Malware Analysis Report

2025-03-14 21:55

Sample ID 250126-j4jv9awqhv
Target https://filedm.com/KA1rz
Tags
xworm google defense_evasion discovery execution phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://filedm.com/KA1rz was found to be: Known bad.

Malicious Activity Summary

xworm google defense_evasion discovery execution phishing rat spyware stealer trojan

Detected google phishing page

Xworm family

Xworm

Detect Xworm Payload

Manipulates Digital Signatures

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Drops startup file

Loads dropped DLL

Network Share Discovery

Looks up external IP address via web service

Checks installed software on the system

Password Policy Discovery

Legitimate hosting services abused for malware hosting/C2

Checks whether UAC is enabled

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Uses Volume Shadow Copy WMI provider

Opens file in notepad (likely ransom note)

Checks processor information in registry

Enumerates system info in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-26 08:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-26 08:13

Reported

2025-01-26 08:31

Platform

win10ltsc2021-20250113-en

Max time kernel

1056s

Max time network

1057s

Command Line

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Xworm

trojan rat xworm

Xworm family

xworm

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\wintrust.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BootstrapperNew.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BootstrapperNew.lnk C:\Users\Admin\Downloads\BootstrapperNew.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BootstrapperNew.lnk C:\Users\Admin\Downloads\BootstrapperNew.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\BootstrapperNew.exe N/A
N/A N/A C:\Users\Admin\Downloads\BootstrapperNew.exe N/A
N/A N/A C:\Users\Admin\Downloads\BootstrapperNew.exe N/A
N/A N/A C:\Users\Admin\Downloads\BootstrapperNew.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\svchost.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\Windows\system32\wbem\unsecapp.exe N/A
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Checks whether UAC is enabled

defense_evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Network Share Discovery

discovery

Password Policy Discovery

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\colorcnv.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\hid.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\microsoft.bluetooth.proxy.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\microsoftaccountwamextension.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\resampledmo.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\sxproxy.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\agentactivationruntimestarter.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dialclient.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dpnet.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_8418b8585d9586f6\Amd64\pscript5.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\kbdno.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\twinui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\biocredprov.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dsquery.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\ir32_32original.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mssitlb.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\MUI\0407\mscorees.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\kbdgeoqw.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\kbdsyr1.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mciavi32.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\contactactivation.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\F12\diagnosticshub.datawarehouse.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\flightsettings.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\ieframe.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\InstallShield\setupdir\0015\_setup.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mssvp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\perceptiondevice.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\Speech\Engines\TTS\msttsengine.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.devices.pointofservice.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\provcommon.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.devices.lights.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\wsmagent.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-eventlog-legacy-l1-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\elstrans.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\fxscom.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\removedeviceelevated.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.applicationmodel.conversationalagent.proxystub.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\uiautomationcore.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\walletproxy.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\appvterminator.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\hdwwiz.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\ja\authfwsnapin.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mtstocom.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\ntshrui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\windows.media.playback.mediaplayer.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\wmadmoe.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\cemapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\mssph.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\rtm.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\serialui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\tempsignedlicenseexchangetask.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\syncproxy.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\systemsupportinfo.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\vcomp120.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\comrepl.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_d5748f7a3c584c26\sensorshid.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\inputhost.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\ocsetapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\subst.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\winhttp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\dictationmanager.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\downlevel\api-ms-win-security-lsalookup-l2-1-1.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\SysWOW64\execmodelclient.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\vbe7intl.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7lexicons0011_v2.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\windowsbase.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvisvsubsystems64.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\presentationframework.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\reachframework.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.xml.xpath.xdocument.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\windowsbase.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\vulkan-1.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp120.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\msb1xtor.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\system.identitymodel.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\system.windows.forms.primitives.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\presentationcore.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_mr.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\system.linq.expressions.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\system.windows.controls.ribbon.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\syncfusion.core.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libglesv2.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_gu.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\system.data.entity.design.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\windowsformsintegration.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\common.clientconfiguration.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\vstoloader.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\system.formats.tar.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\winword.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\inquire.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\syncfusion.grid.grouping.base.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.es-es.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\microsoft.data.datafeedclient.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\system.printing.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\system.xml.xpath.xdocument.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\windowsformsintegration.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\presentationframework-systemcore.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\wwintl.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Dprt\microsoft.ceres.docparsing.formathandlers.filter.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cy.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\aceexch.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Windows Defender Advanced Threat Protection\Classification\nl7data001e.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\bibutils.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_cs.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\c2rintl.ko-kr.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\system.windows.forms.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\iecontentservice.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-processthreads-l1-1-1.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\system.data.entity.design.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\microsoft.build.engine.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\system.net.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\microsoft.reportingservices.progressiveprocessing.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\system.linq.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\windowsbase.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\presentationframework.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ochelper.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-e..sedesktopappmgmtcsp_31bf3856ad364e35_10.0.19041.4355_none_b9ece6b1224ccad8\f\enterprisedesktopappmgmtcsp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-rasmanservice_31bf3856ad364e35_10.0.19041.1202_none_137dc32b55dedaf4\rasmans.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_1.0.0.0_none_1ad99b7886d3621f\microsoft.powershell.commands.diagnostics.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_10.0.19041.1237_none_9ad73d125ac89655\bfsvc.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.4355_none_b8d30a8d19a7b2e1\f\jpnkorroaming.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-srh_31bf3856ad364e35_10.0.19041.1266_none_1e3229580ff745d0\r\tier2punctuations.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-msmpeg2vdec_31bf3856ad364e35_10.0.19041.1288_none_05beeb4f6d31c3de\r\msmpeg2vdec.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\msil_microsoft.virtualiz..client.6.2.settings_31bf3856ad364e35_10.0.19041.3636_none_6c4c51b590041ce5\f\microsoft.virtualization.client.6.2.settings.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.componentmodel.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.19041.4355_none_721de25b71c1bd05\f\pnputil.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\msil_microsoft.web.confi..apphostfileprovider_31bf3856ad364e35_10.0.19041.3636_none_5a40766501b3dd2a\f\microsoft.web.configuration.apphostfileprovider.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_windowssearchengine_31bf3856ad364e35_7.0.19041.1151_none_f68db62a3702882b\mssitlb.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-cmisetup_31bf3856ad364e35_10.0.19041.3636_none_8f4b9d850da4a552\cmisetup.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.4355_none_cf046cc6b9e7cc72\nlhtml.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-wpd-shellextension_31bf3856ad364e35_10.0.19041.4355_none_9037b6c6b064aaf7\r\wpdshextautoplay.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.19041.546_none_3f1cc1d15da468cf\typeperf.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-playlistfolder_31bf3856ad364e35_10.0.19041.746_none_b68d778e4c528f4d\f\playlistfolder.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_networking-mpssvc-p..l-windows.resources_31bf3856ad364e35_10.0.19041.3636_fr-fr_3be645d3b4fa7ed6\microsoft.windows.firewall.commands.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\msil_microsoft.build.tasks.v3.5.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_e364a53db109a8d2\microsoft.build.tasks.v3.5.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\msil_microsoft.transacti..ridge.dtc.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_a76749a7bc0b6c9f\microsoft.transactions.bridge.dtc.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-m..ponents-jetxbasepdx_31bf3856ad364e35_10.0.19041.3636_none_aa8a47b31dbc5886\msxbde40.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\system.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-deviceupdateagent_31bf3856ad364e35_10.0.19041.3636_none_cd1b823e72354eb2\f\deviceupdateagent.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.19041.423_none_d8a242bf396f7d4d\f\spaceagent.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\system.servicemodel.routing.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-d..nese-eacommonapijpn_31bf3856ad364e35_10.0.19041.4355_none_11027550b9bec7eb\imjpapi.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.19041.906_none_21ab306fb502b2f0\rpcref.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-t..icesframework-msutb_31bf3856ad364e35_10.0.19041.546_none_5c5d89e88308dc0d\r\msutb.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ae693cf36a495170\system.speech.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ja\system.servicemodel.discovery.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft.ink_31bf3856ad364e35_10.0.19041.868_none_64ddd2eeff35b37f\r\microsoft.ink.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_10.0.19041.3636_none_bae4fc996e99e387\dssenh.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_10.0.19041.546_none_93b8eb238c554662\r\cscdll.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_10.0.19041.4355_none_4c3f274606888f74\f\shsvcs.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\x86_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_956589b57cb228ae\api-ms-win-core-shutdown-l1-1-0.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsAuthenticationProtocols.Commands.Resources\v4.0_10.0.0.0_en_31bf3856ad364e35\microsoft.windowsauthenticationprotocols.commands.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.4355_none_595283fa5810c8a8\r\eoaexperiences.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..tentdeliverymanager_31bf3856ad364e35_10.0.19041.4355_none_2c3d9bc23f4a46d7\settingshandlers_contentdeliverymanager.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_sysglobl.resources_b03f5f7f11d50a3a_4.0.15805.0_de-de_91b490944b28ad76\sysglobl.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-c..dtc-runtime-cluster_31bf3856ad364e35_10.0.19041.4474_none_158e60be76536f83\f\mtxclu.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-security-spp-tools_31bf3856ad364e35_10.0.19041.789_none_2dbefc6b526e20cf\f\licensingdiagspp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-iis-webdavbinaries_31bf3856ad364e35_10.0.19041.906_none_487601908ee46f8b\webdav.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup-servicing_31bf3856ad364e35_10.0.19041.4355_none_fb02aca0c35ff08e\r\netdriverinstall.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\msil_microsoft.security...licymodel.resources_31bf3856ad364e35_10.0.19041.4239_en-us_f0fb146039df29e8\r\microsoft.security.applicationid.policymanagement.policymodel.resources.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-network-security_31bf3856ad364e35_10.0.19041.4123_none_4c46068f14181972\fwpuclnt.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.4355_none_c4afc27485870a77\f\nlhtml.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_microsoft-windows-i..-system-userprofile_31bf3856ad364e35_10.0.19041.4474_none_253168bcb6ecb165\f\windows.internal.system.userprofile.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_hyperv-proxy-onecore_31bf3856ad364e35_10.0.19041.928_none_49810de45ba21255\r\vmprox.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_10.0.19041.4355_none_99c3dc161c02ca63\f\sdrsvc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager_31bf3856ad364e35_10.0.19041.4355_none_7cd4c5c527944f59\r\wdagtool.exe \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-wlanpref_31bf3856ad364e35_10.0.19041.3636_none_ae2538ecc4564735\r\wlanpref.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\wow64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.4355_none_e4866b6e1da945c6\f\certpoleng.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.4355_none_1befe316116bdc0f\r\sfc.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-wmi-cmiplugin_31bf3856ad364e35_10.0.19041.3636_none_319a23aae15c40ec\f\wmicmiplugin.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.19041.1288_none_1cec63974464878f\mpgear.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.4529.1.9\amd64_windows-gaming-input-winrt_31bf3856ad364e35_10.0.19041.4355_none_879db5aae8b6a989\f\windows.gaming.input.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..ncehost.shellcommon_31bf3856ad364e35_10.0.19041.1151_none_bd92f65e0ad89a3b\devicesflowui.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-eapttlsext_31bf3856ad364e35_10.0.19041.3636_none_2739901fe487fca9\f\ttlsext.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.19041.4355_none_3af4cc5593ba3c7d\f\windows.media.playback.proxystub.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vsmb_31bf3856ad364e35_10.0.19041.928_none_0d22fe52c27d3aae\f\vmsmb.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.19041.4474_none_718bd205b42eef79\n\inputdial.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_microsoft-windows-smartcardksp_31bf3856ad364e35_10.0.19041.4355_none_2aaa8ec73892fc16\basecsp.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
File opened for modification C:\Windows\WinSxS\amd64_netfx35linq-system...del.dataannotations_31bf3856ad364e35_10.0.19041.1_none_c8a9e002987322b7\system.componentmodel.dataannotations.dll \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\NOTEPAD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\OperaGX.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CheckNetIsolation.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\mfg \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ClassGUID \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\Class \??\c:\program files (x86)\premieropinion\pmropn.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823528181359388" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Opera GXStable C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000_Classes\Local Settings C:\Users\Admin\Downloads\Delta V3.61\Delta.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4069049685-955655941-4058287599-1000\{3157B028-93A4-4B8C-9CB0-CF4099A48402} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c762000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 19000000010000001000000012cab0233db2f09a0336851de92237df0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 5c000000010000000400000000080000140000000100000014000000c04d850dcd7a8e9bc67e8f20375eb747fd3d397e040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a5810030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c7619000000010000001000000012cab0233db2f09a0336851de92237df2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d2000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A8AED8642F8AB55F26212D915C615BDAB8C0DE7D\Blob = 0f000000010000002000000059b45fa897dc38a658a39e65922901f06e83ad128e69a13503a586f0ddb29c76030000000100000014000000a8aed8642f8ab55f26212d915c615bdab8c0de7d040000000100000010000000d7331d40fc0ca9d2f4e45d8a280a58102000000001000000bf040000308204bb308203a3a003020102020900b8bc215aa037539d300d06092a864886f70d01010b05003081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d301e170d3139303932363230303231305a170d3439303931383230303231305a3081d9310b30090603550406130255533111300f06035504080c0856697267696e6961310f300d06035504070c06526573746f6e311b3019060355040a0c124469676974616c205265666c656374696f6e3131302f060355040b0c284469676974616c205265666c656374696f6e20436572746966696361746520417574686f72697479311e301c06035504030c154469676974616c205265666c656374696f6e2043413136303406092a864886f70d0109011627737570706f72742d7465616d406469676974616c7265666c656374696f6e70616e656c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d54e84e4ff6a497854211480176680c606b4e72935884775798aed7f7480686feeb63b1389feccf931e081c22000052094a03d257cfefa99dec2669f2ef4b79bd593dc3ad1e934156ffc803118f25525e055fce0fb21ba59156f915dd1bf73e5070940542be08d2ffe9757a07d9767086872503996a84f4576a4baea04c007326dfdd7d4742b9e17d6218a2f63fe2967a446792e4c1fda227fc6ca1efbbff315d88577d27bcc555e40af8f888caba76dd92dcdd3bbcbb8c0a1ac9153cc3661278858627666d8e4afab2b30ad19e6eb593c3e2febe478a5bff871cd29616bff8b1ce371fbbf375fcd8e869f89062167d855354803291513fb9668d7afbf24b9cb0203010001a38183308180301d0603551d0e04160414c04d850dcd7a8e9bc67e8f20375eb747fd3d397e301f0603551d23041830168014c04d850dcd7a8e9bc67e8f20375eb747fd3d397e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b05000382010100bd8eb4a6bf99cb1d410709db71e2c933bfd76226013472f23a52da23652ab968e946bfdb495a20736b86ffb900f5ee2ccb1be25ae5eecec9ee47bfe75ccd143a76909febd45d3e240d4492e2b81d66622afb5de284683eb8455570961fa2b7ee899ff19d2f30c31d450a64d4f80b0658a37ebd37e9331f5eb9add40df722a141526c089bf7ce8f7559f766562fded7c78ef0ca231bd006db812b637d56e56805cef2106cec8e388b8d30e1510a1f00e45a55dad1859a6d7907fe5dba2465ec757277b85479dd8e3af211e6d247d51b3144705c7e18fc5bf7ac83f0e2e2bc080f6c27efe89c997156339e7d482411f34c401678651f2ea3c9ca4542769a28beeb C:\Program Files (x86)\PremierOpinion\pmservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A
N/A N/A C:\Windows\SysWOW64\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\BootstrapperNew.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\OperaGX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Program Files (x86)\PremierOpinion\pmropn.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn64.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A C:\PROGRA~2\PREMIE~1\pmropn32.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A \??\c:\program files (x86)\premieropinion\pmropn.exe N/A
N/A N/A C:\Users\Admin\Downloads\BootstrapperNew.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5048 wrote to memory of 3496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 3496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 2124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 2124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5048 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filedm.com/KA1rz

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fffad90cc40,0x7fffad90cc4c,0x7fffad90cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2348 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4624 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4820,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5188,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5196,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5452,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5176,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4480 /prefetch:1

C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe

"C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\1d023b748ed0461e9952f31abd2194ef /t 2644 /p 2384

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4740,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5332 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x488 0x4e4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe

"C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe"

C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe

"C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe"

C:\Users\Admin\AppData\Local\OperaGX.exe

C:\Users\Admin\AppData\Local\OperaGX.exe --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Program Files (x86)\PremierOpinion\pmropn.exe

C:\Program Files (x86)\PremierOpinion\pmropn.exe -install -uninst:PremierOpinion -t:InstallUnion -bid:$a5fRRQjAhKWUm3A$aPOGG -o:0

C:\Program Files (x86)\PremierOpinion\pmservice.exe

"C:\Program Files (x86)\PremierOpinion\pmservice.exe" /service

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe C:\Windows\system32\pmls64.dll,UpdateProcess 1368

C:\Windows\SysWOW64\reg.exe

reg.exe EXPORT "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}" C:\PROGRA~2\PREMIE~1\RData.reg /y

\??\c:\program files (x86)\premieropinion\pmropn.exe

"c:\program files (x86)\premieropinion\pmropn.exe" -boot

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

"C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe" -c:1538 -t:InstallUnion

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt

C:\Windows\SysWOW64\cmd.exe

/C C:\PROGRA~2\PREMIE~1\pmropn32.exe 2404

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

/C C:\PROGRA~2\PREMIE~1\pmropn64.exe 2404

C:\PROGRA~2\PREMIE~1\pmropn32.exe

C:\PROGRA~2\PREMIE~1\pmropn32.exe 2404

C:\PROGRA~2\PREMIE~1\pmropn64.exe

C:\PROGRA~2\PREMIE~1\pmropn64.exe 2404

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -s

\??\c:\program files (x86)\premieropinion\pmropn.exe

"c:\program files (x86)\premieropinion\pmropn.exe" -updateapps

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=e2a4f912-2574-4a75-9bb0-0d023378592b_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=f46d4000-fd22-4db4-ac8e-4e1ddde828fe_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.aad.brokerplugin_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.accountscontrol_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.asynctextservice_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.bioenrollment_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.creddialoghost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.ecapp_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.lockapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.microsoftedgedevtoolsclient_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.win32webviewhost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.apprep.chxapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.callingshellapp_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.capturepicker_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.cloudexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.contentdeliverymanager_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.narratorquickstart_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkcaptiveportal_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.oobenetworkconnectionflow_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.parentalcontrols_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.peopleexperiencehost_cw5n1h2txyewy

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5228,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5428 /prefetch:1

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.pinningconfirmationdialog_cw5n1h2txyewy

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5760,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5752 /prefetch:1

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.search_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.sechealthui_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.shellexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.windows.xgpuejectdialog_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.xboxgamecallableui_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.client.cbs_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=microsoftwindows.undockeddevkit_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=ncsiuwpapp_8wekyb3d8bbwe

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=windows.cbspreview_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=windows.printdialog_cw5n1h2txyewy

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -a -n=windows_ie_ac_001

C:\Windows\SysWOW64\CheckNetIsolation.exe

CheckNetIsolation.exe LoopbackExempt -s

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6120,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features="NoStatePrefetch" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5816,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5808 /prefetch:8

\??\c:\program files (x86)\premieropinion\pmropn.exe

"c:\program files (x86)\premieropinion\pmropn.exe" -installmenu:PremierOpinion -v:NONE

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\*\" -spe -an -ai#7zMap29932:188:7zEvent10499

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-AppxPackage

C:\Users\Admin\Downloads\Delta V3.61\Delta.exe

"C:\Users\Admin\Downloads\Delta V3.61\Delta.exe"

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\delta_core\error_logs\ERROR_LOG_30001857.4144.txt

C:\Program Files (x86)\PremierOpinion\pmropn.exe

"C:\Program Files (x86)\PremierOpinion\pmropn.exe" -brandinfo:http://www.premieropinion.com/Tile.aspx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.premieropinion.com/Tile.aspx

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x140,0x150,0x7fff978946f8,0x7fff97894708,0x7fff97894718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ff6858b5460,0x7ff6858b5470,0x7ff6858b5480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13233227850725324640,3466306403620109783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5748,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5784,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3264,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3824,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1084,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6104 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1492,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4056,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5732,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5512,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5820,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features="NoStatePrefetch" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5504 /prefetch:8

C:\Users\Admin\Downloads\BootstrapperNew.exe

"C:\Users\Admin\Downloads\BootstrapperNew.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\BootstrapperNew.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperNew.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\BootstrapperNew'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'BootstrapperNew'

C:\Users\Admin\Downloads\BootstrapperNew.exe

"C:\Users\Admin\Downloads\BootstrapperNew.exe"

C:\Users\Admin\Downloads\BootstrapperNew.exe

"C:\Users\Admin\Downloads\BootstrapperNew.exe"

C:\Users\Admin\Downloads\BootstrapperNew.exe

"C:\Users\Admin\Downloads\BootstrapperNew.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5388,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6240,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3292,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6288,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5420 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=3552,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6424,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5996 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x488 0x4e4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features="NoStatePrefetch" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6464,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6820,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3120,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6720,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=4980,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5180,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6768,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5780,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=5640,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6468,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7076,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6824 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6728,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6580 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6744,i,7592788800127467881,11437480982933702205,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=6840 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 filedm.com udp
US 104.21.80.1:443 filedm.com tcp
US 8.8.8.8:53 1.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 104.21.80.1:443 filedm.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 8.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 getfilenow.com udp
US 104.21.64.1:443 getfilenow.com tcp
US 104.21.64.1:443 getfilenow.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.21.64.1:443 getfilenow.com udp
US 8.8.8.8:53 1.64.21.104.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.21.64.1:443 getfilenow.com tcp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 www.dlsft.com udp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 70.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.69.228:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 35.190.60.70:443 www.dlsft.com tcp
US 8.8.8.8:53 dlsft.com udp
US 8.8.8.8:53 dpd.securestudies.com udp
GB 18.154.84.81:443 dpd.securestudies.com tcp
US 8.8.8.8:53 81.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 238.214.138.108.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 18.245.147.27:80 ocsp.r2m03.amazontrust.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 post.securestudies.com udp
US 8.8.8.8:53 www.ovardu.com udp
US 165.193.78.234:80 post.securestudies.com tcp
US 104.21.96.72:443 www.ovardu.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 27.147.245.18.in-addr.arpa udp
US 8.8.8.8:53 72.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 234.78.193.165.in-addr.arpa udp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 165.193.78.234:80 post.securestudies.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 165.193.78.234:443 post.securestudies.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 57.234.16.2.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 35.190.60.70:443 dlsft.com tcp
GB 142.250.187.227:80 c.pki.goog tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 filedm.com udp
US 104.21.96.1:443 filedm.com tcp
US 8.8.8.8:53 1.96.21.104.in-addr.arpa udp
US 35.190.60.70:443 dlsft.com tcp
US 35.190.60.70:443 dlsft.com tcp
US 8.8.8.8:53 dpd.securestudies.com udp
GB 18.154.84.58:443 dpd.securestudies.com tcp
US 8.8.8.8:53 58.84.154.18.in-addr.arpa udp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:80 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50205 tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
N/A 127.0.0.1:50209 tcp
N/A 127.0.0.1:50212 tcp
US 8.8.8.8:53 rules.securestudies.com udp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 8.8.8.8:53 25.58.120.207.in-addr.arpa udp
US 8.8.8.8:53 www.premieropinion.com udp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
US 8.8.8.8:53 250.78.193.165.in-addr.arpa udp
N/A 127.0.0.1:50289 tcp
N/A 127.0.0.1:50328 tcp
N/A 127.0.0.1:50374 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 165.193.78.234:443 post.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50377 tcp
N/A 127.0.0.1:50381 tcp
N/A 127.0.0.1:50385 tcp
N/A 127.0.0.1:50388 tcp
N/A 127.0.0.1:50393 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50397 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50401 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 8.8.8.8:53 oss-survey.securestudies.com udp
US 165.193.78.210:443 oss-survey.securestudies.com tcp
N/A 127.0.0.1:50405 tcp
N/A 127.0.0.1:50409 tcp
N/A 127.0.0.1:50413 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 8.8.8.8:53 210.78.193.165.in-addr.arpa udp
N/A 127.0.0.1:50417 tcp
N/A 127.0.0.1:50421 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 35.190.60.70:443 dlsft.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50437 tcp
N/A 127.0.0.1:50446 tcp
N/A 127.0.0.1:50451 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50455 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50459 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50467 tcp
N/A 127.0.0.1:50473 tcp
N/A 127.0.0.1:50476 tcp
N/A 127.0.0.1:50481 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50485 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50498 tcp
N/A 127.0.0.1:50502 tcp
N/A 127.0.0.1:50506 tcp
N/A 127.0.0.1:50510 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50514 tcp
N/A 127.0.0.1:50518 tcp
N/A 127.0.0.1:50523 tcp
N/A 127.0.0.1:50527 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50539 tcp
N/A 127.0.0.1:50542 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 a.directfiledl.com udp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
DE 167.235.218.62:80 a.directfiledl.com tcp
US 8.8.8.8:53 62.218.235.167.in-addr.arpa udp
US 8.8.8.8:53 p-content.securestudies.com udp
US 52.201.180.219:443 p-content.securestudies.com tcp
N/A 127.0.0.1:50684 tcp
US 8.8.8.8:53 219.180.201.52.in-addr.arpa udp
US 52.201.180.219:443 p-content.securestudies.com tcp
N/A 127.0.0.1:50777 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 52.201.180.219:443 p-content.securestudies.com tcp
N/A 127.0.0.1:50856 tcp
N/A 127.0.0.1:50867 tcp
N/A 127.0.0.1:50870 tcp
N/A 127.0.0.1:50878 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 165.193.78.210:443 oss-survey.securestudies.com tcp
N/A 127.0.0.1:50884 tcp
N/A 127.0.0.1:50900 tcp
N/A 127.0.0.1:50905 tcp
N/A 127.0.0.1:50909 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:50913 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 8.8.8.8:53 4.38.16.2.in-addr.arpa udp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50919 tcp
N/A 127.0.0.1:50923 tcp
N/A 127.0.0.1:50927 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50931 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50934 tcp
N/A 127.0.0.1:50947 tcp
N/A 127.0.0.1:50951 tcp
N/A 127.0.0.1:50964 tcp
N/A 127.0.0.1:50968 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:80 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:50971 tcp
N/A 127.0.0.1:50975 tcp
N/A 127.0.0.1:50980 tcp
N/A 127.0.0.1:50986 tcp
N/A 127.0.0.1:50990 tcp
N/A 127.0.0.1:51003 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:51006 tcp
N/A 127.0.0.1:51013 tcp
N/A 127.0.0.1:51017 tcp
N/A 127.0.0.1:51029 tcp
N/A 127.0.0.1:51033 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:51037 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:51041 tcp
N/A 127.0.0.1:51045 tcp
N/A 127.0.0.1:51057 tcp
N/A 127.0.0.1:51060 tcp
N/A 127.0.0.1:51066 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
N/A 127.0.0.1:51070 tcp
DE 207.120.58.25:443 rules.securestudies.com tcp
US 8.8.8.8:53 hawk.securestudies.com udp
US 50.19.125.173:444 hawk.securestudies.com tcp
N/A 127.0.0.1:51157 tcp
US 8.8.8.8:53 173.125.19.50.in-addr.arpa udp
US 8.8.8.8:53 p-content.securestudies.com udp
US 52.201.180.219:443 p-content.securestudies.com tcp
N/A 127.0.0.1:51179 tcp
US 8.8.8.8:53 hawk.securestudies.com udp
US 50.19.125.173:444 hawk.securestudies.com tcp
N/A 127.0.0.1:51209 tcp
N/A 10.127.0.1:80 tcp
N/A 127.0.0.1:8888 tcp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 50.19.125.173:443 hawk.securestudies.com tcp
US 50.19.125.173:443 hawk.securestudies.com tcp
US 50.19.125.173:444 hawk.securestudies.com tcp
US 50.19.125.173:444 hawk.securestudies.com tcp
US 50.19.125.173:444 hawk.securestudies.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
BE 74.125.206.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 94.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 oss-ad.securestudies.com udp
US 50.19.125.173:444 hawk.securestudies.com tcp
US 165.193.78.210:443 oss-ad.securestudies.com tcp
US 165.193.78.250:443 www.premieropinion.com tcp
US 50.19.125.173:443 hawk.securestudies.com tcp
US 50.19.125.173:443 hawk.securestudies.com tcp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 8.8.8.8:53 gitlab.com udp
US 172.65.251.78:443 gitlab.com tcp
US 165.193.78.250:443 www.premieropinion.com tcp
US 8.8.8.8:53 78.251.65.172.in-addr.arpa udp
N/A 127.0.0.1:51361 tcp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 p-content.securestudies.com udp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.premieropinion.com udp
US 165.193.78.250:80 www.premieropinion.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.109.54.23.in-addr.arpa udp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 165.193.78.250:80 www.premieropinion.com tcp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 8.8.8.8:53 p-content.securestudies.com udp
US 34.234.232.38:443 p-content.securestudies.com tcp
US 8.8.8.8:53 38.232.234.34.in-addr.arpa udp
US 34.234.232.38:443 p-content.securestudies.com tcp
US 8.8.8.8:53 hawk.securestudies.com udp
US 50.19.125.173:443 hawk.securestudies.com tcp
US 50.19.125.173:443 hawk.securestudies.com tcp
US 50.19.125.173:444 hawk.securestudies.com tcp
US 50.19.125.173:444 hawk.securestudies.com tcp
N/A 127.0.0.1:51413 tcp
N/A 127.0.0.1:51416 tcp
N/A 127.0.0.1:51419 tcp
N/A 127.0.0.1:51422 tcp
N/A 127.0.0.1:51475 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:51481 tcp
N/A 127.0.0.1:51491 tcp
N/A 127.0.0.1:51501 tcp
N/A 127.0.0.1:51506 tcp
N/A 127.0.0.1:51582 tcp
N/A 127.0.0.1:51684 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:50829 tcp
N/A 127.0.0.1:50914 tcp
N/A 127.0.0.1:51040 tcp
N/A 127.0.0.1:51183 tcp
N/A 127.0.0.1:51194 tcp
N/A 127.0.0.1:51214 tcp
N/A 127.0.0.1:51217 tcp
N/A 127.0.0.1:51604 tcp
US 8.8.8.8:53 p-content.securestudies.com udp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
BE 74.125.206.94:443 beacons.gcp.gvt2.com tcp
N/A 127.0.0.1:8888 tcp
US 8.8.8.8:53 p-content.securestudies.com udp
US 52.201.180.219:443 p-content.securestudies.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
N/A 127.0.0.1:52060 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.187.227:80 o.pki.goog tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 159.96.196.23.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 p-content.securestudies.com udp
US 34.234.232.38:443 p-content.securestudies.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
N/A 127.0.0.1:52297 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 8.8.8.8:53 collector.github.com udp
N/A 127.0.0.1:8888 tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
N/A 127.0.0.1:8888 tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:8888 tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:52468 tcp
US 34.234.232.38:443 p-content.securestudies.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
N/A 127.0.0.1:20857 tcp
US 34.234.232.38:443 p-content.securestudies.com tcp
N/A 127.0.0.1:52716 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.69.228:443 checkappexec.microsoft.com tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:52811 tcp
US 8.8.8.8:53 p-content.securestudies.com udp
US 44.216.141.188:443 p-content.securestudies.com tcp
US 8.8.8.8:53 188.141.216.44.in-addr.arpa udp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
N/A 127.0.0.1:8888 tcp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:80 youtube.com tcp
GB 216.58.201.110:80 youtube.com tcp
GB 216.58.201.110:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 api.github.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:20857 tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 142.251.173.84:443 accounts.google.com tcp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 rr2---sn-5hnednsz.googlevideo.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com tcp
US 8.8.8.8:53 84.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 231.8.125.74.in-addr.arpa udp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com tcp
NL 74.125.8.231:443 rr2---sn-5hnednsz.googlevideo.com tcp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
N/A 127.0.0.1:20857 tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 172.217.16.238:443 consent.youtube.com tcp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 rr2---sn-q4flrnes.googlevideo.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 173.194.191.167:443 rr2---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.167:443 rr2---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 173.194.191.167:443 rr2---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.167:443 rr2---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.6:443 static.doubleclick.net tcp
US 173.194.191.167:443 rr2---sn-q4flrnes.googlevideo.com tcp
US 173.194.191.167:443 rr2---sn-q4flrnes.googlevideo.com tcp
US 8.8.8.8:53 167.191.194.173.in-addr.arpa udp
US 8.8.8.8:53 6.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.200.14:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.200.14:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
N/A 127.0.0.1:20857 tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 172.217.16.225:443 lh6.googleusercontent.com udp
GB 142.250.187.193:443 yt3.ggpht.com udp
GB 216.58.212.206:443 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 rr3---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com tcp
US 8.8.8.8:53 72.132.217.172.in-addr.arpa udp
NL 172.217.132.72:443 rr3---sn-5hne6nsr.googlevideo.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
N/A 127.0.0.1:20857 tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
BE 74.125.206.94:443 beacons.gcp.gvt2.com tcp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
N/A 127.0.0.1:20857 tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.46:443 google.com tcp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
N/A 127.0.0.1:20857 tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:20857 tcp
BE 74.125.206.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
N/A 127.0.0.1:20857 tcp
US 142.251.173.84:443 accounts.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 216.58.212.206:443 play.google.com tcp
N/A 127.0.0.1:20857 tcp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.204.78:443 consent.google.com tcp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.croxyproxy.com udp
US 172.67.158.52:443 www.croxyproxy.com tcp
US 8.8.8.8:53 cdn.croxyproxy.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 cdn.userreport.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
GB 108.156.46.76:443 cdn.userreport.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 52.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 76.46.156.108.in-addr.arpa udp
US 104.22.71.197:443 static.addtoany.com udp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 172.67.158.52:443 cdn.croxyproxy.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
GB 142.250.200.33:443 ep2.adtrafficquality.google tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 ep2.adtrafficquality.google udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.200.6:443 s0.2mdn.net tcp
GB 142.250.200.6:443 s0.2mdn.net tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com udp
GB 142.250.200.6:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 c.bannerflow.net udp
US 104.17.46.71:443 c.bannerflow.net tcp
US 104.17.46.71:443 c.bannerflow.net tcp
US 104.17.46.71:443 c.bannerflow.net tcp
US 8.8.8.8:53 71.46.17.104.in-addr.arpa udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
N/A 127.0.0.1:20857 tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.46:443 google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
BE 74.125.206.94:443 beacons5.gvt3.com udp
FR 51.159.194.250:443 51.159.194.250 tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.178.2:443 ade.googlesyndication.com tcp
GB 142.250.178.2:443 ade.googlesyndication.com tcp
FR 51.159.194.250:443 51.159.194.250 tcp
US 8.8.8.8:53 250.194.159.51.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 start.duckduckgo.com udp
IE 52.142.124.215:443 start.duckduckgo.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
FR 51.159.194.250:443 51.159.194.250 tcp
N/A 127.0.0.1:20857 tcp
FR 51.159.194.250:443 udp
FR 51.159.194.250:443 51.159.194.250 tcp
N/A 127.0.0.1:20857 tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
FR 51.159.194.250:443 51.159.194.250 tcp
N/A 127.0.0.1:20857 tcp
N/A 127.0.0.1:20857 tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com udp
FR 51.159.194.250:443 51.159.194.250 tcp
N/A 127.0.0.1:20857 tcp
US 142.251.173.84:443 accounts.google.com tcp
NL 142.250.179.163:443 beacons.gcp.gvt2.com tcp

Files

\??\pipe\crashpad_5048_RBURPRNFXWBTHTMK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 82ab293f5d21f6b061ebe31581340aa1
SHA1 b0a174059263aa08b18915108cc6a9d4aa3586e9
SHA256 9d344a2d41cc70ddb50aed02941450eb949a2c915cf23a27a4b3a9470fdb5070
SHA512 db239b3297c04ed2cc513e8c3210d404fc851e958458a745d43936cb26c7474780f8038b9deb6381c2532e09a3e757e8a72593350411222e8a552c2456193097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b73c5f6a10868a0a6e536843a7179ded
SHA1 615e1b50bd0649534724e56cb4926801c2398fed
SHA256 d97b135d034f60fb944a086e82576c9be661b9ff7621ae300625aa67e6b80e7c
SHA512 8ca4489dcaaac1a799bed8992703ca6e48e64729a34b5f3a345a5911927646b29db6611ec3eb1e6ec58ead4c659ba398062acb00920e173c0e5a234fc995f86d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f0ecd63ccd6cdf165fc7bf80ab2038e
SHA1 df9b7e4ff4f72b1e0cddf4a2330ecfbadc16d835
SHA256 ce4e3469636a2318aa66a25fd05360fc26ae42d2d8b75ec86a281334afa77a10
SHA512 1a79f888f320c60364bd887998d3e2c80a96ac93ab69f0c6cc01bd205dbf27ea4a5251a2a981aa2688dfee8fa6ea56f49ca0eca2827f0e22f2812f736ba8c106

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0025f89faf0d089ef9788966dad2ca27
SHA1 67215554d3fd3fb20d8ef9ff99fcc237cf91e9a8
SHA256 532cf224158b1e570595dcc0bba216d79fa4d5e0d8c03b380a2e621f1dedad42
SHA512 3704506fcfc12e19d4b1923d20dd487458a2e15f7269abf137def4b79da0186efe5a3654127b22e7e2ad96d906b081c287837addf5f8b9c4a2508527009e63cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 656f06657818a3b93c9ecbe5d98ce22d
SHA1 0e6867748d8a34b7a80aea0817f0157a1aa4b4ab
SHA256 48cddc1a1dc90889142b07ebb59c05530871ecc51df689eb99def0733d446f10
SHA512 beba2dedb636e22af363571e044cfedd9d8adeb3a3236428481e9001b72c89480e8cace01c1b49df35c85cfd1989782e3187c6faf7f459596b5c89c4e5438b04

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 edd84f08c5b5ba37447ed875f04fed78
SHA1 0947ba2357ad6ec9ae4ca00aa6d14f1fa51e6e22
SHA256 6dbac44cd5e9b52944e69a9e6ed4eb59d7d8b3677e4b7bf7d843e24c80c80f0a
SHA512 e22429cb079f3d67b3451a370aa83e85a022e21e4d7f2bfd6234914fb6ae42c01e0a6a3616f906da7995c37ca1c467bbea9d4bfef6f15cab77f9071f5bb48ea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48e85fe5b2704b75422fe43d2b020ca5
SHA1 603e14cff52de3493863643b51e5bab80f9afb71
SHA256 ed394f62135569b85d73e448012838c8d4e927427a910acfe38b80ad8552a4a6
SHA512 076127c704ca9ccefc0c14548f71503cc93ad2f362e3d063c8b0a975047a036a749bc51fa7fb5c8939784f3535ceb4a9f9e7ce2a636381630ed51dcdddabaf7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ac78dc3edd3f852f3b71abee3220b7df
SHA1 8778dccbbecefc4c71c09851cd55e571ce18179d
SHA256 8078daf06b02e9dcd6b50baca69f64bb1bff7eefb9cf45ed26862e38722721d0
SHA512 3e87fd3dd818ae357e5756d978f52d993a29ef4283fc5954bf096c6a4244ca419b38c67978e8cc6b6372b7a69b677357686d8f5cc558716377c9f7a9801c8f3a

C:\Users\Admin\Downloads\Delta V3.61 b_87921645.exe

MD5 15d1c495ff66bf7cea8a6d14bfdf0a20
SHA1 942814521fa406a225522f208ac67f90dbde0ae7
SHA256 61c2c4a5d7c14f77ee88871ded4cc7f1e49dae3e4ef209504c66fedf4d22de42
SHA512 063169f22108ac97a3ccb6f8e97380b1e48eef7a07b8fb20870b9bd5f03d7279d3fb10a69c09868beb4a1672ebe826198ae2d0ea81df4d29f9a288ea4f2b98d8

memory/3208-128-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-126-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-127-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-138-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-137-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-136-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-135-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-134-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-133-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

memory/3208-132-0x0000019136FF0000-0x0000019136FF1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 251f25f8ef750fa1a678ba536e0785e5
SHA1 981f1ab637356c96b519cb50a129f88e0fecb01c
SHA256 abfdad0f63c8682ab107e937da44c06e30c199e52317845face1197f5a7bc30c
SHA512 17309e47355c454229d6b2f7fef8dccf250ee5f5bff1178f8f58afca52e1faaaa58b494fc0e0e9f1ebfb64848692e7f12f3f81013bd2334a943a5c7f919c1648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2f89c4550b2c30607a68e28099f1ba9
SHA1 db56a4fd319779e78564635aba5b254a9fa0bd5d
SHA256 d80dbee9556d3a64e1badaaeda06e8803b5a5c48148d6c4670713534335aeb68
SHA512 f6edd00a11d00e93215530a3671746fb26f21a385f67f8d25c96fbb6dbdc0fe2a6a4a1bf5f68fadf285a726315c2f809373534f650dae28622e2f70fa19d70c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e68e7ebb9f282342bba32c75fdb9e3af
SHA1 97ce0066b47b9d1f74775f587065217fc3e8adcd
SHA256 f6b69a32b284f9b5bdc9d7857ccf884a1c76d22bd1450629f1722845f9c30a9c
SHA512 69f01c2921c5ead142c69e25a42178c4b45116a92efe48c1b91a7080187185d2d6506eb503ebdd445d59877144025df33667e1f64a8effdf070608b89dfab396

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0bd5af37ef2ace8db0c87654b4fcf402
SHA1 76661d553d78e7be737e1bf9c864f4ec95f143d0
SHA256 286c856a3711bb44f39c8d631167916e9d69b00438f39af3f2aa4318c0780003
SHA512 594715cd1aaadd0ea2a8bee0f69ea73bbbf28be6d01c7e70b73936977dd961f95f43a94b6dddbdac585bfac8b41d3b6e8b442f1eb75d6a723b3ca542b9b58a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07edbd9413e4e00ed8f51310761188cc
SHA1 c8f11d2948fc121dc4665dde3bee087799f56549
SHA256 080bd0dfce3bd636c1d63c17c96428d8eea8b7b0a3a9b75a1f678c57ef7687dc
SHA512 92bd1e59d9df5ec35be8a83df549a7a06d74f2859b60e9b23b452d49aad0139b0da6d10fa977cc9a0df1422a63f587d8ed465b7480608695b25e3881e8124eea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22855151e661d30b755ef583b35d9538
SHA1 613bb04bdee91ec57ba8d6606f81b16c6b4d41a3
SHA256 09ea503047404b56b3832b46d940300f304193c9644c0648629c7299ad8a4708
SHA512 b2d9d935cb864893d5b2fb7cbd16b2cf5b39e2aa09471e8432f6d1c9daab8e3fa31b55164095e21523e0b092c742a29c138e521d669cd630434b0d6aca2e9605

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86b4789bc8c8028540ea372181a26134
SHA1 95ef99e944455c7852859d2d212ce3448927f581
SHA256 a63f9b57c4194d4561bb1c7b17d4ca149e40207d2e5262338b1e9c074f68921a
SHA512 f90635c2652e1d5959347222f57a4008dd9af49e86aa206a276982f0acb4cb5180ccdaea3b584d4ea3ab1cae71f20bcd00bf76cd99784cf4caf65dd9f3bf9f11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ef3fed159dd62328f0d5be0ba10a42bf
SHA1 5770be3375686d0c3e6b235056b81a7c2293e521
SHA256 517e15b2a125d1b2d94c0fe7f8b65f26f3bb1e59d6e7a6e5c1543bfa1c19c364
SHA512 f939078d339d26cbfe565571d7a59e9739a869bd40fb125f932bd2850be619671955f6c67430160922232a143df4cc85f236a4d2a064af6893dffea87bd95e43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e5e05f327cdbb7f592018874b51f2bd3
SHA1 e590269744ea931252903eb9e28b1aad7dc9330c
SHA256 a8bc56181221cce96db3846cf0aaa6aba7d6acf4086fbe51a12f290856782835
SHA512 6ebfb2443f63347c5503f5cd889ab2f611168244e34e66272373aee3ff3f8648a1eacdef6cfb75e5ef2fce98cc36813769c1fbf22dbf9e7761132c785f0ab1ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 15610f50a1443428cd81ebd251105034
SHA1 08922c9a9d80346351a5d8182a8ad234e4c66fd6
SHA256 2c24517ea4e3410b025d6988d9a38f33f911f1394e16090bd00309350753dbc2
SHA512 b0fc2b519a555f427ea396331bde4165d5234d91a390cd9877c9acb28bb17999d71d44ec90b31e2915b95f8406b2019549f96a7f20315ad9b7390fc072a0227a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\923CD0F3EDBB3759A875E7FE664C6C90_E177412028F15791C29E67CACD8927FC

MD5 94fd46fd3cc1e9163cf6415619952df2
SHA1 4cc7673dcda3af54cdc5529d9e8c3ce905ba569d
SHA256 8c3e6c1db236cb4d4b564d1bdc63e3423657888fd6c60b398fb5a7d3fa018ed2
SHA512 dcb73ac90f22c35ab700587c46a18e80ebc494cf7348f089eb73e8f6ddaea8ec156b70656f6dd2e765fc03b084bff46ceb61d8a70db23e437d5e7204fc134ace

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\923CD0F3EDBB3759A875E7FE664C6C90_E177412028F15791C29E67CACD8927FC

MD5 b2f0977d11bc3e05723564684070b52f
SHA1 de8daf8e656919096c7c338ed32d23a2014ec200
SHA256 755ab075984adb46c563354d3ba284c5457fc9523aca22d8eab7cc24653d9ab2
SHA512 a6bacb9dcd50d188e72fec458152da4db7d8559f32c01bbc117cfc5664fbadcd7f2fb697c5b3eb9db23a00b5b335b830be38a3240b055685a952716afa3a7a53

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6EH17JN\service[1].htm

MD5 f9d4655bbb31d3745d1d1671e3a09f4a
SHA1 65fbfa8dd5aa8f0ab41f0c101023290878c78162
SHA256 c09dc2ba6150d341e056631e8fbc1a91afcd6d87759bde08e75a1fc506641203
SHA512 e8bffc091d60e2addf583b4d33e3b698104372e9b2b31cba3b4e1331a6fb5301632c19f7c2d7f209273115b9d478efde5ee02e7f314cd734871d3a07ebc50076

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c056f28d382a2e47cb41a4c7c64be425
SHA1 83c3b030dc60a72b57872fa86ca9d0217e49ce65
SHA256 bfd558b7ee8aeab0d645956066f3f400bb225a88191688834364d89cab61de28
SHA512 39ecd0f69a3c8b8cf5831717353eb5dc9641ac30f7a82eca186f0f29bb8ff34d6d1c6a2137cbc78b97cf7b36e1c005932285b607dc9195173d161f8513c93d79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C2C9D7FCC58B6FD9BF152E66809C1BBE_9962014287DF49023620C3F0C27B8ACE

MD5 0c435a566e6cf15ae858b1ce5daaff78
SHA1 3d767071883dd69cbeb5da9931e55328789e535f
SHA256 21db62bf4dab27369e9881e6a54fae9b3ff09719f4a3fac7b66f9ab3d3b59a94
SHA512 2ea611bc0e725e2a93204124ca20a66de498bf771df1bd98e8c50d1654d1ce5f8a4fc1e43631a09a2936dea1a2aa2f406a187ef22fa8e8f2847916e9f2211f32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C2C9D7FCC58B6FD9BF152E66809C1BBE_9962014287DF49023620C3F0C27B8ACE

MD5 8da6e2e64984f043adfd8bf4327381c4
SHA1 7d10a80cec713f336cfa4eaebf03bfbb61ec5061
SHA256 a76298a51feef2577cae66469a8539f5ff3353c9518803a14ba1f8298a62e2e6
SHA512 026b615af310ec023f00b580977b267fd66d4a3a9eea09e4528efd388a098830aa014d1aeacadd527be97294a3e57f3ee1ca756b90224692ed13037d23649808

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\975YIRAS\geo[1].htm

MD5 cb3a75524ed2c9cf9d2db6ff967d60c1
SHA1 3f371ccbf44b82de81da03e457d69c32599f4784
SHA256 9619cbe373384f52988fa35be01f2c73a2faa28746bd92680d7094770adf376d
SHA512 7fc4dcc461ae3396feaf3b0290aead28d43019bdb0ae9a28e61a1c42af7a945152ed93f6a185b2ed098f03dbe2c80d5ee7596f4cc7a094fbf50b5f8b843ade34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 ba602cfe647fd03ee95241889aefba7e
SHA1 efd3945961adda8bc7dd84e1007bbae361f80f18
SHA256 3a4a0844bb8b1f71049abeb3799886b496713caacffd47672ea9c99e469637a5
SHA512 02beb0baebd5d8811199577b3694ae6e9864736096b4ee9fbdc7652249912f88b8b3bbd66d106bda09c03dcfa5815a8503d7896a58688c5a54d54a9bdfc3b0d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 c9be626e9715952e9b70f92f912b9787
SHA1 aa2e946d9ad9027172d0d321917942b7562d6abe
SHA256 c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4
SHA512 7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 d8210a49cc296afb0e44228a597f1897
SHA1 91896db4eaf5d4166113d3877d810233585115c2
SHA256 99b35d31c63377094708e07416494b8c9bef939888bfacff02d659f00019a9ed
SHA512 102467f6bd0a0e289f078fdda98c41c1b70a84c29dd9aa7314bbb7288a29c8844da4458443b6e5f9e0f46ebfc9ae65dc2bc6647f2eee0a5b69c1134184fa34ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a1fe28b749482a52946739348abd3cb8
SHA1 f5892b145cd34c238eee63cb7e76f6772df19260
SHA256 d982b391403041183d190317034125081d6171a21c65c44dbd8563e1bbd5f0e4
SHA512 7b6e4980f9212ba02c9de4a0f426b07c285d5fb68e8157a8475a5765ac5d074f32f1138acac977533f2e6f6d050504ede5243dbea640a57a6430d2ef9ce9d239

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6EH17JN\logo[1].png

MD5 2d4e9e8198f0c3eade53c619cd1fe4ea
SHA1 80b29f8dd0c4951ce7cad0db1fad1d9fdb275fc9
SHA256 c97e703578120c1f7a570acac3b461178a5e051ce16be9e266c1789c1d610ac0
SHA512 afef06bfc6bf857a1b7966a04a8779aabf3e8a6d79b4c51867335190959acc469a4e1929b4c66430a3eece1aa5d1decddad005b326ec830c2b3a57179f3c626e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 52df824c5e1d09f8423dc3725b394f7e
SHA1 d8d026f8f4bddde54306a19fe38e40b27e1e878d
SHA256 1c710fa385acdd1a42cb08ae1a26fbcb13a2c24f7e147ace1cb7a007ff700f03
SHA512 b14bc477ca67a1679b373cb6a40807710bb233ff09f511ebc531767dbe996a49e2631900e37e7486545c50eda976aee99e1e378e9ee8954d24a83415370be90c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 927f4451612d1efcdd211324eb4a5b6b
SHA1 7d7fdc933a9d165d0d8c2df955cfc4d8052c3777
SHA256 35fe8050661e0e4312d39cfdb1730889fe99f22b92751be30d0b12b57c491de0
SHA512 554dc119486cb7ab13a28f2e93aff6d446360bbb1e00d60fc7879bb0aabe03c23f3d83b0f0557ba1a71698360612340e0e3b86b4d26830e9b14835ba284d761d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 f382943121f4e867108f11cb3e0c6afb
SHA1 506b354ca8005870da33c2630641af65c9d29ec9
SHA256 fe13fa77d7a464b2d9bcb1571d8ff3fe2c1f904d0533b898f45fbe765b0eb307
SHA512 c6bd45d57b464c6b224a5fe99ed0474ac88b62bac45157f15b4bf1cdae8ee68f57c032564332e0bf3575fb0f42d9ea0b452dfeb2207be380f06493c4f2652932

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 32a7f3e577a7feba5a4c5f6ef63081ab
SHA1 3600fcf6c0d3551a02c02d25d659c514a85f7620
SHA256 2f9676217b2b5a159d0c33cb4f1c0a40bdb38612cc96e3e95197cad4898a290d
SHA512 be1ecff8327f2c45eacf2e9385dfe6a50e3fb583d4a47f223a1537caeeafaac853f5ef65fce35f9a2d67afe9ef80aea4f1d418d211e34c1cb075100e65682ad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d71d7d0448d3195031e3d7f7dd5a8d0e
SHA1 f537389677368af59be9593637ada2a25240d1a8
SHA256 1895e0d2f1a3223054ddf0a948a386e572e27001ff59eeec60bff15e63f7565e
SHA512 173cdb17623b75bf64c87777efd2b7562761b8152998f52f9d36975973b8ceaabd0be81f0847dae4677c2041d1c8cb044863c492b4db0a3e5709a896ab37f1b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4ad3b0ce80c62981edb61eb07da1d74
SHA1 3c57e6455909291249f3e1669f9a2d3831fa8b93
SHA256 2fe135e367af364936966c724e5f187e0ee309f1b9d92387b3abd087cb438416
SHA512 ea5f77f8581068dd2a6595e8d4027713895a63d90e01defdaf11ee25e87a301d11c7626bc18976123c486f1c8c74d63359571c626797b437cb35639c60072d48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 0411f06faf7dca0d5c203fb46c89661e
SHA1 46a4013655768b8026da0ca8349a8404ae1dbdac
SHA256 c17006fed4cc7a1cc61763502995cf72c822d0a874e2c20f6d95a202291e2e9a
SHA512 a056f4a460991fe50de086a66045d87fd1f1852d1aea17707934fc39d4baccae951d7db17ac31556cc12172392832b595a5ca2e80e638c7fd1d1f2a137c09835

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 5fad78933adcabfe68fa9bd5007630db
SHA1 efb75601e67c4c6e725098a002c7b06737ab25b0
SHA256 1dbf9b1ecb6de9e74b74c4b8c241da432d9042a34765ad6a546d1294fd113d4a
SHA512 13e3cff45bb5880c1655131e24b4445bea7b56d44909b2a78a88d373edb0b45acce434f593e05098e84fea66ade10da8245cdb2577955a80ff8374bd33d85f85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 1377275d5101b19fca91b1d9c3598e4a
SHA1 1ae691c76fd89c93aae8d7cac235ef82f2def01d
SHA256 f198314ee09f7adc845d9fe2f67e9c06c63430c4b3ee0946d1e5b2a88d8bb997
SHA512 47fdadefaf686888a3ce69b646929229fb24bd9bb6082b031c5d54e2516eec1244c9c159d986a7456f6fdd0dbca143a55591ee37e8fbc65e2b37c3249e5a73b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 b471d332c7e0d4210147be0346bd9a18
SHA1 0e3fa06bc1cdb0c08e8c95026a4f1d50a2ba1478
SHA256 28e42ed86e910aac693e5b718e6fa32d9ab53dfcb0da0d639e4bcb360617bb4a
SHA512 0f95342b8a97049610e3bab93c9870fcade47528703555e1304cffa1741c5d9d31ac59a8b240e33539000649905886eb90d447d5af82d5ef7facdf8ce805d8b6

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

MD5 f6dd4cc1b21bbad0d7b8f47db0c38388
SHA1 8f9f6bc3a26143585b203feb9b1454d1191e78d4
SHA256 aa679f51259117fea9baa4fec16286c211087c2d177104b347f6f0fb6515ea87
SHA512 b65a9e333bc29c5481779f2b93982e99c041bdfbd4eaeac0eeb1ffbb9b5cd5e807ab98ecd5dd5798ac0884d2a3ac49be983e3cc97aa9c7bdc9672e1d1c3cb836

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0a0eee6460ada5ef1bccb127641d24c
SHA1 89296995a7645bc8193823211db366d884d211ab
SHA256 deb2109263af23e6e1148e9f296ec8d42913fcedc29da24575a3bb798d8b9032
SHA512 831f46c45d3469a8fda3eab8709ff052dfba2eb913bfa16cc72ee436198c219117b6de25757c536fcd31294b60bf770994a80ebe1aea36f3370c536ee9d77c93

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DJ4QA6DW\dpdv2[1].htm

MD5 fcbf2eabfc15730a7c441a01d4eae2de
SHA1 995991ddae2088f7791c894b8b600646af1af138
SHA256 df3b48bac33b50c5a36a9e7ed2b2f6bd09f82772558c4ba8c5a2067dc8162074
SHA512 eb32d2ccdc2c80fe3dc713a0fa59eafa1f823521aa2d49c1c8ef7a471965a8c892088b388cc883e5d376eab35d74ccea4ab7ef1790373beb4439c79581ea755d

C:\Users\Admin\AppData\Local\OperaGX.exe

MD5 66151baf4c7973df9281d00141bd4d7b
SHA1 805cbe1b3d938962aef72b17f476954a0bbad93a
SHA256 c321f8b1b87d033cfcf86e0ebd92a2db16cbe4b9106126401eea99567cfbb171
SHA512 cddd8fc511d76a69bb38c4686b3d60bbf475f376b5cfffb65054fda6f6229e8d70d55103d5307c80c54a3fbb95bdaee0fac98fb2c8dea9bdbac877dc724d5b8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 583dff4027d74add934958cbc4281b05
SHA1 f51d32a7a67dc9b3429f421319b9a01f93b6b330
SHA256 acbe777e4ace9fbf98f7e0e44b31ec8d373d827b6c21bbe5f31565222eeb31ac
SHA512 8f52b5081036bd2cd1988ab1541f54b1288958873fd8df079cfd9eef72f31cb1ca13820f8c23d9e56e14ab063c0e9b81fc2fe26e60dc62f4be503d8e33978d99

C:\Users\Admin\AppData\Local\Temp\PremierOpinion\ContentI3.exe

MD5 bf6eed6cdc17a0130189a33a55ef5209
SHA1 e337f5a0931f69c464f162385f1330b4d27b372f
SHA256 ef2734657b11113a433abb7ebac962e2bf6bf685f05c5f672997f01875430168
SHA512 90d23fd84007343e85f9fc003cf826b112fd930216a24d8c1488468443ae2a4b0c3cc2426b91c81a8228e125050e922fce05672e010e65247709fc4a7b856f1d

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmservice.exe

MD5 4ef95918e313c7ca01084629416fc714
SHA1 5bdaba6920d3f4d1f8ea47ce693276530b5f2a9c
SHA256 303707068aab06ab0341178558c28ce1670d10f16c39522859c4f21097a87ee9
SHA512 75861731e9ec1a43741b2b84f60677e9fdf26d5db8d6e4e91297f826fc2c357272c18cede7f64c42798f5459900b33d693ababe4e1140e4cfc54ef7a04af633a

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmls.dll

MD5 50a0c6c01cdc5d2690ccd1f1541f6670
SHA1 c5e017a468efb70eabb1f861784edac62acb0e17
SHA256 f9a853830949bb22d6f4d128d71a0ab923d9b5549c0dc8785c7de7d1a4eabf99
SHA512 028d5a56c581d3751628c7503e83aa52c332678495943c3648049ae0b26a7190e98395ad205cf60896140d1a802c14a346a2d1553e7b53090c3f5beefd66e9b1

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmls64.dll

MD5 aa56cb7fd83150c3a75cd6a0de97eb78
SHA1 34415c5c8e57cfe9a7b4a498eacfe1403f3191ec
SHA256 034e066829d28bbc81604250f6df721a35ab1c0898ab82bef6305ffada240765
SHA512 765f12e5e060db934d0f4e8159bb9bd10cdbe797d79488a0dc88215a73e49101e279ca69e10c1775a5e161bb4dd02585724c7c87bbefdcdd047adb4277804fa2

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmropn64.exe

MD5 ae5bbcc69b05359d0d5cc72ca6a1262e
SHA1 6843bd883d50216be44065411a983a4bcccdcc91
SHA256 12bfd1007634138b22c56ead24db02a1fe3a4d4b7fe04d30cd07a0ff5d4c8425
SHA512 6417aaeb4ccd86504bc1f83e32c91a60920e98fff833c02fdbef974819a3288cab0c96d6b114ceed4432c305d49120cacbc7e0da69c911f4035aadfbec7a91de

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmropn32.exe

MD5 6e4d6b68e9565c4cc7791b00c2094ff9
SHA1 965a00a5a8bb05b35fbaa357951779ea3b71e392
SHA256 65d6f18e1b366aff5343c3f6628041329e7c1375d18ba57076b19bf5f48bc483
SHA512 0cb1396822c7350057cfc7280e1c67ccf1e1a2206347a10025e285f00e9364563685ba5282775960a9329511fd321a631222c87ae7ca8106eca00fb78722b20f

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmph.dll

MD5 9d96ccb0d5ab5541b61d5c138d91796f
SHA1 cf3ee3e66c8f9c23e3efd29978215461347e650d
SHA256 379a1f1f02c8cb704f248c2f1ff79c8986f73c350a3bf6d9bbc93aeacd286e36
SHA512 69ca7d96896d872eefa63f0c0bd9613526a914e99c4cf12b5d221315277aa64894d99d0f5ce9c5e0ef640d61c9202cd3d51ddb2ab4c55f8fdf60d24a8c1ff6ac

C:\Users\Admin\AppData\Local\Temp\~osCFB6.tmp\pmropn.exe

MD5 f27f98c1a877f9ca6f06c23bed4014ca
SHA1 25a231319659c30d6f86a5c9cdd1747d7c471542
SHA256 1ed47933c9f33c4860ecc0bf1ba7525212aa00054037a9a51a8d8f5ce3b821bd
SHA512 f054a618d2f8e7a829c26548312b436e21058ee1ff64b40e7c19be2bde037003c21332af3c60e2fd92675af80526ef6faf84b8c1d7a095bb2c4d0b799e66599c

memory/3344-396-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-398-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-397-0x00000000060B0000-0x00000000060B1000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\ed3d3b386135b008\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/3344-407-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-406-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-405-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-404-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-403-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/3344-402-0x00000000060B0000-0x00000000060B1000-memory.dmp

memory/1080-428-0x00007FFFBA600000-0x00007FFFBA6BD000-memory.dmp

memory/1080-429-0x00007FFFB9AF0000-0x00007FFFB9DE6000-memory.dmp

memory/1080-430-0x00007FFFBB5A0000-0x00007FFFBB60B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 557945ae4c9b92582d6d1868a8fdd710
SHA1 3e0a0d92e5317f4fedca238bc1e060c3354980cc
SHA256 24e25a5bc8c99d67b232877c8b5e600a3c74c45d3d3403272b9ff31b517ba7fd
SHA512 9bca8622a241f634470d6483d0da357292750f5b1c40213c92aaa2c4bdd55615ea177998e3330ca9f1d316ab39656fab223e99a25d2d515bd3068d908effd618

memory/1080-443-0x00007FFFB9920000-0x00007FFFB9952000-memory.dmp

memory/1080-444-0x00007FFFBBAC0000-0x00007FFFBC22C000-memory.dmp

memory/1080-442-0x00007FFFB25E0000-0x00007FFFB26EA000-memory.dmp

memory/1080-441-0x00007FFFB9100000-0x00007FFFB916A000-memory.dmp

memory/1080-431-0x00007FFFAE400000-0x00007FFFAE8D6000-memory.dmp

C:\PROGRA~2\PREMIE~1\snt.dat.bac

MD5 2b07f882f54b2ca757da093c52d16d48
SHA1 344db6cda0d7116cc3940ed814fd7d9e59545a12
SHA256 de9e99ca237d11c8777463c8209f6a0a5be7dab1f995ada9317ad5c86e8e6686
SHA512 12ae04207249206a11e162338c316088caf203f61d56f827688a495b62aec154e537110a3534a207a5f7972edaf6eab84508afe8815d9885b60e00611d511c39

C:\Program Files (x86)\PremierOpinion\cacert.pem

MD5 77eb3ade4c5b0db67c6e8a26f131073c
SHA1 ad9e8c00174cc2e707f59df671f89a9d7fc2ffc7
SHA256 9f19e7a7139cca8373b516ab1ae49c644aa1c8048e8c7aa5784774a081dcbb87
SHA512 20eb7d34c80bb8d8a415bcdccf8e46cb36396c095ed1468b69c0cb91da915e3a14c7fd55247f68e64ff71cf8d336cc286c3662710ca6281840fdc2f1eb7ac6a1

memory/2404-482-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-481-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-480-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-486-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-491-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-490-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-489-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-488-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/2404-487-0x0000000005F30000-0x0000000005F31000-memory.dmp

C:\Users\Admin\AppData\Local\link.txt

MD5 363947067c994793f31ab733fce1380a
SHA1 5f0c987b72d090119ce2a268eabe7dac163e9b37
SHA256 e33dda2b67d46be195cd6b16bb3a265f8692a726045e45ab98dc04374626ac03
SHA512 2871633127c2df969fd56eb1cbb6b2d11473d1eb2fad083df2dcf93d897bf4e79a0a8ab7a322b8033e5ce02d1eae6173c5656b64e5be870eaa2faab8ad31724e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 045bdb360cce783f2cbcca50837f2bfd
SHA1 f5fc56975973724652936e590ffdc7205b543cff
SHA256 0a9e0dbb56ae226ecdb763ce9dfbdd3ef892d3282a5f6dd806d6cdfd90d54024
SHA512 0aeeb36264eca1dc4cded38bb678ff7ad2a08e11e7bd983871f3ee2c3ad7b9f78ae6f38b23e0c8719dc214a7b3d814b56c47a887ca14457b8bf6237fca3120b5

memory/3208-584-0x00007FFFB9AF0000-0x00007FFFB9DE6000-memory.dmp

memory/3208-585-0x00007FFFBBAC0000-0x00007FFFBC22C000-memory.dmp

memory/3208-589-0x00007FFFB25E0000-0x00007FFFB26EA000-memory.dmp

memory/3208-588-0x00007FFFB9100000-0x00007FFFB916A000-memory.dmp

memory/3208-586-0x00007FFFBB5A0000-0x00007FFFBB60B000-memory.dmp

memory/3208-583-0x00007FFFBA600000-0x00007FFFBA6BD000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fba1a0ae44b5d033d909f2e6bb952dc
SHA1 be27b737e0bddcc4bf355b4eeb05b6ab191e0100
SHA256 0b5400c9ce5d57f6c90271028f027eb6037408b4c16e0cacc6296e00196da870
SHA512 54661e5fc7b8c39ca1710b788e8619f043db81bebe24f7f9ef8a15d59ba5ed44017c68c09bcfc5bfe1198f8865de9189a394d5c1ddb157d92d782ff7b509b479

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0690946036df9eaafd16bce721336dca
SHA1 b327fd705af43cb9170c8c1eef54306d4c54ea4e
SHA256 837411e32d392bf0a2410a91e559de071b6d325583cf511fcbb0bd06d65d92c7
SHA512 2d974baf79d486e685634115b5594a253aa1ecd6500d6674d3e098c1713f54ff531886ba888ae8153ee6333f5f103fcf065e46b65d20dd1b8b7291711d834c9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a70d40e37f755e35de6363cee92c6801
SHA1 55de04a02d595409c22ad250d95ba8d99db7b7c0
SHA256 4609207386a4c41c9cead6fbd60d3c52c88282f9ca416e90524b49b1526d5b7e
SHA512 40ad105437ea2946d2f6cf673775729a5c42593e1de64c65648ab6e3849d05903679c3981f2f2b3f1dc01e37fe0a1dec44cc6c1effa9a986ba9928badbaf17f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6227472db2633f465964a61cf8c924c5
SHA1 f7cfe0eae3be1b3cb0ec0f9f5876f53ed5505ea5
SHA256 5291494a78ec8e6e316ecbb5134b2af819c4b16e13469a6a065e92d4fd2284af
SHA512 89c8e911e9b7c94dae9c1ace05096bdb7673e395bbbdc61b5f2cbfaea04348b00ab9b0a10d53b0479c58e0e1be67377cfe8fe4e67bdd9f793a463762111590da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c10f126d6ffd2ab2d03694c7823dd364
SHA1 309872012524698c89a05fc2918f2b9b85dfdeb2
SHA256 630b3c68d0ba8783f488d43453f1cbfdcb100a19d9a4115150a5eca1cc5cc22e
SHA512 452f3fc144a6f6070ffa280e3c4e8da166bd1b792cdff499c478c760b544255f39eade9d9f074e6d120a73ef98ba1b901c85f98aa1f07c7912d06769745d05aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe858c0a42ab6ce4b67704f61ce9f2ef
SHA1 9667ecd40a4bc9527f9bff225ce42b236bde3a26
SHA256 1a3bc3af3041afac5057c315d3c27684ca556a3ca08c906cf41c6a82cd81f0d3
SHA512 6068d1f570e46d4725a34726bae202f3b7f21e91779e1ea36d8324b6659a0796bc9137ad45216264937068d34b99c75694488dd98c853c532bcca35e4eef70ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2463e1be567cac0493f192c188f6971e
SHA1 4ad227ae7c1679338a84b213d225f2c8762fcd7c
SHA256 651094db164929204bfc208ff4f5bd2900b77f41aba43029afaf5a967c692f53
SHA512 c7cfedabb0e9c6f93a1eae6efd7f9e4ede0e43ed302cad8f412e479d68837453c65b290b3b6dedf81ff88df86ba107f23965abdac00ff81ded2b73b369f83a9c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6EH17JN\POicon[1].bin

MD5 3ef9efb5c3c17e2b685057beac484e0b
SHA1 92e7ae0ebf2b57d72ea4091f065f29187cdf76fa
SHA256 20b0f94844860501e115fccd5c1462b2e2c932041d7989dc51c6d885b3429d8a
SHA512 6631ba4269375b502eccbcf601b0daccc98538f36bc0e1e2e5e48a28b4b9f523e06cb46d14b7ac2c60f70ce258b873fc42e31ebfb5237cb43cba7fb6a428eafc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 801415ca253dce240cd0af601257b094
SHA1 7b50e05038c5073972957e1c177d5341faa5efe4
SHA256 925123bb07045d36b60cfcb953122ab4605ba497982a87a35a983d6ac1fc2f25
SHA512 f25fcbdfc042aaf46d4690bb1df9d301ccef06337408996d38e16edc702d1ccb954b36662a0308ecac592692ddee443f4b7b03479d5977940bc64ea83ce535c9

memory/5824-1063-0x00000000050E0000-0x0000000005116000-memory.dmp

memory/5824-1064-0x0000000005960000-0x000000000602A000-memory.dmp

memory/5824-1065-0x00000000057E0000-0x0000000005802000-memory.dmp

memory/5824-1066-0x0000000005880000-0x00000000058E6000-memory.dmp

memory/5824-1067-0x0000000006030000-0x0000000006096000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3secbqbr.c2r.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5824-1077-0x00000000060A0000-0x00000000063F7000-memory.dmp

memory/5824-1078-0x0000000006620000-0x000000000663E000-memory.dmp

memory/5824-1079-0x00000000066D0000-0x000000000671C000-memory.dmp

memory/5824-1080-0x00000000077D0000-0x0000000007802000-memory.dmp

memory/5824-1081-0x000000006CD10000-0x000000006CD5C000-memory.dmp

memory/5824-1091-0x0000000007810000-0x000000000782E000-memory.dmp

memory/5824-1092-0x0000000007840000-0x00000000078E3000-memory.dmp

memory/5824-1093-0x0000000007FE0000-0x000000000865A000-memory.dmp

memory/5824-1094-0x00000000079A0000-0x00000000079BA000-memory.dmp

memory/5824-1095-0x0000000007B70000-0x0000000007B86000-memory.dmp

memory/5824-1096-0x0000000007820000-0x000000000782A000-memory.dmp

memory/5824-1097-0x0000000007C00000-0x0000000007C26000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 47fbdb32feb8262d56358d80f812e2e7
SHA1 f55a5fc552101bc348dd4a219d19ff2af75f2b6c
SHA256 114df311ec1d3b5042373e417a2a460039795708e279dd9523cc189b41274ee8
SHA512 376527c76a1b6e9a578bbaea9b71f28bbc91e92cb1b0335eb536ab7d4227f707bb5d3410a234786e15e2aa24249f18ba243992eae344b72ba0eb6030a43e5c4e

C:\Users\Admin\AppData\Local\D3DSCache\3231ae299a0af0b2\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d28a3a348e8e69a24f524f62189c7421
SHA1 87185b6e4ffcc180220281881d69f5b93a6508e9
SHA256 071ae84ea408e68d627e0ade481632806dff9853d4c892f58a7c228815a01cfa
SHA512 0b20c587fd3d9b8acc2af77d2bf60b6d4caf34b65c2f92856166c1f91947ffc205a1f5832d6d5547d6bfa7e86541c5a74bf82134a9acb5ea42b2bdae255754e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cebda4d39fce5f9ff3ae93ea2c5325e6
SHA1 4250f628dcc6088aad71930fb3e88ade2c3136d0
SHA256 9e8d9f63054d0dcb2d3e27e8066d9d825665eac5a7247c1160fded696b9576b6
SHA512 f4fdce9e51e6dc7dd7491ef6077f3dcd2c22dfe2e69c37128a1d8f3f5d9c7bb44b211a41c0c6d7f298a50ae5d4bd789a03cc476342f4655ab82ca69cde52858a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 691636403cd01e5193a1b6a2bb8ba229
SHA1 d35dba71de3928784d1fbbda7a4ce62d1495f8fe
SHA256 ecef670de664986d254a86e3475e2a80b6295ef032a07ba331e25f5e930405c6
SHA512 7ced6c8ecf01b85b122e281a542b2fdb29d3a202c840c2f2b26830cf59c9e24dc849cd0898f0a1ee50cf30847c4672f526ed4014b72d6acf525d5a5f706237df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31103015031c22bb1a5bd42d9105c08c
SHA1 5b21e346d80af6722be722ae63736c69db1a1f47
SHA256 a49995e17bdd8fa3d3df9130c4c992f756b74e4e4bfd7bc0c9e7b6da19ab52c4
SHA512 4a5a5612ecddd283a240d09159c5894f63af18490dfa4555c0f2a098e17976b84eadd971a06438db111ebedbf1e72178995a9a1bf8a63db951e2819bdbb6be55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9183d074d999caf91ccbb117116593c3
SHA1 fcc35e31b1e2a073a4d7f120e3f2b067f766f917
SHA256 6c87556c5eff9f3810aaab1e1ea8cf96bcae94755c9bac9dede5a929420425c8
SHA512 5c24df30ac6996bd19bb39241b57c91140877fb02ff2f19c4afe11544625448bf12a41f7aace656c526cda1e4267e1a3d05272e192b22393c42e85a378eb6601

memory/2992-1352-0x0000000000CE0000-0x0000000001DE6000-memory.dmp

memory/2992-1353-0x0000000007790000-0x0000000007798000-memory.dmp

memory/2992-1354-0x00000000077E0000-0x0000000007818000-memory.dmp

memory/2992-1355-0x00000000077A0000-0x00000000077AE000-memory.dmp

memory/2992-1356-0x00000000078D0000-0x0000000007980000-memory.dmp

memory/2992-1357-0x0000000007D40000-0x0000000007DB6000-memory.dmp

memory/2992-1360-0x0000000007DC0000-0x0000000007DDE000-memory.dmp

memory/2992-1364-0x0000000008270000-0x00000000085C7000-memory.dmp

memory/2992-1365-0x00000000086E0000-0x000000000877C000-memory.dmp

memory/2992-1367-0x000000000D730000-0x000000000D738000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1da9c45db89e83eddb3eb46f4d3e0f71
SHA1 cf6f0c9bb53ac92e5d690de71aeae67d228d8a42
SHA256 c81d55bd05953440d133453e0049490749e15a1cad5738aa0314977455095e87
SHA512 f4d5c22a079bbb08117d50574858c4bc09b66c93f8f6e0ec77fb7fd494657192031787fedb2a8b8a037af81589c2b96d6c9571e905276fe818ebd6dc9d638874

C:\Users\Admin\AppData\Roaming\delta_core\error_logs\ERROR_LOG_30001857.4144.txt

MD5 9291adeb61c8e5952eb17ef4229acaa9
SHA1 03ed13c61257375e7b1b334b9031362c713de6fa
SHA256 8b1ac7bf256b5162c073cd0e3122538e50a6636c6ce5b980ba05f3853e3f4206
SHA512 81deee04790c4e378700e35a504e2d842fe894cf7a86ab8670b830819ef1d7fc328f9000788c3460b84440c83bbd15cfe644014cf8c2f8ad936fb46a41bcf059

memory/2992-1453-0x0000000011B40000-0x00000000120E6000-memory.dmp

memory/2992-1454-0x000000000E910000-0x000000000E9A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f842e7b06a2c40926d629408af8468d
SHA1 a763f2697689b6f284bc8f866758b1ff0f2dc782
SHA256 8aaf99f599f82f5df3e3cfd58892a57f9fefbb3daa820f09dd982ad787a50d6f
SHA512 67073374ed8e576f58ff9d5e6b27d867cf1467d84a7cbbd25e624f038fc430739ce8be7b0b8e5495871fb78ab8c7d5f878579dc2ead0c318212d7399b24990cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2103671a28b4f6f76dbcd09ba9f91ce6
SHA1 3c040e1c25b3c34b5fa2bb84d1ccf27b4e2022f1
SHA256 00365c469eb6998c9f20d6453103daf9a490e4c9b3f6ec1de0ebb994874c4906
SHA512 f49e9a6aa565faaf8e9842cc97761a8fe72a154bf11a49507394455e732d3112b6111633fe650ab69c7fbed15019708d57e862e7d4413bf7098cf83afa267b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 20ce33649b0aa2e62230849d9203743c
SHA1 0a13c95b6bfec75d3dd58a57bdb07eb44d8d6561
SHA256 482bd738c304fb1f7fafcf92f313f1faccf57164c944c38ae8d6d4727164d72c
SHA512 332cf2a0a7fe494643b00ca829d0f49e9f0835f158dbc37ada16564a55eb60ccb1cee20e91f1caffa0a0229b85e43da41f508a356c36d9109cd8c3beae2a5620

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 78789c91e16d10f550331b6172ea4751
SHA1 aee25d6d200d75e8a0f753f888d19545278999c6
SHA256 b91a0fcd45635ad28ba63d3c214d22a8c58f33965a8fff5aa72bff0bbe65fb24
SHA512 ba1c51d05f1165e2044b94edf8520af3c20bde4eac62b730714da8a484ca691fddaa2f436debf78f60c4e60aab2f4cb2ced8448531b3bf2731d206af4863f815

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 185080eb3d5b0a66db58e0095f8c331f
SHA1 bff8dcc035b163b0c9ec6e4407733b86affef965
SHA256 113641bc7ae03411b69562ecb967139fd6193ce3f49251ec79449317ace9d331
SHA512 75ff3e926bb1a6bcbb6cca5b735511a0e3d203e7fb90416c3cdb0b03aafc9db16ce824e0f018ecf721166f589ff8d5fad6cfcb9287418716d50256348572a790

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7920a51d2109c7caafb77168c4a683db
SHA1 4dc3309991e6a4fae7fd1a849cb9f9551175a9ae
SHA256 17c594b71957603b3322c453a028cf4df8e97a239fbfd76019147eaf406aa098
SHA512 e2bc19cb01d0a4845b683366242a68d53d8eadce730f2c159753948f1c9b9baaf7d99110b4f743b556863770176d53d8d338a4aa3d057278b3e8476c5098282a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a34b0dbf70077e3fb72cf0da4a389483
SHA1 91b424d74ae48825873cdc62d5c29710b4f40429
SHA256 24c30c14b8c71ccf8396781075f9edb48bc77e17eeb43a556964dd5b366b0dd9
SHA512 6ea8f95ebc0d5ba6e7e710a16b24c659e78728040ddafa5369421470f421b54e4f8ddb6595ea1131ae34db73c5c1194697c0feac48b1450504c9f9f03681df14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34bef20c203975103af18976fc465e09
SHA1 772c6de558e7beaa4589790d675dc31e20992e95
SHA256 19aa8e59566cd089dd439a91198e894f6203554bb5eec0d576104b4874b29334
SHA512 eea8a2aeedf0f039c91aa4e699cc894a37c6215d9efbc001642f032aba8a320a842868bcda0c21e930709e99e1c65cfbc22a9ffed05cb5a0d865b9fd64fa7bdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1289c41e1d384d9ce56b3f0efd0ca7f1
SHA1 55f2725a91ab99ea7982901b42e9eab098697ca8
SHA256 93032022c2cafe58eb431b23c166e0bc0a8bdc60927714c29b3fcc3339b73345
SHA512 ea5e5c80ce4667dacd6ee78ea5d32e89b07b4f73ff74db4d23731926c609c9d8a7c2cdbaa367611df5b7eab777dd5a1e1fe74e1252099877fd928d0d49d9af6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 bdb9c70863cf1ffbddcb6814aba83c7d
SHA1 c4bf4a635db75cef24d82238400810e3da7746e2
SHA256 3c11a1619eabcd8ae8cb0034501ec1bba652a40d6f79682ea0682d296587220d
SHA512 8d02d22a62c87efe9735340e14d9dab4676612e0866be8577718fbbde30494f2175e9a4a65b4199e4b2c27e8387e13b541597485e0c4818cd52f9678582a4618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d98beb7e6f1999e18b4369134ec62e3
SHA1 9c97aff003991cdf9e1e2ed7b0ecf38d91d00c9b
SHA256 07041eb14c89ffcb90f3bf140164a456e47936b4aa1e9f30f0d37926320e144b
SHA512 c869a7680a02b932b5f7e40def6871ca3e5b30d6631416d5b0d0b4d02564ce65b5651cfd785b68dca048be1d4098fbdf5da3dbdcba831095ff117dad25078473

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 699d4ebdde22496367fc4047f0f02edb
SHA1 10bf6e1687881714b62abdd55b35943cbd881c36
SHA256 3070c51d059a50c2a53ed0f114e810d4f885a0503357d15b6c99409fdff52dfb
SHA512 1f45c6f918ede26708e088cc2a886a4e0d5017a202ef7d535deb47afce100fa8cc72aca9a32b8a3ac53899cfed982a6572e4c5596a71fa8e58a6487176de7264

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 42d9f14859d1501c30a0491dd149ea04
SHA1 fc0cf0ad7dfbc659dc3c7e9637e6f96a400aa89a
SHA256 e2d3efd9f1e70e03410b172a01ecbfd5fe72d10bedfb0a8333d6ed1d6d90dfb1
SHA512 31a195905d73fe656585d3fb7891c7330ba81a6793e993c4a5de75aa19110e5e6e176bdd2efe103901c4091e737eb552004fd24087a85c2c3ff9bbc60bb24442

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f892f1f7b6b51d5e01b7acb2b5ce5c2
SHA1 6d0f36aa881f7256b26a0f7e6fa5fe9597262035
SHA256 44aa4851cbee1cc0912230a09ec6ef3c4ddd753635b18c8b93f895126d3ba1c6
SHA512 615377b277c18e965f766e93d3496859a675d93227409204e81ffb9194765fb69b8c27e411627e5b9d6fe5eede6c8c2978dbb7e5bdbfc4c6e74030afb2eec593

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9d7caeb64a05c94a1253aeddcb72c227
SHA1 9c3fffb9c529805570a374681d2f3ae8c7bfdb62
SHA256 bf0c85ed1c69b78369194e5ac22914b88a1b3eeae7b7770ff80e529979bf5569
SHA512 f26f037fb5fce9902baf0337992c69d8f91ef9a8d4bb86a0564f763e03652e226316b30122718e9e83dd6100d3d7a79fbe6d34d9f250e547e5b47b89ff834a63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75379bf6122a48e96107e5511c5b0d46
SHA1 7822ebd84800711044eae8a714f4ca49a8ae4ff3
SHA256 31dc54ab5e62715704ebe22517d334dfbae6b1d0fd63a7af4c184cc5bb48514b
SHA512 f1be1a3e7075d37803493e853883a2aea9f0eb82604364c2aca8faf7f2dc001e888f93b1854cc305a9c7ee4532988d374a89f3485bfa83980964edd675434adb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d473451ab751288160b2e80acf685c54
SHA1 ade143647d3e45623fe92b8515f46e41d3ced5b9
SHA256 7b6e804c72c32007fc8eea7b7fd66fe22a2f35e2376923495f133fbb57ebf15b
SHA512 67b6cba208d35a7a874395ecfd1c7702f6d7628ae0525776d3058e5465e19b5d54d42924a033cc2f0b97d807414972decc9c97483d4ec90dd6891340ea0996f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85f7658a42d9ee562d2f7f5966e30c48
SHA1 723296d11b6f2896edc07327e07f516146d10f72
SHA256 af47cc52ff2740e5f68e516961beff37ca051184475c123285a638b4b76307be
SHA512 31fe5c7139d95efa6023160a1f2df62861071f2958d0c630cdf8582c252ae14476cf13de9912e143cab38d2cfa17fa7a49a491e1999eb8256977155b65a75838

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9282da738c30dcd06827e3c4de6f88f
SHA1 f96de837770a48331d47ef89d035cf27b28f82fc
SHA256 f8bf51fedcf652745f52c438cb5dd85313bd1b37f444a0bfacd9820eb270ee8b
SHA512 ba5d2803b03a4bbca3c1a5408e8f9b0b1c9e47754fca302875090f6ec809592fc9b5679dcd80e75475889163469e13d66b137d5489be2fa45a1bb41ec7aceca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f97f284f5519313db979404974c37af
SHA1 65a96537a6aec725a52e08149ce79d32ab0581c9
SHA256 0ba22c704a9aa608d284bfd2398b0a6403294aa3356305cf4f76a27584746705
SHA512 62f7a01fcdd1ab659ac4e6610f394eb72ca9b8d87747ec933aef974093b979562cb9e2c8df06112981eac81bbf9b5cfefc71f0296bfe685f23887f40c3e7cda8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2424523cf90981dbda140cd31c7670f7
SHA1 26a58abba54eb97940097c40f4ecc11eceb92fae
SHA256 f692cec6a5c70b8eafb1431889e4b8bc42e7d9e6a7ecf3feee71c5336a733c48
SHA512 37723d43e68c7ee5f0b568619ca333927d53fa1479fe3da4e75e13cb63c99a98dc4ed98b7c6dd24993b3cc8532eb6c312b5674681536646444664bebe650b64b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d33581d97e9b52677fb8366863e7e8a
SHA1 4a797e61110ba8437cf0cf7803212d44cdc8d999
SHA256 bef62121aacb5755f6197b347f4fde57b3c62a33122f78b535685c4c32c5c245
SHA512 c6f4ec4d77c97512497b5a172a4420fc20fae4304488bd11825c515e8c9499c005d6d919a5c0a59b14d226c3a629179d99be2aa73ce66d0b7bab7e0cbe374a78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da912f0db337d989e62958ca4717705a
SHA1 b28a675b22387efbda2d53bb0400a282710d55d0
SHA256 09ffe0f14d9f9f5fc2930c3e611f821e997029a937e9c163e86cd2c42dc760c2
SHA512 14202e484407afc0d73c5cc149a6564770610f54fb632e2a09ad2f4b475b35865940c46251f997820efd1e7e2c6d147fb57b7195642993755ff2ab474da335cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69fc46c140125c0ab850ce14cfa56a67
SHA1 522b962a1e1ac33ef5ddf380077208325f29c247
SHA256 d8916c6ab103eb5a592d5f4111f9b91748419860a83bd40608b945d2a68f2008
SHA512 8bcef5544902b3097e8a3578362a441ace2c93a490ac4b5d1085350847a6b74cfefe541412f96a5638b8a1c6a35dec22a080640fab118d7b9b86dc7c22fac2c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2eacae2dcef06533612f1c7980aef7e
SHA1 0c6329865ce1611dc550cd4da8ab90c449809908
SHA256 57d60b46404ea7952d9c513131a8aa5e4ff86c4c0bd9b09585ca446bcb9f0533
SHA512 da7d3d296b5dc01cb96c3cd7f69685b00bfbebf6dbe465016a2f4f674b1a602992ce0d4ea159da7739a5bff17f655dae3b3042645adefed4c714189179f11452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f430542bdfbca0b60be944290cecdf7
SHA1 890116a00354f85f1ed57b4dc92f58ffb0cb7442
SHA256 5f5c9a8d97e74923bb83754f9567992964c1d7e176d00b09e31feac3815575e4
SHA512 763f6f5a75aa6c7288e60721b96c451af5b1f760b02cdd643ddd6d11beeac6c2babf3d42e9ab186a08c150a1edaa2b7eea50e6ac03cfd81a0a2d4457fc80f176

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47bf41d73579a35a088f64a7f4305bd5
SHA1 e46afc52a5e96ca011a018d04b7c89bb3e35e624
SHA256 5fbd031e1a7782dd4c8ae906ffdf55d4fafd1c8d2fb2c8a5f7a1ca3043fa0cde
SHA512 3233c6eaee031d9cda28176e873b3707acdecd8019d59d8adbaaf3e3895ad7ac5408baa9dd193be23a594e23e2a6587da87c728f22cb749dd97c18842d266a4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc416416866560defd0bc1cfc700ad44
SHA1 ef8981e84fd32a468ce27744121fd59e04d61ffd
SHA256 f57ed613c030895f83257fda820cb64d5980f1636a4a47aca52e2a5717812f91
SHA512 d99691c03f35b7bab997fb031ee7a5c97af53d750058f7ea38389cd1c369d9307dec78c1e23126d007728d994fc690fad4288a863c8434790bdd1e665a181d7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d431189cd227ec93caf0fbfbe02ab09
SHA1 2df54a04c25fd51d3dad767ffb45d7f2a1836e0c
SHA256 dbecd88cd73bbe82ad2d20614ac286e5f5111d1082d88d26d9a689e9433170c0
SHA512 369f781801cd4fb740cdb16776e67b2b2295ec2bc13a9456c2ded1b87955f7194c793d92358b5ffdea6e3f34227844de4a52facbab9b4d0bdb133af68f6b5012

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5f5bf94488559e2d8eb194492e341aa
SHA1 fc15de41d571473a32d83ba32e3eb64b3a39216a
SHA256 eb2572b4665be565bcfcba6bf9d4061f33a1cc09f200120504a75a0ecdc0b3b5
SHA512 5485e9001a9bcba1ab9f96636792b2d4a209f445aef0501ecfeb3ac7338cf26d0866db5d181e8da905dfb7be4e69212e8e4275baef8246b7f53e1eee02455cb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5adb7535299b82e07eb7c195d725930b
SHA1 b6769500a4ba462f19aaa4b5b7f2a40c8ba24239
SHA256 00441563497ba618fe56905fa0a1d42979ae3cb1ea056b7b139e491a2dd7ea60
SHA512 5c3b73fb28a5ed47ef886789ee972224949282842776c10927d1b0153b8a2bbb237dfefdc1110b0e0556a1819980dfeb3b25862fb682feb094ed50d4c29ae2ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d48487e6ba900f3ce4e2395174a3696
SHA1 f6f01fb5974ea7871aa5429d19c80c44eb67480d
SHA256 984109979a23169b72f8364faedfdd803c8276e4bf90c944f2730d1fb7418ab2
SHA512 3f7cb7440b0e9b6225cc42fcfd2d41b9e40a4899bf44a2e8ef2330072080a406aa2d85cded4e6642f7ef69b508f03bca60f3b9c93701eedb56b7efa4842ec198

C:\Users\Admin\Downloads\Unconfirmed 784807.crdownload

MD5 ebafdc046620f21a1426e2dfc6d614f4
SHA1 0a214199901d6e7d680d31a4194ae0754c1269c8
SHA256 099ec1d7676ba695a1678a43e007679bf68ad5a5991ed4ac1a385e8355e111e3
SHA512 7222bb80d75a7f67b8d504a08d5dd2cdefdc8ba7b0b77a45476355c0f8db948a2798f0aaa08bc122d05351848156fd45ccb8b9e6faf153417a9135b986407828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b2c8f6b31887113be9491034c9984f3
SHA1 1763aff5ddd0311f9d654d70a9778890b420a474
SHA256 08b2cdc265831eff93fdfa01bb60ac2aab09dae86a3c24afb71b5c4be9b43ca6
SHA512 62896ca453859fdd190679f261e71cf107b0f85d44daec278fa659f05ed7155f543897ed192bf081c6be90af238d6552b7f8b22b15e0cc68992b757133dc7091

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c28b5cfefdc673d48abcdc9838d59787
SHA1 56968b562aad991560d2d2957fee04c928c48ce5
SHA256 c3f2e25e521576636af350a962215de16d32a8cb402615dc15a23dfe2c48fd44
SHA512 1ba2dbe25150ad61c998435cec8128fb1536d79f5ea247b04a0023ccbe8333a7816a52e387bd30a25b35886cdca4c15f9e78302190a3b35b977023a12ccf0acb

memory/6408-3550-0x0000000000160000-0x000000000017A000-memory.dmp

memory/6536-3567-0x000001A87BE80000-0x000001A87BEA2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ef6eab1aa06f77c137ba4b5b00347979
SHA1 fe7b1b70479e200b43ffff7937c26725b444a538
SHA256 0f18a9208b00c5791a79d1ac6d0907c0f0c7650d3ea43b29892b7a78ffee93cd
SHA512 c90e0b79861b2d4561f2cf1825acf0fe02c3c2d9f536873e037e219506e936c70a37982b6a66193b85f783c8992c0a7567259b374f9ce5cc0f590934c04a20bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe482b020c3029c2af24575ff9135e23
SHA1 da4e96ab1262f95b0a04f6513ec0fd5239ddbd87
SHA256 058a39a1064f38b5079f165f9189e1816d67133bd9a0247b7c67791da69c88ca
SHA512 323160c379e1d0e98d5b8e7f835c0ccaa68af0acf04a223b5fc9544e1833f1ede90f38c7ade96706edc4a8e4b9a0f49c88bec329cae46cb8c389280b94070989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b311ade626bbba5a289d898b98281ce
SHA1 5b5bc073551d72ef4da9adab914281edfe4dc600
SHA256 02d30f18e442a6200198967be44b98454abbaf507c2557abf7b52c7141bb24d6
SHA512 de343fdd5566856cd32ed0bb4442987ad0d4984efef15200c51ad341e710b68c64cf4659af73c5d42e54333003797c061bc329f3998d93c8896adb81525965ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fc7ce7c7c50781972a647fcbd65ac870
SHA1 4f677a2074f66c387e31ea1b89e3cec9564feea5
SHA256 d7388a4918bd21282e88623035cb0c798da1e8f3b82576d99bc850946aa39fd8
SHA512 588687e9fe1a367f9d9fadabb719d386a580131b93ef8e128b32c9c4ca8c2201151d7b1a2f456a1323088c831df977f02e8324013ad50f3da43f7da0de8a9d4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e06d02bc422a27a2852c9c8b1819626b
SHA1 f01f7f6e04bd3bbbff6093615de990fe500b77a9
SHA256 4e6f48f4e7a5b791f904e4ab3dcbde54af24fcf3c4cd8930f80dcea68e701b1d
SHA512 c8c7b8b15ad7dcb38ad5a577a3f191490f27ace75d0260ec981f541a2532c7012e5604aa7ef96e59cbfdad0b281caccadfbf9acb52d823649849af0a3efcb6a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e97bf03742ad5468e004d8038d065a82
SHA1 a6c4fa420d49460b04102e00478cf6af79f0db06
SHA256 113d5710a1a8e0db5e38b45501895525b7407c0353d1f54a137e623ab9207713
SHA512 f217798433578823aecf3831d9b1732f2d91c19701eb13f9d862389ccb57f83a6e5e99f3be7c0cab29787dc4bbc1e2e5bb61a2358cfbf9e65ee1164d5fca4b74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6a0583572e4f57489295445da3190a54
SHA1 37f10c8dfc6067bb9e4aef346507532d505ac3b0
SHA256 f13e46304ce42e3b33bf8b11b362c664aa23943478fb627b69b6fa4324c4b0fc
SHA512 5f7bedb606e61651605a10bc4922fcf9e009014d399fe5e976ec33769eb747d49556ccae273568f7bd5cf9912234e851764f84e0af344447336f645d35788135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6475b618e71ae5517a6668930c2bae17
SHA1 53eefa3aa39d0bec02c21f13f4ff0f5148afe9b3
SHA256 380f80a82e8a8225a532034815e0d94d678d301ab9d085e00985d97f3ba12020
SHA512 eba0ff540cbc9a1438f965527abb12e78a66b310060cfe1a5bec827718d083d29b91067178a3e34652a004615839d1f8d95b171acd36e27e28738f185bf69c49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f6cfbfae7f96834d25b3c6fc998f45c5
SHA1 a456732c67bb67927f23661c156ad7e2166ede2a
SHA256 e1ea7f303f575c4d6019360cbceeddb2f70018de1769b34f6f27d3556bb464aa
SHA512 d1eca5a4f332f3942d78b0cf306bb53cdd0d127eeca7f33ed63003d479325a922c92f6e7227497b194b1a71eef47fc45c1a4308893b7c6c42b53a0ff1c51039a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1738857b066466cbee1c1265a0c016bc
SHA1 86e57f63d2e913834fb1ae449e22fa35767be24f
SHA256 c0169f173ae821fe095cfccc84f21a8aec05044f622d07444f06731feb31352a
SHA512 73425ff279e4dd636adf459e40f81ab070d0a08e17f3106d47b0d462c3339e1487c1b00d987de12f96211dd200fdc2ba0cb49e34e6459ae4947c8671133d749a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8aa19d2efbcbe5303478b292930db0b
SHA1 d946c4cce26e303d2ff7d706460c88c3b7b1ca2b
SHA256 34d8826678c2b19505b35e71b414f62dd95b02a7f7a8def49fad3f27cdf9e82d
SHA512 6178eb4c20bfc6b28f775ef3d7cef56f3779dd8caae958026152dfc6d9595ae148c07a9d906552b9c87afea0d180bd1ace0bacd3a123f1c1ba2ff87fb916666b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 72614aee9749e8b670beaadac740a8be
SHA1 af91aaca7b13cb6d80cb81ea263850d39a4544b0
SHA256 e6d772683f7b05027a87239353ede67f75f3d747ad62318b1df7c8a0fd0b5545
SHA512 a27d4b7c1557deb71b5d421bf239099191d84be3776d46d2faa5844a28e099801ac0dfe648c4d67bb2e4951aa16d0c9b72f0713431c484cf2b5fc5eff744ed37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f5b0b6cf32b6a491009b9b61cd084572
SHA1 c9d8614461c0102d4a5a000a01bdad0485829d12
SHA256 5f5022d69903fc02e66689f3bd01e24b7cd3296ea593b94c0b5c14dcea7dc6fd
SHA512 eb878e2445310de89b13378abe611f3e42cf7ae3a203eaafe4e00d9c9aed5458b4c2d2a639f84c926e175d90caeff434c77edfef7a70619a8d52ebccc2d937ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 45ea100c8e4d27f9143c54790021bd51
SHA1 f270a26adc0055fb9aa73c40f1df4000ccadf7a0
SHA256 8ce438cf1cb4ad414d8f2efac79e107def9dcef759568e0eab63b11167240c0b
SHA512 96b46d03995cf23b8357f1676d5b3a9202d2ebe398570b234241fd0a7713a66a0eb1dc2b4c938815f87f6bc98c8388c3ae583fa09eb5f69cc9fa98673819ee0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe642c12.TMP

MD5 8613d2866d6bf0feaa38583dc809a13e
SHA1 2ad580558a05c56e9262ea772520f5f4c52ebadc
SHA256 886f28d1f7045edb1655f55254d1d73ac46b99e04b5541e80690da870d165abc
SHA512 3324af0a0eab60229a36caeae7e3ed6630b979ed05e6bd6f0f89da838223ce56d1239c4d807e9bf97cda86ba4588e4dacf45d447f5d04fbfd484af1c21985932

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5048_1041024307\Shortcuts Menu Icons\0\512.png

MD5 206fd9669027c437a36fbf7d73657db7
SHA1 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5
SHA256 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18
SHA512 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5048_1041024307\Shortcuts Menu Icons\1\512.png

MD5 529a0ad2f85dff6370e98e206ecb6ef9
SHA1 7a4ff97f02962afeca94f1815168f41ba54b0691
SHA256 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6
SHA512 d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f50f8109f4e5c055062e65cd11a8aa5
SHA1 cd1b58a87ded86a249cea6bfe8eaa7c2aa5dba97
SHA256 7f748f441a8ab1a65d60c6cce466f2c8dc37a90457312b177301b91f6fdbe11f
SHA512 b7522c816c58f21741aae7853830f7fd7c88de5b682b3b37c97881cf3b80cd45c3d5ff90fa7401a661c638afaef8ee515522547eb138ea90ea185fe7e622edcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2a22ffb6e2f07f09543a55776387ec5a
SHA1 bf42d86366b38a1a9f4342dbda101569b2ec7975
SHA256 a1ac1a3e9f23e7fc21cf14b830caf8e1c7d08cf830b29e3ca51f1e88444e3f81
SHA512 abf99b6f28d63699433923673d26d7125dd5b056ef1b5cdccb35b32d6a380210973cba7a3501af7d923e5ac4d78eda3cc6ea6f12fa1fa971a2eb314c74a134ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bdf61fc-9747-492c-871c-73f69d575ac5\index-dir\the-real-index

MD5 5f9886822304b691f09e3b3c36c5d480
SHA1 71147861bacd51f79afcdf578faf180ad9f2b42f
SHA256 e7129abe04afb03d3931d727534ba97d7eb518c9ba76d29df81a690120a3f58a
SHA512 70c30965bfd217e6c2b925a83182bb49a39e3610f7c92e993af6a0f04910dcebecbe58e68876555772a1484642f391e7647d23a83ac0cc3c542ec590a7f40a8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bdf61fc-9747-492c-871c-73f69d575ac5\index-dir\the-real-index~RFe6454d7.TMP

MD5 dbf5dcfccac4d02d8ed37878f53252aa
SHA1 81f1d93fb58a9d898c526884a8671896aad7ced7
SHA256 4b6c5e1afead58f808655cb7a436542ad071000ecc4845606a62abf400df2abd
SHA512 013344166227cedb5825b4fdc18ad36010a8a32f71940533074e04403a6a51ae52e65225195a8670e3681f4d2cfe5efb86062f0cf8071963d8d0f51f75477449

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 86a4bcd96cb0fbd7cb3146ab5fed30f7
SHA1 952cee13b1ffccdf36586b446fe4aad7f26e76ef
SHA256 49023dec60569b05ee4b8582ac39dadd51454832bb2e6988a1821467a067a325
SHA512 f98ebf42d30d4be6409813a7d34ce5a2457b0575140bc16c627f1cd5367c9957f883f163fc4b60651e6fa436430b8a0b913a3f60280bc6cf7727be7c933ae462

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 08b96aa3fd7431a500e23a17a30a56b3
SHA1 cae25d029280670fd5c391041894524fd01b4bd7
SHA256 a70536cdea39141870b79b84bd6705cd60f1f4a92141597784ab9c33cbc55a41
SHA512 8ba5a63c7e9491d359ed370d323a2002517956ac0092f4e814921f489589fb4312caf26c52b7a3a09143ae7acd368e8fa2507e2c8231ecc5b72ecec7fb36b6cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f854aa8969d5b8c2f2b0d8dd539ca36e
SHA1 f1f69455a9653dbb0c8235fb552d3a648f64766e
SHA256 bf06cc185ed270f1cab2a42c794c8fb7675cc7994a0745e0953081a1f738afe6
SHA512 f33a717875a1e398fe5b8c94b40624a55c7ac9be21ffa227c891c684b67a0e96ff585a88d4770526e175d739d182a1952ac552a02d266ea70c1944c0db1f5360

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 fbd295b721ad3d5804bdb2a278eea75b
SHA1 a3a9b097f14b9fdf4174d16c249764fc4a4778d0
SHA256 d6ec901270bc92b63f7e074e112541f2eac59e1e8e2fc05c7e8314281b621f7d
SHA512 73e54ed80d1867d318a5cbb6bd552b5ef58dd4cc8a45233796dbd9f5c44f02040761733b0968ffc6d322727f3f16001b943ae124e097904e1a22d5405ba70421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 166067ab4e8e0e4360a5ef617a3d9e36
SHA1 b5412c8099e10e7898e877f4a3e9b03582f08a83
SHA256 0573502902ebd67c929cfd48f869ff80dc91f340442dac9dd4099d136fe01fc9
SHA512 af9590fd696a7ded64245216ca22e8d8f39b990a191eb3402c755ec9233515c449b32c976793f15593d8134c1b7b16133bafc00be7a2e6b5a110a8d54977f69a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 19aae33887c6287c6db80d79cdd34f5a
SHA1 3d453a877bdff0097cf125addc8f5f1b85580362
SHA256 09c5b498a942533c54c94c229aa8129af67b0cdaabeffcf8ee6c03d04552ea52
SHA512 0fac3cf3a46aab179cf054de5544c19ecadd740f87770c5ea92ac665f7ec5646d29ef17ef4d9f4bc7889d8060431319b9fcedd59acb7156bc8c8df3ee99b83e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 da6e34fae9b3ddef29ffcbbb0912d6fe
SHA1 2a5d74cae10d2a5ec12d5b6dbf042bfbaafd9336
SHA256 5c9383ba24395c1c8b5f9ae51d4290a98e4a6f3910d2c71d91399e7c4c5ae661
SHA512 1eed354367473e403f8ad55e8527b6ffe10646a436abd6b3c81cd1bd17107465bdddfb8a5507ba43904054f03678096780063f254619ac76f5a0c0839867ab4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 08f9985e49aab1e6c5e9810ef6f8afad
SHA1 c0b6d51c227bbe3e7ae6151536b633c007d4c609
SHA256 ed2477616a2ca75ef014c2dd86b28c1d9a042c8df9bf72c76a61763d430d7f18
SHA512 80cd2c3133e37db5be277b48a1e3b1a319f305e52bff72ccd73775bed04ed64d7fa0a2ae24ac7ef5937257a31bfb7e19c2c95a851a52b2ce398bbafe4f04993d

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd10f37480f24742f9e6ba58027ea8f3
SHA1 bb8b354490fbcb3b7fa11a843a58269b86aa2538
SHA256 b0425c8c8630a6671dbf11f19541974a74164ac016f1ae80e78b781f1aad8a97
SHA512 8a1abb0233778d2002f3d388c8c21cf2e6af0e5d6709bbff4529238bb47ef0d89c01546b734bf5d5778c19c49c4e404ef27f095cfafa6279f7a25ec380ac40de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4744515289c2a77ef992f02d791277d
SHA1 a22e286f2ef490b8157bf2aa3afa6d6d8eca93e9
SHA256 f91e657d930ed357e1ba2aae5f97f84101438b7c3f4bd82f4f445e5faa6127c6
SHA512 3a170da6ddeb1853465b0439ea6c6addf3f5e2352dcda8af1d17e8c6ce1ef608aaa56ec0176678e14ea4f6b924e1bd481d38d95168304e763a329de4b39e613d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2e75234911d9c2a862cf0f6166f3a532
SHA1 d0e4928efced920b2ef51ae0ce8f5c8eaa69db19
SHA256 a3cefe0ae2909ed2f9046a1c1bf4a7a91dcf1703b79466d95b7927dab6777099
SHA512 26a90726cd4b4afdd41c159819b44617f2c5adafeb45cb0d2eba70795a0e4693d02a08d08af4e05807ab23b8529ca18708672265aab034239a54c6e77d396a4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de9b98a4fa830f7e1113fdb3e3de0b0f
SHA1 f7b78a001e0be5f73257f5fd91096af02b703b20
SHA256 bdd5744f616a8b448824a8768486cb1d756751f0414fb6bbf27690109fd40df3
SHA512 9dff8b08fd31b982f82c468054b8ece3f902a9d481bb838f4f0ff5b8ef96c775aedd3ae7d6bc7687afc9b1f810fe5151514ace0306c3b41ef5ea69dd7750ea85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\index-dir\the-real-index~RFe64acac.TMP

MD5 d67d58c26a2812dc1a9d45e659b51095
SHA1 5886ba6cf828021a017f739d4152a7359189fe13
SHA256 73977eb43d5248b6c25dd6722f5d38d4e56df23914a597c38e810ed683af3279
SHA512 4a36ced6d75427e6ab7c59fe9289bf19041ba03bc7f7dfd19a863cb86eb6b5a0a4fef3084348659d46a350c7bb166380a04f16f234d337707087eb7b3ba6e34c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\index-dir\the-real-index

MD5 64b5a0c50d62d311f8d54b8b52b5d7c1
SHA1 8d34c27c900fc53a6d26620da24e30a0e8486050
SHA256 339a1f79a7ac2f207be07127084868fdf87be172f7fae675d4ee2ebf68f03c95
SHA512 5307abe49f93d7ac9524e4702162309ec61ad13d085dcafd5a7d9fd24fe5104d700a0c533c5a8b42f360305b4c0079a28ce222ebf150a6fe427818ad6cfb8b44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2bacfcd173e08162949d78fa97d177d
SHA1 b95f466286e43b31c8e84ced6de3b0b2066f06b5
SHA256 bfdb1e33b04663c94a48f297a7aaacc0ce03cfc81a8ca091272788ca217fe1ca
SHA512 0d467e9975d8a1bad10564cf75110d80e5c51ca5f5003d69cd18c5d83f33dc0ec75b018d1f6d202b820cac33257f773162e7703c642208469b79e092016994c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed629ce943088ab71f43e6a390ce4932
SHA1 fc79d1787489ffb09ee5ddc1c7f95eaa4f501b1e
SHA256 e476cad2ed5cf836f971040447eaa730d9ee8fd8c3957b22a68e57f393dc3be1
SHA512 10f76babc67178b16d8564fca68a2fcad2b159fac7adda8ddde9675dfaf93b5aabaf942290c3d86b9cb9668f4cc532599229b738d4b2a56357cde1f428152524

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c530a852-50a6-4765-b94b-c6cd8ff053bb\7acd421b4864a864_0

MD5 d298db790e81ea9195d5c35fb8778af7
SHA1 e25a1c718f42a9ce5091e02c5db8a09932b713ad
SHA256 e063642e29f21706f75a5cb84ad8998734c21906143b9cb5e4421914933551c7
SHA512 cc4950ffaccaf685b3f890d83644cd5358ce8ccd18c66d436437def253efde92e1b8bcf5c19c59b69b7a2ee58a8c9cba1ffab72a529fa3cb761431357c3bba12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52b4b71f282401b411ab7f312ce2f3ba
SHA1 a06ee5e1ecdab016b4f0ad227b94ac208673ddcb
SHA256 3b772b3a52664e2575db54c4564bef2ec11c158f9f7272447272052bd113d7bf
SHA512 48e2e57f38aaf72663a4aa90dc293feaa58faf2e9c7abaf35b4bab05dad144e12424de00e6ff3d72210d57bf5c8361128f5ae5e41a6bf4d7309699db7fd19e98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 04ce3dcfdd1576ce918bc3fcb134b022
SHA1 fd05474fe51ca92c079856a4366da490b47d25fc
SHA256 d66e1b0f1f576a47e2a20d9c04fe0d60e1bef6c46ab439f8e1dae55e5fad3c94
SHA512 a4ca553ecd1ebfff9799f8101fc052ad66343258b1bab939cb4cdc6585483a627a872744d154e40ff28d24c9180f5053595bce5b50762b1bc730679a5abeb783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 08458c650a5465c9e3195dfafbdab872
SHA1 48782f51fda25e5f3e68a220472ff699f3e14676
SHA256 467ae62e009883e962aafec43e2e0c7472a3b204bb9b19853cacbf6db4df9583
SHA512 1e878c816a96fa815ca3814c30a9eb415029abbd5b678b620b525c7548dea44db8a654657f0cb3a229c3fefd228b81b138679ad423d924bd388d3913b5d67df1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54326371036a7a54baf6c440292d8e47
SHA1 baf6b721a64e2c06487b3f1da84608245bfb4fdb
SHA256 57c9b101f70375818f292f4c802c9c632034e43e32aeea82dcec71e7d43586fe
SHA512 0ae992afa7a12966d223f9ec3fb0fea98d43ac5fade978360f79b6160c130ea2eea5b57ba3a729dd5bd706fa6e10a58e07fad3a5155c15628461690d83481d00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 7b49e7ed72d5c3ab75ea4aa12182314a
SHA1 1338fc8f099438e5465615ace45c245450f98c84
SHA256 747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6
SHA512 6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1bdf61fc-9747-492c-871c-73f69d575ac5\index-dir\the-real-index

MD5 6af3565c52a9c955cff19e237117eac6
SHA1 ef7de56fde4e749a8eb08e36560a829eaacc5fe0
SHA256 ec95e55709cba59974172071baf2821bbe380839d08e04c4275f04193e355240
SHA512 5bf9aa4cf99bc591316d3216df25db0a28844ed0ea8b536e9c9148d9aad456bfa680e5b2ddc59db746f0b4f942cb0f9a778f788911e233bb61c05cfe434899c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 af662528129d78921e095df3a29182bd
SHA1 2e8dcab0d728b517ec39df648a3a1cfaaad722d9
SHA256 e4099e84f6b3d4249ba08b00c55289b94ecb2851f539d1a714635b64c78d2757
SHA512 096ca5a7197e5f2e43008d65ec8b1a85f4e59fc8d5d49ba6f91cae4efa661211bd7df7b4018c0b2d4a6fe3cc4ce3cf2b694f506d2839bafa4b4eee381d6322b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 178686016086a18df8bdabcff1db7f2b
SHA1 ec88ecca6de5bce3d3f5f09049c097a997e1a799
SHA256 11768eb1b388570dfd7072fbf70e41278838d803a58f37d981a54cf3177febea
SHA512 9c0664113a0196631a1976edbc3a1042b5b48f01ac0ec691365ac5f5982b4ac45beb728ed112aa3120d5940878eed13453c9b5dfff13f55d29f75796c7ed3dbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08e0016aab53db43686076dab442b776
SHA1 fa54dec910b2159cb0c0abed375694aaaf8bbac3
SHA256 19cd9ebe1b88db708b8813ba1add98de29acc332a68a8d018b9eaed55ea943f0
SHA512 6d07b2d33f799ea6dca8a02d1a6ede6f7b4fbdb091a42db3e0854c6ea0e480ff47cb90ff2f318a3d54c287018f47c5cc9aea9bd4efb1df1857e6e7276c6b66d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cdb9a8eeabff82a4d51e443c575c95a9
SHA1 922d8ce3e202450c20846858010807221de153f7
SHA256 486fa0b7c3bc58c1a443f9c6fcdabec092ed9cbdb43b57e822bb63055b89f5bf
SHA512 e02d1319be2cdc83bea1c45625a7c602c90ae4871ee79f55c90406667db12189df27eefbc50d52e12bc29a51783e9a4f774632dcebdafbeee8a7023f809ee4ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0eea6ecd8b870df6e7e38bac65c9c66a
SHA1 eb53dd4194ae17b52bbaf79219afd0090528b598
SHA256 da84838d0554d803297a259edca203fc10d0e67040868bbe438581164b4c096b
SHA512 190f32e87cb490de0762b3bd1e34beb5daf1593fdd48328a4d4ea6f7abee832732429df2343e0a2343e3a2f9664e5539ddcb0113d802638c2e84d7a6c31e0100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2fbb75c68a4777e68b9e008aa6fd95a
SHA1 e65a2ae926fb71537e615db2133d363079610eb3
SHA256 92245859f11b24c763e8855cda34096b0da7893adcde5a512d7e8955d79e3aff
SHA512 8dee1096913a5c3dec97f9be4bddc93df1ddec5df6b3e24b1d4cc546a6087bda34e63e5542001ac3a1dedd8a41fc7188c212dd32161513de1cc7bde6894e99d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 286fcdccd034541559379404ad69b3c6
SHA1 549698fe293bff6d1edb91d31fac65d049d031ca
SHA256 0d7b68da25977ec38635bae4f6c4228af62bb9d75f354b86ecd9c98e46cfbb04
SHA512 c8b9736fbb4d9f8c6db2761e7d9fc1ad3264fd0a715f842cdc1e926d27383ea8cd97745e9ac51e29ad0181dcdaa6e5a8a78393c72efff8346a73ec2c1ef78c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 258830b0dca544817a556042e0c6abf2
SHA1 f2eee576ab6ff99f6c8a7cbb091c4725e2964f75
SHA256 84ba825e4066efc19c77db7383582e7c296b88d7619d0838df1daa742d9ad0ad
SHA512 00ae876d915e6a8762abec9ca1568941f0820b11e39081f5f587c242f78a9c3a701d6798f309e087602a0b6052bbb2807f965ee74ddd66b821814dae0d894625

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

MD5 47dc65492ce82ca6490241a545bab45c
SHA1 809c24b668e2383016f8ff2ff4270c028917be6a
SHA256 f1afc64f56109bcfdc6b4a657fb60d5a49455737fbc5c97995d890ba1696b33e
SHA512 403f8cf0a1a4bf704c14bc767340e70b746afd22d7c645817aef1a3b6240327574bdd3a89226a5c534f40adf241e83ada064e385c7c956cc8437bb650452816c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f69cbe9a55eea8f29b23eb836f3c757
SHA1 b8e6e8ee499fbe81937f6dac755fcfaf106e6f1c
SHA256 cc5032657d7150b1c75901611b62174b46b359eae32d038b8a58a15fbf459905
SHA512 ff4b1744a484d9cba54ed92a349e7a2f52cc024b6edba39ee35ae7478aba9ce059e9659f7e3babc0e23843e15933f68d1b5958f3b841f8be52237776577d3b51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aea6031e8951366fe10ada939f81a4dc
SHA1 4088d01c0a3aa94f554cafffbb5f31662b6d9696
SHA256 2d46809202bdf45dd51fb2fe8fc6fa3564880b986f518c207bc1e3ea73237f63
SHA512 b3376f2c322491c3b070acbd40497025b901b0d68ad9ffaf1f3e5f4c3c42c0e1f9531d0c4ce416f9b18955023fcb4dd788e20f756b295f904bcff07a8830f219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20a168d54a9b8c4c44fb6ac6f1a833cd
SHA1 e67fb0c43bb1769c96d727e9ae3ce9c12366e12b
SHA256 619b836121baaa13a4288951f475acddcf5ee46008e222b4ba2ed44274cd051e
SHA512 acd61a5a1874a83049b95afe4d4d8f3d1959db0d3b1dc6212eeb3c466f99259412d03f334e3be7074f7da5a6449da7756cf90298ecbe0a5b834d04d5e6766165

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6ba5f05ee47cb976f8a9241f0286288c
SHA1 d3603bc4d19f7731bd9abb3233e5ff9480ad1072
SHA256 cd92bbdfc70a09e6d2a17d649d1fc2c0b0228da6a3d8312384eee12226509c2a
SHA512 7c8972c0956a5ab8d9029a03cf4b457e5357715f7735543df0276b68cef512f8cbb815b3482742f2d25591bc93deb54cc10b3e99e7e6f2d95872ecd1e49c5776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fadb73973128b847ece2adf1d2c021a1
SHA1 c82062deb6ef0405e18e52f8e9463b95285d3762
SHA256 780276860873ed561108f208685dd0296437aaf2928a72397317662232b7b820
SHA512 6d4e565fb8eaf1835889039aec5904487f35afa1347cf0c165d0d9e9be0697a5ab2d96218719fea24a14091502d7ef427beb167ed55695228489a148001eb89e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt

MD5 328cd8cf6b25d95412a982c2bdaa96eb
SHA1 075572edd136570a897df1f37e002b4be0097c91
SHA256 85d6c7e1ce76f59b45527a814182bcbca4d9321e8cc3599a16534764916aec7c
SHA512 532e912f6b2ad55a2947542d2319d3833eca8adc1280acb40f5fe3ce16994a57873d19d5ff4bf4dcde04ec057dc19ff1437dc16097abc6e03e74a8a1b1692540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt~RFe66a203.TMP

MD5 a82d684ecb95a1cf1b921ad94261bfa9
SHA1 1eb321a60865a58a952903a52d3a2190d58a16cb
SHA256 b503221fe57ae24764fb6eff89bfcfe83d56187c43c70a6657ad51697392a5c3
SHA512 e5f6084dfe0c7d1d3293d56240dc8b5b15d36b36524944943fe677e48d6ff7d0ab7e2028efb235f1a35e81b180f5d3cb316245013a13e2b2e1f045b5f65d3a80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt

MD5 984c8d4a16e8bf4852f4047b5c0012d9
SHA1 df2206ea2578c05d91b7af6dacf58417c5b2de75
SHA256 abc4df45a6124a1be33bdbd95c86874679d2427783adaff349e571a817352818
SHA512 5770ec5b279b68ac6c7231fca466ddee589e8573fcb92a34744626efb98d3aadf9a5a3118ef50072d91172d699946e3c2aae5b270edbea84b9984a63b03d906d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ac8a6ea2255b4e658c6339ef16c9026
SHA1 eb051d18b3cfbb22935b88496b7dc19d6cab4603
SHA256 51c3c17d1ad1f3a9e89ee523a7c55f6cb750bcc1267cede2c23e88d42b69b9ea
SHA512 3943d5fb60f0a1cfd552a218091b4211c4ec868dd00792a8b528a090f2e25237df2b5a78d1c893671e0f9ef236e348306ee6fa15e14a690cb1ee80484a6cb8f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4

MD5 5c021cdcb3362ab6808ae7da70465d9a
SHA1 c758fa86e404db075636a73731b0d8af6c9f3433
SHA256 83c767b591815d7c0b3f1505a84710cfefbc98a178e1b13e5e93a2e37c479ba7
SHA512 699f6b24d2e2bd58be49f7944c934571ea7b4105ae52db6c5bcc8b1b0f9e4f52a46588806d2381552be0c44cfcfcd00a86127d9b6c5e36bb71d407708c4172c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt

MD5 e417b0745c77c1eae789481c1cb2772e
SHA1 71a1166d7437dbaeeacb7ed7d0d6110d7b1bec0f
SHA256 4124c4ca1c4f51120ab89b427cb1d0fcea2bc76447d99c81e5c1ed4def2f1aaf
SHA512 6e69dc852b574d09657ce8a3f15c181f791469a74055e5fe28b3d7a8a10b4a9c9c7541a9021f3f0e952faee1f869824ac9a214d2ac7fcd8fa2da259bef3c03d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt

MD5 cbe9adae0da24e27813e2b3cbbde0a55
SHA1 a77824e5c6f1fbb2983b7932f280cbe4073a0107
SHA256 ca63ad73c7d6c39b8d69685475d41d026d09c9d76076dfd8d3c3483a46b4d109
SHA512 670cea1a507cd48cbe8ce2f9ef6b54334d4fd5e600e7ddf60dea67ce89f0a54b3797a8ecf26404edb06715d1e6acb2774d7ba303ea7059514c0f38d991ae2a32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

MD5 2d0cbcd956062756b83ea9217d94f686
SHA1 aedc241a33897a78f90830ee9293a7c0fd274e0e
SHA256 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2
SHA512 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000078

MD5 08e87d4ca70b189e858f10803c556ad7
SHA1 427db044f9f989e2f34d8db8ca7bf5841f4bb045
SHA256 69ceaeedfafef98513d01c0193172914afc8204122c7f84e097ad92fdb421688
SHA512 d65abf68af18bf9f49ea3e6dc0f424b8c882a812c62806e6c68ee3644f02717951ed71f1d78d62f3451d31339615dd4d2422e3f4755afb29ab294c1dc3f95acb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 444d15fe9964b90bfc184274c6b389f0
SHA1 e5a2d1a0b029ccf259196195cd22d249d99fa7bc
SHA256 8a96dfa177a46c88b8cd93d998a9861c80d377094fcfd7207e5274d128263d0e
SHA512 09f273c0c4bb9bb438c405e299940ce8a19fb7147512ec204c3474aafd30f534863b6e9fc9afac40995458a6c00433a1a79a5ddb233165eab1de7f42e0fb2dee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt

MD5 60501b38bd808a507179794b81e82bf3
SHA1 3c028046e8c930369d7835e568172a4ec95bdb8a
SHA256 acabe2bcecb6490f6418dcca8868bbfab7e2afdfd5e21694f7d038cd862d57d2
SHA512 de7d21971adcf6636bcc14c3a4925584078c7c5efb35d1da0918080cf65bf87064a6b41b6595c00442ab1f033f02448cc5ab67a4f58a9df9c86942ec631f8818

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096

MD5 53b7676cbd461618984fcb83a83e9587
SHA1 bd955f4eb24621e0def90c1c9aed9fed449751cc
SHA256 e8a4179962be505ed1bda2e2221450d7953f29309329eea9390ed12d6b19960e
SHA512 fbd7eaac7e9d3c7a05c6547c48aaa04587ddb4a61e485e288b9904667e716dd01b0c3dcf4e68865e1a16c39bfc01d18c95d7032384f649c307d124b9fe784df6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

MD5 95058bc21af6ff831f62c2a22fadc50f
SHA1 56b41a13223ee610f8dfc6cad050c6f68b012cce
SHA256 ea5e6f30e7fd7eff0687bffb8ff4f289d2e200c82b3b18d858ae252db3cc6903
SHA512 0f0c29f481eb84bcd5e80ca45ea5cfa8acc938ea590e215b7217d76eda5c66bae5bdc8136eed73968155a0fcbfeb64df70d9ebc2558e3756d209c14c5809d62e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

MD5 801d8a7eb26999ae07b82f70c66529a1
SHA1 e8b7343f8baeb857235ac71c5aa671cd3dd0ed56
SHA256 6201c74c437318f34e9bd574815515853148d1abfd074301101683b9a183f070
SHA512 4ba7e230ea8b6fc257866de633e3fdce9be66ccd9108de9a927f6ce231e57e522de0a3b060c82a4f0a3dcdc2962b696cd03d8ef3ad85d34dbc23c855eda2a2ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b

MD5 7416f425f72ffee97e4e3f8ecb5943b2
SHA1 74a579c6f601de60f2d62fec57bca11fc5e33362
SHA256 6094107f5aededb5d95a00e824a628463593c1101802e5a10168a13eeb44b006
SHA512 1c26191e0fcd66a1aa112b96ce59dc40e730ee581e6f2d2605569335935644f9917f6570b570256c36a83f7228d329af6a7d60163effd156ebc051473a7b51ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\5a348df8-2298-46bf-a9ed-c12677bb58d3\2

MD5 0c27e688547baa10c8532eb193dca141
SHA1 4169a46844cdb9a3e3c13f34ca442baacf947506
SHA256 89960cffd1a684dd207f0218ba5030647205408b2e547f0b4988e36e55973245
SHA512 d8fb3c23189cbdec1a640bb2621dd5e6c16eea0fd411ba6a7456edcb6234264161c1ab1a01c5be0b24977a94b46fc1a7aa4f18535ae48485f0085eeff74bab2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2

MD5 a2625c7d3e053a2a81fb4db5e338d3bd
SHA1 396d0ff09927500b31ae336fb0b0f1b69d919990
SHA256 003aeb7864b30265e970b42d3a06403cafc3ab71a480e818aaa97abd232a610a
SHA512 144a89f15c33f9588c0279cf194846db04e10de259b43f10f02815bce59c274464a5acabcb306d4dbbab808eb4f4be8bce1df8ee8aec95aa5323289ede29fb81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0

MD5 84110269add542a2b71a52f18bf7725a
SHA1 a37b735b9397a147bc2b2e511795a87338dcd543
SHA256 ec53cc4774e7b530a5887fea08f03bb7c0f134390597ea9d9ea1773ee8eda236
SHA512 b767cb910753177fbba8e06ea6a1eb332132b381893893e0976bb1df6c410b9af7d854bc452915b566f7844cd40a4c20950d2518e8ebd3a75a0cf4e7cc880185

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3

MD5 5c9065f290693b9457e4cfa214ba9b3c
SHA1 0132d29f7cf8e98c6ab9b02654e8a5efcdbb72b8
SHA256 c16808b8c97dafad2c3fefb3a1358040587e25a59d9a6e3b70fc66643d8a3715
SHA512 376f8e31a0801b72427864a8cee66b5b9790cc7742413a95eccd506fccd6baa8066a3290487f697addcc5ff5cbcbd25661574ceee8d19a6c3941d4530224ecf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ec5660bc834ae90f5e180b9eccd3854
SHA1 b9cf1e2a56b260e0d031f6d848ca9f1a58c05543
SHA256 4bf9ee5f214ca30b500a329e796afa14b1784df82d9bd3c0ea84c8ea6a594817
SHA512 d17a8435e390ab9f896431a427c1f07d84d5e074cb561601b83943fc2df21299b2e37b3619955538fbc348ca3209d0755e3286f4db5d8b1621a635a8f331193a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48e8b7017cde5244ad2658c32ec1ecae
SHA1 f14eb70fb3a82f57bd0fb6411a5be3a9da7dc09c
SHA256 22165877799a18022b09050952a9d95426ad30ca2cc6fd891fece41c35845212
SHA512 9ecf5185c91d55cd1f0a1ef71fe9bb6935cfb26bfb1b1a532498ef0dc8065b25002c09519c44bb058bd7796bff845f36b8c55bd38b75917a16a796052c85fba2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 478c64f99f3ca7e0af770c3d1be89647
SHA1 00df10c8287c9cd9675f2fff93b5bc45c64c59cc
SHA256 3e9c6a0bbc0c35b69362e706bf478a3e3487306f605f86a349c79d8d535f3200
SHA512 1527265f0319105dfa92ff15b98816a550ed2b024ff3ab89e44826f6cbfbd33d10bc44bd8147d13f86820deacc31d0939346052597b37c539d04a59b3dc3d5d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1c5ea6a432231fc5ef63d400548a0b5b
SHA1 31989bf9e9f18e3fc25498d48feb37de11dc431d
SHA256 17ec540927f8ed70ca302687a0e68c49fc105c3a1f1b5acb49f54c8c8a9d0f44
SHA512 8d21b66a02860e75da4080592630f2927d3fc34866b6a9b1b13119b3f798000abe5ef274d4d892498a723308a9ffaf414e5781cb7cd18131b12fea6becee7fe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\1b8f55a8-0547-4ecc-bc0d-a933bb6f81b6\index-dir\the-real-index~RFe6731ef.TMP

MD5 420f796a067a93526c87d3bec2441b66
SHA1 2e106297ff1ab753cc8d144f0d1313a5873b9577
SHA256 89dc99e22e6e89a60a098043c138c5f0216cd9df9a08903a290888b7c61aa6b3
SHA512 b19192b796e6ce57a4c06c048f3a0697754992f4f2013cfcc674df18c0bab5dc89f063f1431a4aaa6c7cf2c3716e0684958a92a0247972340ba1f520e00902c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\1b8f55a8-0547-4ecc-bc0d-a933bb6f81b6\index-dir\the-real-index

MD5 e9466efbd494fb16cb5338f4f6c19e00
SHA1 7732bf3e62bf2f85e89ed1081ca02fbe4e75a3fc
SHA256 3aa58d4e85967b790f77c76c658989ab231f6540ccc3ff014ce96a05886ce68c
SHA512 8045a0a757c201c015ca6b03d0d70dcbbead13bb496679067e8efd6725b436dfeb4537e3a8dd2c803176b1ed1bc15d253c797411e911790ca7a246ca55a34485

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6e4e6a3d8641b347f140612deee15f47
SHA1 c8acf45744ed21e0585dd80d1060941400659a3c
SHA256 c169b6a4daff86884180c3484b4b4a5d029ff01856592d2633c0e11b2f770132
SHA512 485e47ed3aeefef143db7979f3f70606dc85c86ff71b54cbd95eba0184e950aaba19f22d50d7d0fc86764dcdf74cae1555b8df4674e44f02c28f8acf20badb5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\774daab0-4a09-4e38-bdc0-b8f62b94a391\index-dir\the-real-index~RFe675391.TMP

MD5 224d289d6bda5739aea235f94856e61d
SHA1 5ba374e4486e089ef74a42cbe707c7880fe612a5
SHA256 65eeb7b5da5442b372c1c89a0c459ed45ea364c1d6306105baecfec949d90bb2
SHA512 9d66867311fad289e1f9a3cf3af89059b28b4ecf54014f1fe5d746a735591f1be27d51020c4923cc617e89eb16b62ee5ae3adae087401aa6983e9a470310412f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\774daab0-4a09-4e38-bdc0-b8f62b94a391\index-dir\the-real-index

MD5 094104d94173c49a49e82e7c47fe7dd0
SHA1 622da4c5319187a9d89b3a823d25f61af0cd498f
SHA256 f9ae83edab08c4a48915184f54e11b251c8e5a47afc6b34af5e166234e7d79db
SHA512 efba9feaec214e961d69753236b9eb64cf14401114bd587fce643fbc864d436b604327611147d52c510de0e8684b273ed2f93c1de551b172b6611c7c54a606a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\d2cfe6a02b46934daf8e19fbd5641267112983d4\index.txt

MD5 75fe78e8c9d0fb43b0d489db0e677f3f
SHA1 7cf410603a06b2f59edd83bf31f934713405b0e7
SHA256 76b5c7b6731c8ae1d0b3533ccf1fd1fb5c1e0fe8d4452e9a44cf17b113f908dd
SHA512 87d622b2fe6a4fb4e76461ba7b71c1913fe2495830ddbfc6c56de29a04beb6e8b7432d6cf173ac9a1c5eae6acb43eda0fcf8b4e7d43e4cc18fe83f6c0ae2be62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c090428ad7c6e152a961d620059552e
SHA1 968880140df55b4a760d78b212504d504ca05a21
SHA256 12308ced9ea09a3004b8e7745741b95e7b4032d857850b3507f434c4913dce32
SHA512 4dc0a5c6f5b2460bdb1b55e06f933febdddff684ad55bf9e944421b6f10125320869f18dd8f86837f4ad592dd79e96b905f021f10403c46fb37ce5608459d4d7