5dfff13f55d29f75796c7ed3dbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08e0016aab53db43686076dab442b776 |
| SHA1 | fa54dec910b2159cb0c0abed375694aaaf8bbac3 |
| SHA256 | 19cd9ebe1b88db708b8813ba1add98de29acc332a68a8d018b9eaed55ea943f0 |
| SHA512 | 6d07b2d33f799ea6dca8a02d1a6ede6f7b4fbdb091a42db3e0854c6ea0e480ff47cb90ff2f318a3d54c287018f47c5cc9aea9bd4efb1df1857e6e7276c6b66d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cdb9a8eeabff82a4d51e443c575c95a9 |
| SHA1 | 922d8ce3e202450c20846858010807221de153f7 |
| SHA256 | 486fa0b7c3bc58c1a443f9c6fcdabec092ed9cbdb43b57e822bb63055b89f5bf |
| SHA512 | e02d1319be2cdc83bea1c45625a7c602c90ae4871ee79f55c90406667db12189df27eefbc50d52e12bc29a51783e9a4f774632dcebdafbeee8a7023f809ee4ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0eea6ecd8b870df6e7e38bac65c9c66a |
| SHA1 | eb53dd4194ae17b52bbaf79219afd0090528b598 |
| SHA256 | da84838d0554d803297a259edca203fc10d0e67040868bbe438581164b4c096b |
| SHA512 | 190f32e87cb490de0762b3bd1e34beb5daf1593fdd48328a4d4ea6f7abee832732429df2343e0a2343e3a2f9664e5539ddcb0113d802638c2e84d7a6c31e0100 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2fbb75c68a4777e68b9e008aa6fd95a |
| SHA1 | e65a2ae926fb71537e615db2133d363079610eb3 |
| SHA256 | 92245859f11b24c763e8855cda34096b0da7893adcde5a512d7e8955d79e3aff |
| SHA512 | 8dee1096913a5c3dec97f9be4bddc93df1ddec5df6b3e24b1d4cc546a6087bda34e63e5542001ac3a1dedd8a41fc7188c212dd32161513de1cc7bde6894e99d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 286fcdccd034541559379404ad69b3c6 |
| SHA1 | 549698fe293bff6d1edb91d31fac65d049d031ca |
| SHA256 | 0d7b68da25977ec38635bae4f6c4228af62bb9d75f354b86ecd9c98e46cfbb04 |
| SHA512 | c8b9736fbb4d9f8c6db2761e7d9fc1ad3264fd0a715f842cdc1e926d27383ea8cd97745e9ac51e29ad0181dcdaa6e5a8a78393c72efff8346a73ec2c1ef78c3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 258830b0dca544817a556042e0c6abf2 |
| SHA1 | f2eee576ab6ff99f6c8a7cbb091c4725e2964f75 |
| SHA256 | 84ba825e4066efc19c77db7383582e7c296b88d7619d0838df1daa742d9ad0ad |
| SHA512 | 00ae876d915e6a8762abec9ca1568941f0820b11e39081f5f587c242f78a9c3a701d6798f309e087602a0b6052bbb2807f965ee74ddd66b821814dae0d894625 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d
| MD5 | 47dc65492ce82ca6490241a545bab45c |
| SHA1 | 809c24b668e2383016f8ff2ff4270c028917be6a |
| SHA256 | f1afc64f56109bcfdc6b4a657fb60d5a49455737fbc5c97995d890ba1696b33e |
| SHA512 | 403f8cf0a1a4bf704c14bc767340e70b746afd22d7c645817aef1a3b6240327574bdd3a89226a5c534f40adf241e83ada064e385c7c956cc8437bb650452816c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1f69cbe9a55eea8f29b23eb836f3c757 |
| SHA1 | b8e6e8ee499fbe81937f6dac755fcfaf106e6f1c |
| SHA256 | cc5032657d7150b1c75901611b62174b46b359eae32d038b8a58a15fbf459905 |
| SHA512 | ff4b1744a484d9cba54ed92a349e7a2f52cc024b6edba39ee35ae7478aba9ce059e9659f7e3babc0e23843e15933f68d1b5958f3b841f8be52237776577d3b51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aea6031e8951366fe10ada939f81a4dc |
| SHA1 | 4088d01c0a3aa94f554cafffbb5f31662b6d9696 |
| SHA256 | 2d46809202bdf45dd51fb2fe8fc6fa3564880b986f518c207bc1e3ea73237f63 |
| SHA512 | b3376f2c322491c3b070acbd40497025b901b0d68ad9ffaf1f3e5f4c3c42c0e1f9531d0c4ce416f9b18955023fcb4dd788e20f756b295f904bcff07a8830f219 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20a168d54a9b8c4c44fb6ac6f1a833cd |
| SHA1 | e67fb0c43bb1769c96d727e9ae3ce9c12366e12b |
| SHA256 | 619b836121baaa13a4288951f475acddcf5ee46008e222b4ba2ed44274cd051e |
| SHA512 | acd61a5a1874a83049b95afe4d4d8f3d1959db0d3b1dc6212eeb3c466f99259412d03f334e3be7074f7da5a6449da7756cf90298ecbe0a5b834d04d5e6766165 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6ba5f05ee47cb976f8a9241f0286288c |
| SHA1 | d3603bc4d19f7731bd9abb3233e5ff9480ad1072 |
| SHA256 | cd92bbdfc70a09e6d2a17d649d1fc2c0b0228da6a3d8312384eee12226509c2a |
| SHA512 | 7c8972c0956a5ab8d9029a03cf4b457e5357715f7735543df0276b68cef512f8cbb815b3482742f2d25591bc93deb54cc10b3e99e7e6f2d95872ecd1e49c5776 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fadb73973128b847ece2adf1d2c021a1 |
| SHA1 | c82062deb6ef0405e18e52f8e9463b95285d3762 |
| SHA256 | 780276860873ed561108f208685dd0296437aaf2928a72397317662232b7b820 |
| SHA512 | 6d4e565fb8eaf1835889039aec5904487f35afa1347cf0c165d0d9e9be0697a5ab2d96218719fea24a14091502d7ef427beb167ed55695228489a148001eb89e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt
| MD5 | 328cd8cf6b25d95412a982c2bdaa96eb |
| SHA1 | 075572edd136570a897df1f37e002b4be0097c91 |
| SHA256 | 85d6c7e1ce76f59b45527a814182bcbca4d9321e8cc3599a16534764916aec7c |
| SHA512 | 532e912f6b2ad55a2947542d2319d3833eca8adc1280acb40f5fe3ce16994a57873d19d5ff4bf4dcde04ec057dc19ff1437dc16097abc6e03e74a8a1b1692540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt~RFe66a203.TMP
| MD5 | a82d684ecb95a1cf1b921ad94261bfa9 |
| SHA1 | 1eb321a60865a58a952903a52d3a2190d58a16cb |
| SHA256 | b503221fe57ae24764fb6eff89bfcfe83d56187c43c70a6657ad51697392a5c3 |
| SHA512 | e5f6084dfe0c7d1d3293d56240dc8b5b15d36b36524944943fe677e48d6ff7d0ab7e2028efb235f1a35e81b180f5d3cb316245013a13e2b2e1f045b5f65d3a80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt
| MD5 | 984c8d4a16e8bf4852f4047b5c0012d9 |
| SHA1 | df2206ea2578c05d91b7af6dacf58417c5b2de75 |
| SHA256 | abc4df45a6124a1be33bdbd95c86874679d2427783adaff349e571a817352818 |
| SHA512 | 5770ec5b279b68ac6c7231fca466ddee589e8573fcb92a34744626efb98d3aadf9a5a3118ef50072d91172d699946e3c2aae5b270edbea84b9984a63b03d906d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0ac8a6ea2255b4e658c6339ef16c9026 |
| SHA1 | eb051d18b3cfbb22935b88496b7dc19d6cab4603 |
| SHA256 | 51c3c17d1ad1f3a9e89ee523a7c55f6cb750bcc1267cede2c23e88d42b69b9ea |
| SHA512 | 3943d5fb60f0a1cfd552a218091b4211c4ec868dd00792a8b528a090f2e25237df2b5a78d1c893671e0f9ef236e348306ee6fa15e14a690cb1ee80484a6cb8f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4
| MD5 | 5c021cdcb3362ab6808ae7da70465d9a |
| SHA1 | c758fa86e404db075636a73731b0d8af6c9f3433 |
| SHA256 | 83c767b591815d7c0b3f1505a84710cfefbc98a178e1b13e5e93a2e37c479ba7 |
| SHA512 | 699f6b24d2e2bd58be49f7944c934571ea7b4105ae52db6c5bcc8b1b0f9e4f52a46588806d2381552be0c44cfcfcd00a86127d9b6c5e36bb71d407708c4172c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098
| MD5 | 8eff0b8045fd1959e117f85654ae7770 |
| SHA1 | 227fee13ceb7c410b5c0bb8000258b6643cb6255 |
| SHA256 | 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571 |
| SHA512 | 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt
| MD5 | e417b0745c77c1eae789481c1cb2772e |
| SHA1 | 71a1166d7437dbaeeacb7ed7d0d6110d7b1bec0f |
| SHA256 | 4124c4ca1c4f51120ab89b427cb1d0fcea2bc76447d99c81e5c1ed4def2f1aaf |
| SHA512 | 6e69dc852b574d09657ce8a3f15c181f791469a74055e5fe28b3d7a8a10b4a9c9c7541a9021f3f0e952faee1f869824ac9a214d2ac7fcd8fa2da259bef3c03d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt
| MD5 | cbe9adae0da24e27813e2b3cbbde0a55 |
| SHA1 | a77824e5c6f1fbb2983b7932f280cbe4073a0107 |
| SHA256 | ca63ad73c7d6c39b8d69685475d41d026d09c9d76076dfd8d3c3483a46b4d109 |
| SHA512 | 670cea1a507cd48cbe8ce2f9ef6b54334d4fd5e600e7ddf60dea67ce89f0a54b3797a8ecf26404edb06715d1e6acb2774d7ba303ea7059514c0f38d991ae2a32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f
| MD5 | 2d0cbcd956062756b83ea9217d94f686 |
| SHA1 | aedc241a33897a78f90830ee9293a7c0fd274e0e |
| SHA256 | 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2 |
| SHA512 | 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e
| MD5 | c83e4437a53d7f849f9d32df3d6b68f3 |
| SHA1 | fabea5ad92ed3e2431659b02e7624df30d0c6bbc |
| SHA256 | d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb |
| SHA512 | c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d
| MD5 | 115c2d84727b41da5e9b4394887a8c40 |
| SHA1 | 44f495a7f32620e51acca2e78f7e0615cb305781 |
| SHA256 | ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6 |
| SHA512 | 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078
| MD5 | 08e87d4ca70b189e858f10803c556ad7 |
| SHA1 | 427db044f9f989e2f34d8db8ca7bf5841f4bb045 |
| SHA256 | 69ceaeedfafef98513d01c0193172914afc8204122c7f84e097ad92fdb421688 |
| SHA512 | d65abf68af18bf9f49ea3e6dc0f424b8c882a812c62806e6c68ee3644f02717951ed71f1d78d62f3451d31339615dd4d2422e3f4755afb29ab294c1dc3f95acb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 444d15fe9964b90bfc184274c6b389f0 |
| SHA1 | e5a2d1a0b029ccf259196195cd22d249d99fa7bc |
| SHA256 | 8a96dfa177a46c88b8cd93d998a9861c80d377094fcfd7207e5274d128263d0e |
| SHA512 | 09f273c0c4bb9bb438c405e299940ce8a19fb7147512ec204c3474aafd30f534863b6e9fc9afac40995458a6c00433a1a79a5ddb233165eab1de7f42e0fb2dee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt
| MD5 | 60501b38bd808a507179794b81e82bf3 |
| SHA1 | 3c028046e8c930369d7835e568172a4ec95bdb8a |
| SHA256 | acabe2bcecb6490f6418dcca8868bbfab7e2afdfd5e21694f7d038cd862d57d2 |
| SHA512 | de7d21971adcf6636bcc14c3a4925584078c7c5efb35d1da0918080cf65bf87064a6b41b6595c00442ab1f033f02448cc5ab67a4f58a9df9c86942ec631f8818 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096
| MD5 | 53b7676cbd461618984fcb83a83e9587 |
| SHA1 | bd955f4eb24621e0def90c1c9aed9fed449751cc |
| SHA256 | e8a4179962be505ed1bda2e2221450d7953f29309329eea9390ed12d6b19960e |
| SHA512 | fbd7eaac7e9d3c7a05c6547c48aaa04587ddb4a61e485e288b9904667e716dd01b0c3dcf4e68865e1a16c39bfc01d18c95d7032384f649c307d124b9fe784df6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097
| MD5 | 95058bc21af6ff831f62c2a22fadc50f |
| SHA1 | 56b41a13223ee610f8dfc6cad050c6f68b012cce |
| SHA256 | ea5e6f30e7fd7eff0687bffb8ff4f289d2e200c82b3b18d858ae252db3cc6903 |
| SHA512 | 0f0c29f481eb84bcd5e80ca45ea5cfa8acc938ea590e215b7217d76eda5c66bae5bdc8136eed73968155a0fcbfeb64df70d9ebc2558e3756d209c14c5809d62e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1
| MD5 | 801d8a7eb26999ae07b82f70c66529a1 |
| SHA1 | e8b7343f8baeb857235ac71c5aa671cd3dd0ed56 |
| SHA256 | 6201c74c437318f34e9bd574815515853148d1abfd074301101683b9a183f070 |
| SHA512 | 4ba7e230ea8b6fc257866de633e3fdce9be66ccd9108de9a927f6ce231e57e522de0a3b060c82a4f0a3dcdc2962b696cd03d8ef3ad85d34dbc23c855eda2a2ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b
| MD5 | 7416f425f72ffee97e4e3f8ecb5943b2 |
| SHA1 | 74a579c6f601de60f2d62fec57bca11fc5e33362 |
| SHA256 | 6094107f5aededb5d95a00e824a628463593c1101802e5a10168a13eeb44b006 |
| SHA512 | 1c26191e0fcd66a1aa112b96ce59dc40e730ee581e6f2d2605569335935644f9917f6570b570256c36a83f7228d329af6a7d60163effd156ebc051473a7b51ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\5a348df8-2298-46bf-a9ed-c12677bb58d3\2
| MD5 | 0c27e688547baa10c8532eb193dca141 |
| SHA1 | 4169a46844cdb9a3e3c13f34ca442baacf947506 |
| SHA256 | 89960cffd1a684dd207f0218ba5030647205408b2e547f0b4988e36e55973245 |
| SHA512 | d8fb3c23189cbdec1a640bb2621dd5e6c16eea0fd411ba6a7456edcb6234264161c1ab1a01c5be0b24977a94b46fc1a7aa4f18535ae48485f0085eeff74bab2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2
| MD5 | a2625c7d3e053a2a81fb4db5e338d3bd |
| SHA1 | 396d0ff09927500b31ae336fb0b0f1b69d919990 |
| SHA256 | 003aeb7864b30265e970b42d3a06403cafc3ab71a480e818aaa97abd232a610a |
| SHA512 | 144a89f15c33f9588c0279cf194846db04e10de259b43f10f02815bce59c274464a5acabcb306d4dbbab808eb4f4be8bce1df8ee8aec95aa5323289ede29fb81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0
| MD5 | 84110269add542a2b71a52f18bf7725a |
| SHA1 | a37b735b9397a147bc2b2e511795a87338dcd543 |
| SHA256 | ec53cc4774e7b530a5887fea08f03bb7c0f134390597ea9d9ea1773ee8eda236 |
| SHA512 | b767cb910753177fbba8e06ea6a1eb332132b381893893e0976bb1df6c410b9af7d854bc452915b566f7844cd40a4c20950d2518e8ebd3a75a0cf4e7cc880185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3
| MD5 | 5c9065f290693b9457e4cfa214ba9b3c |
| SHA1 | 0132d29f7cf8e98c6ab9b02654e8a5efcdbb72b8 |
| SHA256 | c16808b8c97dafad2c3fefb3a1358040587e25a59d9a6e3b70fc66643d8a3715 |
| SHA512 | 376f8e31a0801b72427864a8cee66b5b9790cc7742413a95eccd506fccd6baa8066a3290487f697addcc5ff5cbcbd25661574ceee8d19a6c3941d4530224ecf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ec5660bc834ae90f5e180b9eccd3854 |
| SHA1 | b9cf1e2a56b260e0d031f6d848ca9f1a58c05543 |
| SHA256 | 4bf9ee5f214ca30b500a329e796afa14b1784df82d9bd3c0ea84c8ea6a594817 |
| SHA512 | d17a8435e390ab9f896431a427c1f07d84d5e074cb561601b83943fc2df21299b2e37b3619955538fbc348ca3209d0755e3286f4db5d8b1621a635a8f331193a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48e8b7017cde5244ad2658c32ec1ecae |
| SHA1 | f14eb70fb3a82f57bd0fb6411a5be3a9da7dc09c |
| SHA256 | 22165877799a18022b09050952a9d95426ad30ca2cc6fd891fece41c35845212 |
| SHA512 | 9ecf5185c91d55cd1f0a1ef71fe9bb6935cfb26bfb1b1a532498ef0dc8065b25002c09519c44bb058bd7796bff845f36b8c55bd38b75917a16a796052c85fba2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 478c64f99f3ca7e0af770c3d1be89647 |
| SHA1 | 00df10c8287c9cd9675f2fff93b5bc45c64c59cc |
| SHA256 | 3e9c6a0bbc0c35b69362e706bf478a3e3487306f605f86a349c79d8d535f3200 |
| SHA512 | 1527265f0319105dfa92ff15b98816a550ed2b024ff3ab89e44826f6cbfbd33d10bc44bd8147d13f86820deacc31d0939346052597b37c539d04a59b3dc3d5d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1c5ea6a432231fc5ef63d400548a0b5b |
| SHA1 | 31989bf9e9f18e3fc25498d48feb37de11dc431d |
| SHA256 | 17ec540927f8ed70ca302687a0e68c49fc105c3a1f1b5acb49f54c8c8a9d0f44 |
| SHA512 | 8d21b66a02860e75da4080592630f2927d3fc34866b6a9b1b13119b3f798000abe5ef274d4d892498a723308a9ffaf414e5781cb7cd18131b12fea6becee7fe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\1b8f55a8-0547-4ecc-bc0d-a933bb6f81b6\index-dir\the-real-index~RFe6731ef.TMP
| MD5 | 420f796a067a93526c87d3bec2441b66 |
| SHA1 | 2e106297ff1ab753cc8d144f0d1313a5873b9577 |
| SHA256 | 89dc99e22e6e89a60a098043c138c5f0216cd9df9a08903a290888b7c61aa6b3 |
| SHA512 | b19192b796e6ce57a4c06c048f3a0697754992f4f2013cfcc674df18c0bab5dc89f063f1431a4aaa6c7cf2c3716e0684958a92a0247972340ba1f520e00902c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\1b8f55a8-0547-4ecc-bc0d-a933bb6f81b6\index-dir\the-real-index
| MD5 | e9466efbd494fb16cb5338f4f6c19e00 |
| SHA1 | 7732bf3e62bf2f85e89ed1081ca02fbe4e75a3fc |
| SHA256 | 3aa58d4e85967b790f77c76c658989ab231f6540ccc3ff014ce96a05886ce68c |
| SHA512 | 8045a0a757c201c015ca6b03d0d70dcbbead13bb496679067e8efd6725b436dfeb4537e3a8dd2c803176b1ed1bc15d253c797411e911790ca7a246ca55a34485 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6e4e6a3d8641b347f140612deee15f47 |
| SHA1 | c8acf45744ed21e0585dd80d1060941400659a3c |
| SHA256 | c169b6a4daff86884180c3484b4b4a5d029ff01856592d2633c0e11b2f770132 |
| SHA512 | 485e47ed3aeefef143db7979f3f70606dc85c86ff71b54cbd95eba0184e950aaba19f22d50d7d0fc86764dcdf74cae1555b8df4674e44f02c28f8acf20badb5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\774daab0-4a09-4e38-bdc0-b8f62b94a391\index-dir\the-real-index~RFe675391.TMP
| MD5 | 224d289d6bda5739aea235f94856e61d |
| SHA1 | 5ba374e4486e089ef74a42cbe707c7880fe612a5 |
| SHA256 | 65eeb7b5da5442b372c1c89a0c459ed45ea364c1d6306105baecfec949d90bb2 |
| SHA512 | 9d66867311fad289e1f9a3cf3af89059b28b4ecf54014f1fe5d746a735591f1be27d51020c4923cc617e89eb16b62ee5ae3adae087401aa6983e9a470310412f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\774daab0-4a09-4e38-bdc0-b8f62b94a391\index-dir\the-real-index
| MD5 | 094104d94173c49a49e82e7c47fe7dd0 |
| SHA1 | 622da4c5319187a9d89b3a823d25f61af0cd498f |
| SHA256 | f9ae83edab08c4a48915184f54e11b251c8e5a47afc6b34af5e166234e7d79db |
| SHA512 | efba9feaec214e961d69753236b9eb64cf14401114bd587fce643fbc864d436b604327611147d52c510de0e8684b273ed2f93c1de551b172b6611c7c54a606a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt
| MD5 | 75fe78e8c9d0fb43b0d489db0e677f3f |
| SHA1 | 7cf410603a06b2f59edd83bf31f934713405b0e7 |
| SHA256 | 76b5c7b6731c8ae1d0b3533ccf1fd1fb5c1e0fe8d4452e9a44cf17b113f908dd |
| SHA512 | 87d622b2fe6a4fb4e76461ba7b71c1913fe2495830ddbfc6c56de29a04beb6e8b7432d6cf173ac9a1c5eae6acb43eda0fcf8b4e7d43e4cc18fe83f6c0ae2be62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c090428ad7c6e152a961d620059552e |
| SHA1 | 968880140df55b4a760d78b212504d504ca05a21 |
| SHA256 | 12308ced9ea09a3004b8e7745741b95e7b4032d857850b3507f434c4913dce32 |
| SHA512 | 4dc0a5c6f5b2460bdb1b55e06f933febdddff684ad55bf9e944421b6f10125320869f18dd8f86837f4ad592dd79e96b905f021f10403c46fb37ce5608459d4d7 |