Analysis Overview
SHA256
1c82457d6cc05d33ad8c11dfe7046ea1e51eaa6276138c7fc3e4ca63ce3b7ec3
Threat Level: Likely malicious
The file 4ukey-for-android.exe was found to be: Likely malicious.
Malicious Activity Summary
Manipulates Digital Signatures
VMProtect packed file
UPX packed file
Looks up external IP address via web service
Drops file in System32 directory
Checks computer location settings
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Gathers network information
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-14 12:04
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-14 12:04
Reported
2024-05-14 12:09
Platform
win10v2004-20240508-en
Max time kernel
299s
Max time network
297s
Command Line
Signatures
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\49DE5C951646DF99480A98AE51028E3FBA0D355E\Blob = 03000000010000001400000049de5c951646df99480a98ae51028e3fba0d355e040000000100000010000000b2a2ea1d078e9c6c1e6819730b5334d60f0000000100000020000000058110a1a5b1121112ea03630837727b4c3bfad9c2f382d3f324a487cef132d1140000000100000014000000aa0952602744b9cd668a7e22b467ee821e9a08621900000001000000100000005a1c6ce229573c60127ae28816737cd75c0000000100000004000000000800001800000001000000100000008c94d3a163ad461aff343c0b830a90ce4b0000000100000044000000450041003600310038003000390037004500330039003300340030003900410046004100330031003600460030004600380037004500320043003200300032005f0000002000000001000000e1040000308204dd308203c5a003020102021010fc1e4bbbcfbbb7ae844ea450caf1f3300d06092a864886f70d01010b0500307f310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311f301d060355040b131653796d616e746563205472757374204e6574776f726b3130302e0603550403132753796d616e74656320436c61737320332053484132353620436f6465205369676e696e67204341301e170d3135303530383030303030305a170d3138303630363233353935395a3070310b300906035504061302434e31123010060355040813094775616e67646f6e673111300f060355040713085368656e7a68656e311c301a060355040a141354656e6f72736861726520436f2e2c4c74642e311c301a0603550403141354656e6f72736861726520436f2e2c4c74642e30820122300d06092a864886f70d01010105000382010f003082010a028201010092e67c77d6329cff325e72d6363ff883bc9081a2edb203e8a176cb3a033e6821aaa31d1246672073e01d3a67b2d3af3ab3d7cf6a3eb3053c02dfd5fa0fa93ca1d211e85b0f4d8ca7290931013092caf470f17a3c96b8d99d6cc5f73002b30fd49cbab05e56d0e16b3c93f2ce6c244a8f543fc402efd0f467f3b0cab91018e15043970c68bd0345e8fbf775ba1c4448ba8c57554704f0327c2b0e8bbc67460d809746d07bccba46c748aacca0aa0cab8527fac2129c76f37b358ae965cf09558e4b1fad7791aa392bdc95785284b29b64d6641df9600fadfcc56c3aa9aaddb2300eda0f04587201ec4d376f565e5729bc42011ad63e539fbfb531a1891117cf790203010001a38201623082015e30090603551d1304023000300e0603551d0f0101ff040403020780302b0603551d1f042430223020a01ea01c861a687474703a2f2f73762e73796d63622e636f6d2f73762e63726c30660603551d20045f305d305b060b6086480186f84501071703304c302306082b06010505070201161768747470733a2f2f642e73796d63622e636f6d2f637073302506082b0601050507020230190c1768747470733a2f2f642e73796d63622e636f6d2f72706130130603551d25040c300a06082b06010505070303305706082b06010505070101044b3049301f06082b060105050730018613687474703a2f2f73762e73796d63642e636f6d302606082b06010505073002861a687474703a2f2f73762e73796d63622e636f6d2f73762e637274301f0603551d23041830168014963b53f0793397af7d83ef2e2bcccab7861e7266301d0603551d0e04160414aa0952602744b9cd668a7e22b467ee821e9a0862300d06092a864886f70d01010b05000382010100885351922425782743caf748ead7876211bb12c5cad49783f87e6e7480ba6460d1c7b79b981f846b6658429039fe7ae16d2c63656bc782798312624a1d3cd66db6bac77ed02e9d2e2919c02d97d40372befbf4e70b8575acc584dc866ac7c7497d3d0099146856568c2479859cfcd3c9c9b6f3640e7047c06cca84cda414ad2b4ae523844afb81f25f1c9e3f8cf0c3e14d166c1f37bd8611b95c36a156fb0fef118f327e617ab334fa2a62087f3bf70347d8386e812ea63d60556ef58415b05359843befe71aeab21ecfa427e4ff903718c97f7a828bb0c9a63ae7392f9f0354a760a21106f38594201640f49e3058e33ac19d58bc3997f380873c0d666259c7 | C:\Windows\system32\DrvInst.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Tenorshare\4uKey for Android\Start.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_55cf1c442f8c934e\ssudadb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ec0e2d46-5688-2142-a4f6-ee5410d8818f}\SETF420.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\amd64\WinUSBCoInstaller.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64\SETF337.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64\ssudbus.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\android_general.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\android_general.inf_amd64_ba6d6c70048ad29d\android_general.PNF | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\amd64\WdfCoInstaller01007.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64\SETF338.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_d0ba75672dc1a380\amd64\ssudbus.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_d0ba75672dc1a380\ssudbus.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ec0e2d46-5688-2142-a4f6-ee5410d8818f}\amd64\SETF431.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\amd64\SETECEB.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\android_general.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\amd64\SETF20E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\SETF29A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\SETF325.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\amd64\WinUSBCoInstaller2.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\amd64\SETF298.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\android_general.inf_amd64_ba6d6c70048ad29d\amd64\WdfCoInstaller01009.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\ssudadb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_55cf1c442f8c934e\amd64\WinUSBCoInstaller.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\ssudmdm.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ec0e2d46-5688-2142-a4f6-ee5410d8818f}\SETF420.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\ssudmdm.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\SETECFD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\SETECFE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\SETF29A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\android_general.inf_amd64_ba6d6c70048ad29d\android_general.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\amd64\SETF20C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\SETF326.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64\SETF337.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\amd64\WinUSBCoInstaller2.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\SETF21F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ssudadb.inf_amd64_55cf1c442f8c934e\ssudadb.PNF | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\ssudbus.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\SETF21F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\ssudAdb.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64\SETF338.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_99bdd5a4506ef81c\ssudmdm.PNF | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\amd64\SETECEB.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\amd64\SETF299.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ec0e2d46-5688-2142-a4f6-ee5410d8818f}\SETF41F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\amd64\SETF20D.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{5b1c8f89-4b4c-3244-8746-9b0823fadc8f}\android_winusb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\amd64\SETECFC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\SETECFE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ec0e2d46-5688-2142-a4f6-ee5410d8818f} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\amd64\ssudqcfilter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\amd64 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{887d8739-3e29-f74f-9422-9d4bd471148b}\SETF326.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_d0ba75672dc1a380\ssudbus.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{4f573a98-43b4-de45-88d3-1588799689a9}\amd64\SETF299.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-FRSB2.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-QSBQR.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\edl_exe\Loaders\oppo\is-MNU18.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-FV225.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-GQ2I2.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\edl_exe\Cryptodome\Util\is-08GOT.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-FLRA7.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-O5HRQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\CommonModule.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-HPJL2.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\Logs\AndroidConnectSDK.log | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\repair.exe | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-9VOJR.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-P98RB.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\payloads\is-U22DM.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\adk\drivers\amd64\libusb-1.0_x86.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\mobiledrv\amd64\is-M7J0P.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\payloads\is-FTQTU.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-BRK2K.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\cygwin1.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\mobiledrv\i386\WUDFUpdate_01007.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\drivers\x86\libusbK.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-5P7VP.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-GNB95.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\mobiledrv\i386\is-9SU23.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-TU9A0.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-SGF7N.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\cloud | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-7S8D9.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-RFND0.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\msvcp140.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-ICCG9.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-5V2K3.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\mobiledrv\amd64\winusbcoinstaller2.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-CTL9I.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-23D1F.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\adk\linux-adk.exe | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\is-F6H13.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\is-RUF8R.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\api-ms-win-crt-process-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-8OQLL.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-TFO8O.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-HJJ9G.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-D8PBM.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-FK82F.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-207UT.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-P1FA1.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\adk\drivers\is-AGU4F.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-J94T8.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\api-ms-win-core-file-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-OKH12.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\is-0CQOL.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-OPPAM.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-JBP9A.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Tenorshare\4uKey for Android\adk\drivers\amd64\winusbcoinstaller2.dll | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\Uninstall\is-A0J04.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-CKD54.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-BJRG7.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-BKEFR.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\payloads\is-R6V6A.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-I4OPL.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\is-O4GUK.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\edl_exe\Cryptodome\Cipher\is-2MPDU.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
| File created | C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-R2EE4.tmp | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\certutil.log | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\cert\certutil.exe | N/A |
| File opened for modification | C:\Windows\DPINST.LOG | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\certutil.log | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\cert\certutil.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\NETSTAT.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION\4uKeyForAndroid.exe = "1" | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\4uKeyForAndroid.exe = "1" | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\4uKeyForAndroid.exe = "11000" | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{44E20373-ABD9-43EE-A558-3D880978E785} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\NETSTAT.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ukey-for-android.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Tenorshare\4uKey for Android\Start.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Tenorshare\4uKey for Android\repair.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Tenorshare\4uKey for Android\repair.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\InstallAndDriver.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\4ukey-for-android.exe
"C:\Users\Admin\AppData\Local\Temp\4ukey-for-android.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4532,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_ts\4ukeyforandroid_ts_2.13.0.exe
/VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\4uKey for Android\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\4uKey for Android_Setup_20240514120513.log" /sptrack null
C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp" /SL5="$F0054,107792699,318464,C:\Users\Admin\AppData\Local\Temp\4ukeyforandroid_ts\4ukeyforandroid_ts_2.13.0.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\4uKey for Android\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\4uKey for Android_Setup_20240514120513.log" /sptrack null
C:\Program Files (x86)\Tenorshare\4uKey for Android\Start.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\Start.exe"
C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe"
C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\Monitor.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\Monitor\Monitor.exe" 4204(#-+)UA-116569081-3(#-+)4uKey for Android(#-+)2.13.0.11(#-+)&cd1=2.13.0.11&cd2=0&cd3=TS(#-+)1
C:\Windows\SysWOW64\cmd.exe
/c netstat -ano | findstr "5037" | findstr LISTENING
C:\Windows\SysWOW64\NETSTAT.EXE
netstat -ano
C:\Windows\SysWOW64\findstr.exe
findstr "5037"
C:\Windows\SysWOW64\findstr.exe
findstr LISTENING
C:\Program Files (x86)\Tenorshare\4uKey for Android\repair.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\repair.exe"
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\cert\certutil.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\cert\certutil.exe" -addstore TrustedPublisher TenorshareKey.cer
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\cert\certutil.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\cert\certutil.exe" -addstore root TenorshareKey.cer
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\InstallAndDriver.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\InstallAndDriver.exe"
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe
"C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\DPInst64.exe" /F /D /SW /PATH mobiledrv
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{96675df5-8780-814f-8e2e-7d24fab13a8e}\android_general.inf" "9" "408d7d64f" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\tenorshare\4ukey for android\ts_android\mobiledrv"
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{5c877365-5923-8d44-8061-706de79dcc7a} Global\{56469d8f-b334-4d44-9265-95cceccf47c8} C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\android_general.inf C:\Windows\System32\DriverStore\Temp\{a676f7c1-2980-3d43-ad80-b50448e6690e}\android_general.cat
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{abcc9a7b-4afd-0044-889e-50e1f9c9c428}\android_winusb.inf" "9" "4b06b7c6b" "000000000000017C" "WinSta0\Default" "0000000000000180" "208" "c:\program files (x86)\tenorshare\4ukey for android\ts_android\mobiledrv"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{609e3325-4a03-9740-a968-37b7f42d61a7}\ssudadb.inf" "9" "431498427" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\tenorshare\4ukey for android\ts_android\mobiledrv"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{54b425b0-4b51-6c49-ab96-05ebad307e0e}\ssudbus.inf" "9" "4e71ed667" "0000000000000184" "WinSta0\Default" "0000000000000100" "208" "c:\program files (x86)\tenorshare\4ukey for android\ts_android\mobiledrv"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cbs.tenorshare.com/go?pid=1103&a=i&v=2.13.0
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{25a58219-ef05-0645-8c9b-4a2f282384c7}\ssudmdm.inf" "9" "41bff5877" "0000000000000100" "WinSta0\Default" "000000000000019C" "208" "c:\program files (x86)\tenorshare\4ukey for android\ts_android\mobiledrv"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3980,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=1696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4128,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5296,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5272,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\adb\adb.exe
adb -L tcp:5037 fork-server server --reply-fd 4064
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5776,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x254,0x7fffde21ceb8,0x7fffde21cec4,0x7fffde21ced0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3192,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=3096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1864,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4436,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4436,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=4980,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5152,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5420,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5456,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5392,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=560,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5464,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4668,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4452,i,13888419603897206218,1506023639098670501,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tenorshare.com | udp |
| US | 104.17.207.155:80 | www.tenorshare.com | tcp |
| US | 104.17.207.155:443 | www.tenorshare.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | update.tenorshare.com | udp |
| US | 104.18.24.249:443 | update.tenorshare.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.207.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| FR | 172.217.20.206:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.tenorshare.com | udp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 8.8.8.8:53 | 249.25.18.104.in-addr.arpa | udp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.24.249:443 | download.tenorshare.com | tcp |
| US | 104.18.25.249:443 | download.tenorshare.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| FR | 172.217.20.206:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.206:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.206:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | analytics.afirstsoft.cn | udp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 8.8.8.8:53 | 37.3.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apiw.tenorshare.com | udp |
| US | 104.18.25.249:443 | apiw.tenorshare.com | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.25.249:443 | apiw.tenorshare.com | tcp |
| US | 8.8.8.8:53 | account-tenorshare.oss-us-east-1.aliyuncs.com | udp |
| US | 47.253.30.97:80 | account-tenorshare.oss-us-east-1.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | 97.30.253.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cbs.tenorshare.com | udp |
| US | 8.8.8.8:53 | cbs.tenorshare.com | udp |
| US | 104.18.24.249:443 | cbs.tenorshare.com | tcp |
| US | 8.8.8.8:53 | cbs.tenorshare.com | udp |
| US | 104.18.24.249:443 | cbs.tenorshare.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 8.8.8.8:53 | update.tenorshare.com | udp |
| US | 104.18.24.249:80 | update.tenorshare.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 96.16.53.149:443 | bzib.nelreports.net | tcp |
| US | 104.18.24.249:443 | update.tenorshare.com | tcp |
| US | 8.8.8.8:53 | www.tenorshare.com | udp |
| US | 8.8.8.8:53 | www.tenorshare.com | udp |
| US | 8.8.8.8:53 | www.tenorshare.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 104.17.192.141:443 | www.tenorshare.com | tcp |
| US | 8.8.8.8:53 | 149.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | polyfill.io | udp |
| US | 8.8.8.8:53 | polyfill.io | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | images.tenorshare.com | udp |
| US | 8.8.8.8:53 | images.tenorshare.com | udp |
| US | 8.8.8.8:53 | assets.afirstsoft.com | udp |
| US | 8.8.8.8:53 | assets.afirstsoft.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 104.18.24.249:443 | images.tenorshare.com | tcp |
| US | 104.18.24.249:443 | images.tenorshare.com | tcp |
| US | 104.18.16.57:443 | assets.afirstsoft.com | tcp |
| US | 104.18.51.3:443 | polyfill.io | tcp |
| US | 104.18.16.57:443 | assets.afirstsoft.com | udp |
| US | 104.18.24.249:443 | images.tenorshare.com | tcp |
| US | 104.18.24.249:443 | images.tenorshare.com | tcp |
| US | 104.18.24.249:443 | images.tenorshare.com | tcp |
| US | 104.18.24.249:443 | images.tenorshare.com | tcp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| FR | 142.250.179.78:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | pixeltrack.clientgear.com | udp |
| US | 8.8.8.8:53 | pixeltrack.clientgear.com | udp |
| US | 8.8.8.8:53 | pro.ip-api.com | udp |
| US | 8.8.8.8:53 | pro.ip-api.com | udp |
| US | 163.181.154.215:443 | pixeltrack.clientgear.com | tcp |
| US | 208.95.112.2:443 | pro.ip-api.com | tcp |
| NL | 23.62.61.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| FR | 142.250.75.227:443 | www.google.co.uk | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 141.192.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.16.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | event.clientgear.com | udp |
| US | 8.8.8.8:53 | event.clientgear.com | udp |
| US | 8.8.8.8:53 | assets.afs-static.com | udp |
| US | 8.8.8.8:53 | assets.afs-static.com | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 47.252.78.131:443 | event.clientgear.com | tcp |
| US | 104.18.5.144:443 | assets.afs-static.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.afirstsoft.cn | udp |
| US | 8.8.8.8:53 | analytics.afirstsoft.cn | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| FR | 142.250.178.132:443 | www.google.com | udp |
| US | 47.252.78.131:443 | event.clientgear.com | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | cm-exchange.toast.com | udp |
| US | 8.8.8.8:53 | cm-exchange.toast.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | sync.taboola.com | udp |
| US | 8.8.8.8:53 | sync.taboola.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| KR | 103.243.202.190:443 | cm-exchange.toast.com | tcp |
| NL | 141.226.228.48:443 | sync.taboola.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 13.224.81.55:443 | s.ad.smaato.net | tcp |
| NL | 35.214.199.30:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.78.252.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.199.214.35.in-addr.arpa | udp |
| KR | 103.243.202.190:443 | cm-exchange.toast.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | usersycn.clientgear.com | udp |
| US | 8.8.8.8:53 | usersycn.clientgear.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.202.243.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:53360 | tcp | |
| N/A | 127.0.0.1:53362 | tcp | |
| N/A | 127.0.0.1:5354 | tcp | |
| N/A | 127.0.0.1:5555 | tcp | |
| N/A | 127.0.0.1:5557 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5559 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5561 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5563 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5565 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5567 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5569 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5571 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5573 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5575 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5577 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5579 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5581 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5583 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5585 | tcp | |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.253.64:443 | edge-consumer-static.azureedge.net | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| US | 104.18.3.37:443 | analytics.afirstsoft.cn | tcp |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp | |
| N/A | 127.0.0.1:5037 | tcp |
Files
memory/1416-0-0x0000000000400000-0x00000000007EC000-memory.dmp
memory/1416-6-0x0000000000400000-0x00000000007EC000-memory.dmp
memory/1416-9-0x0000000000400000-0x00000000007EC000-memory.dmp
memory/1416-13-0x0000000000400000-0x00000000007EC000-memory.dmp
memory/1416-19-0x0000000000400000-0x00000000007EC000-memory.dmp
memory/5028-33-0x0000000000400000-0x0000000000458000-memory.dmp
memory/5028-36-0x0000000000401000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8IUIA.tmp\4ukeyforandroid_ts_2.13.0.tmp
| MD5 | 75a53f57a5f8e0c6b049b810fcff315e |
| SHA1 | b00bdaa6c7c04f895d91ded7b83e1810d551d2fd |
| SHA256 | fd5fee4aa6a6fcc71a6b5f55c35fed1fb6e3c9c0ec75489bf54f59252c8e0219 |
| SHA512 | 37d272fd12bfcc215deb54c8f0aba4e7cd0783548a0a43f13f4b74cb03c1d8a01c4b690d24eb306d2e25f94b3cf3dd9422ad0a6fcee96be3d518099502b53eb6 |
memory/4704-40-0x0000000000400000-0x000000000055D000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\adk\drivers\x86\is-NSHUU.tmp
| MD5 | 3935ec3158d0e488da1929b77edd1633 |
| SHA1 | bd6d94704b29b6cef3927796bfe22a2d09ee4fe7 |
| SHA256 | 87cbd1f3bf5ab72089a879df110263784602a574c0ae83f428df57ae2f8115db |
| SHA512 | 5173891b1dfad2298910236a786c7b9bbcfce641491a25f933022088c81465fb93fd2385d270e9a0632f674355538da464d1edacf511140d6f31d91d1afe64fc |
C:\Program Files (x86)\Tenorshare\4uKey for Android\drivers\x86\is-99P7P.tmp
| MD5 | 6faa7c6a31842a499be6f6a5b8c68811 |
| SHA1 | 8b2598a5a0ade60d192769d3a7c199d743751b76 |
| SHA256 | 8dad00573b42f5732598c3c35b52e5afda2dd56fefae00ceacb4005d43ebf240 |
| SHA512 | d9dda2d98e93dd95c942c2d4637749dc0caeb277113f8e264655a0d5c30c65588ac78013c278fd914ec3314a473d8a76af837fdfa401b1ecf315a82493f9a064 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\drivers\x86\is-LREB6.tmp
| MD5 | 9106e3f0da38c9cdd56b4cdbb7e3fe9b |
| SHA1 | f49fd975872fdaf92275b05cd2acbe536f7cfd52 |
| SHA256 | 295b12ca3064203c86e785365cc46616f9f207c7969def40ac25b3f5d643340c |
| SHA512 | e798699f0ecf195b251cb7bd9ee984ff984399e01197baf92f45c1ea5b7b0a4a4fbbb5462c32f8e70737e1a63490eaaada0ebc810f19b4ce0846cb84cbd67061 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-QJLK4.tmp
| MD5 | 17630d7cce9333d2da772222383f0bc1 |
| SHA1 | d56bc8751354b88b3b10356f2f1d3c139be1a613 |
| SHA256 | f7ab4dbdda43711e3d5196d3ff40470a0a048b2bea3746e25bce82fe878e80c9 |
| SHA512 | b9f2af61cb8f10708df07b55a7a7965ebaa2b5b288a5895f74d8c08cbd99c8ac4948e5b1dafeebacfed71621c7dd232d4df95c7779f28d7d76344bbe5afedfaf |
C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-V4Q4L.tmp
| MD5 | 3080fb142ef1e238c1cfbd0359b09f8a |
| SHA1 | 5815b63d8d3b72ff10cda3d7a5fe89cbc49a3724 |
| SHA256 | 51cae7476a7e3c9b8837ef1f75fb97dab58c7ac04796ea9125c82a47938747b5 |
| SHA512 | c7e52247322575c21f0d8c6302f66791a178a7dd75945c61220372710f5e47d40d4343ddd5692adc6a833d0a47088cea7b3f74aad5a7c7b6ec7a8a0b9386d91a |
C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-8A9CH.tmp
| MD5 | dcaf1ab876c9c56941e235c8437b5b16 |
| SHA1 | 3c340e7897993f787828289548a49d393854d749 |
| SHA256 | 4e4d3dfa8e3e720149ec144a20f70c8f237ca5da744333fc726cfa50520e63f1 |
| SHA512 | 4b7e41cf9b91f7bc21efb0a6c8954164d0772c16166baff191b8b193ac13a1c62e85e04b54ed21004b0e2ba83aa931c3464981760b3e3094b105945ae8335dfe |
memory/1416-2046-0x0000000000400000-0x00000000007EC000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\MTKEXE\My_Code\Loader\Preloader\is-H9E5G.tmp
| MD5 | a559238487c685f5bd9c1ed82b9b55e6 |
| SHA1 | bdad0bd40b5f50df6824826ea613d3aa0d274199 |
| SHA256 | 6c6f55d1e364ad7691bc5f74973fe4834e3a7a1ccb5f81ac635df8580dca7404 |
| SHA512 | a80a3a3eb216b582d542918a1e4fa08bf320f984d409c380fd2382db360189bb940fda264018e772da8f966d2b2d15c73defd10f9cca229aceae1dd375bd924e |
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS_Android\adb\is-I8DK9.tmp
| MD5 | 7db9d918e3f9e3da8101a64988ebfa27 |
| SHA1 | 658d0f7c05f78be5ee82fb30b9c4d11f0f580fce |
| SHA256 | c6b9d47491e47d3302b0d752db57416438767fe357719fb62c92f58bb42ca8ba |
| SHA512 | 0fd37a0486965d019dbbcfa251399918cc026db39816218e6deff2cf1b9b46141a524961716c2ec7a7b36d1a694406a41e08ffd7bf99481e081fccaee5b9077b |
C:\Program Files (x86)\Tenorshare\4uKey for Android\Start.exe
| MD5 | 401f4ddaf63f58bcce275a1fd686361e |
| SHA1 | cb8d6f07927dbc178f6371d54061cdef6179bf49 |
| SHA256 | 17d90f1052d42a555f40497e4cfdbf3d8c8dc55665ded9a56391625e1368a85d |
| SHA512 | 1f53adf9a73bf1610ec5aa20dc537f95d92a3d85e1e043a5cd225b8eba1d5a247bfc6e22fd13a3b5b2740feac50a91eb6c76b095e3049dcdfd50dea07e97dee7 |
memory/4704-2736-0x0000000000400000-0x000000000055D000-memory.dmp
memory/5028-2737-0x0000000000400000-0x0000000000458000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\NetFrameCheck.db
| MD5 | fc0f6c3de5494fb24dc645bec6f98db9 |
| SHA1 | 701af41b33e4e4ebe064cadd26fc17debfe041e9 |
| SHA256 | c2e704c34ba042db147a8e62a01662dbe4994afda9db06389f2d5420be704684 |
| SHA512 | 9df666d873cc299ac2475f612e463908fc848d54db72b4d01aa81411ecb8c200de60eddf32c2144d80234fccee5f5b7ccc39a9c6bc843b3a0f02f08312d65305 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe
| MD5 | 2fc239fc68d1fa152c95478fa10c9136 |
| SHA1 | c3afd7bd669e271f1dc8d7696821f0a4798c181a |
| SHA256 | d4674a751b0128e4860ba4f578cd62212dd273128cf55177c13906e89947f123 |
| SHA512 | 2047d004c4411e64affa0ecfdecc7084aca206dc12d5356d72b4937c7bd6c92ee907ff0627868c763da5d3c8b342c2897e94e81c9d5be84cc55f127cd4b2308f |
C:\Program Files (x86)\Tenorshare\4uKey for Android\4uKeyForAndroid.exe.config
| MD5 | 06274d121c249ecb021bfe2d7fe66c28 |
| SHA1 | 53b6c3d6680ba089c7f4da9a45489cdc95307f62 |
| SHA256 | 20e97520639a355f5fd472cc7ec056af52214ad854f8746aba805b26b3034a58 |
| SHA512 | 2be6221d9dbfd67c207b04b45bd71901cf58ba092254a41960ea4d21ea80dc149ec96b378ac25147901fe1f493e42b2b0aa1f99b8745b006019aec90aa59de2d |
memory/4204-2747-0x0000000000E10000-0x00000000021F4000-memory.dmp
memory/1416-2749-0x0000000000400000-0x00000000007EC000-memory.dmp
memory/4204-2750-0x000000000D0B0000-0x000000000E566000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\AppService.dll
| MD5 | 98afaa8a927c3d76a230f935ec735b94 |
| SHA1 | ad410dd129090cdd8a4fb01653dfc74fce26f15e |
| SHA256 | 887f6b2c9e8a559b1f84b139b032276503f43f59adbe12ae7bb437e5774b026e |
| SHA512 | ed8aa6b2ff29efef88f0e1ebb8005fbf8d04d3bcc1ca420dcbc5426ee66ddcb042f9ac1768f29f722b47e346efb7716a819c5380c6f766b34c8e08d2b007ebdb |
memory/4204-2754-0x0000000006D80000-0x0000000006DB4000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS.MvvmLight.dll
| MD5 | abddb20b232215b1210dae717c837269 |
| SHA1 | d255b7781dcc15c1c8e99a3343d0b2e6d4fabe64 |
| SHA256 | fdf7eaa1aff7cdef9b11ea39dde3f720a9c884e309968dca60476895f9fa6519 |
| SHA512 | f9c18f905b88e06853c6cfb026aa50bdad2afd0da3bfcfe867c29177844251eda8f453e671c546e80e686c6d0fb6f2f34cd90ec35269dd64e5111f62e7e5b424 |
memory/4204-2762-0x000000000E9C0000-0x000000000EA1A000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS.UI.dll
| MD5 | 49f5a7d99965473e366f34a911c03156 |
| SHA1 | 8915f09b066443c2f38051ddb982e5483b0f26f2 |
| SHA256 | 26215f8a595a8aee41267ff7cf07a9c510af7f3e61a77f69c77d2644f4c727d7 |
| SHA512 | fc88707e9aa3548c5a16a65ce65beee5c63b4dae5d5fc8151059e8117abce7dedcca41f4aaec9afdcfeeed11438250c58d54b74ad85c88f28ea2e5d24bcb5b73 |
memory/4204-2758-0x000000000E930000-0x000000000E9BC000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\AndroidProc.dll
| MD5 | 6e6180411f540473e7e5851cce551cd6 |
| SHA1 | 1c4ee47fb1a07f88f99443fe2d1477e0a66815af |
| SHA256 | fe8ae60382cab62c0d061a7fbb55262a660a871992fcaf489f66a28ae1967bdf |
| SHA512 | e58615f83dd6702f6878601d99bf4a2ef09a376c22ef6e2e5daf085bc6278903e8907447f70ef1ba479b307c0826424f094ef5aabc0a9204c80d33de71f62c68 |
memory/4204-2766-0x000000000EA20000-0x000000000EACA000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\lib_adb_communcation.dll
| MD5 | 329fd88299a7e1fa62d7504c871e1999 |
| SHA1 | 5b538e3a7b942399bc4b361c9f071ef17a62c508 |
| SHA256 | 93662d9ba21f5f17d20abd60aafffde1d6a657ddba3d9ec0b52a929c259ce36a |
| SHA512 | bf1f0c6d13960e0e47cc6b63c972d89f64a9b1e178e7e9771b12f064ba01fb534d44ec7db83571fc635cb94e8ef7e9485ba7e63376eda079cc6d4ebb3283b423 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\TSLogSDK.dll
| MD5 | 94237c2bb096f7c941d66a3c3f876f89 |
| SHA1 | 70767de4d3ff372b5c9f3dc79fc9cdfefa84bbdf |
| SHA256 | 6f6a412ccea2986308d10369f33fbc2f3115b6b052d07e0a3206e75b4a7e24ba |
| SHA512 | cce946ca4ab40d9c7af3cc232a20a43cc757dd4fd8265fbaded24ca56f7804d0045805d96491b1633f609864c5d2f07a05e9289b7d0b0035f2ec5f3cde6ee4ce |
C:\Program Files (x86)\Tenorshare\4uKey for Android\AdbSdk.dll
| MD5 | c01f0282933a1e7557bcb8f449948592 |
| SHA1 | 393e33b977e780df93dd1c7ec942272dda74a5d5 |
| SHA256 | 81bbc770abab99437a995f75a1f132f8d2e4a60a6344e9cbc7f2aeae3e2309a5 |
| SHA512 | 7cf4db032ebe62b0cc1cd00044de88a18467e452de25463c50e26f3295b19053af5dee465b0878c2ad2dc78bef86871d672806415d7ba1dcbfd84353490c2510 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\AndroidConnectSDK.dll
| MD5 | df201e7262845dfdd6c34e72ea55fa8a |
| SHA1 | 1c4848d56f9b943d625b1a6a0bc1be7c127bda2b |
| SHA256 | 9c17098f53b106da730669a3f2e20a487a5b75218b61522f937c6d8cebb87a50 |
| SHA512 | e9435e5a6dd37f1a681d0c8cb7c255301f802fa84220fee5eac9c360f8df37d55cc8236301b5777887c21921d28390067dadc2a4c80a011afb160869ec1790a7 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\vcruntime140.dll
| MD5 | aeab74db6bc6c914997f1a8a9ff013ec |
| SHA1 | 6b717f23227d158d6aa566498c438b8f305a29b5 |
| SHA256 | 18ccb2dd8af853f4e6221bb5513e3154ef67ae61cee6ec319a8a97615987dc4b |
| SHA512 | a2832b7720599361e2537f79a2597acb1a2d5633fdfe20a0d1075e9457683fdb1d5676d121c0bf1a825ff99512dcd924254f1151b50aae922acc0cc10f461036 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\msvcp140.dll
| MD5 | 851e7732d09151d218a2e7c3bf2dafbb |
| SHA1 | f5aca8cd8da53976b13a4adc9c6111356803c4c9 |
| SHA256 | 2545c8b2eab83c9de0e48a36923949d30837dbc61d638a5fb879b0c9d647976d |
| SHA512 | 9fbd2e66cd6a107e14b083372ac3303058e3978c8616b9e3b79a05b26066c3681d16ca8c2f29423e53af0e3d3ec61745414f9845f416fa7272a3a7ffaca65465 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\DownloadDemo.dll
| MD5 | 91cddb44624f3d6104973391870c5144 |
| SHA1 | 042565cabb047e36b7a2288542a57ba028776126 |
| SHA256 | 08ef6f20bfac0dc64ed40f10b1ce25516480bcf402adeb58ed62772e8e9ea471 |
| SHA512 | 1b31618432a66207f2f8256dcd26fa94ed85d37e9510306f61e8093f11a132889e036cdf3c8e9c00b6e5b205beea854baa9941ea5bef51d23f0f4f08d06a978f |
C:\Program Files (x86)\Tenorshare\4uKey for Android\libwdi.dll
| MD5 | dca27d754aea7838434cb731d76289e6 |
| SHA1 | 5b22a9e576b2aeaeb90b7bc0bf9b592138517cdf |
| SHA256 | fdd295538c7ff5d82197e6f1edb2a2422e6f2d1607bcde9d573760a0585b143f |
| SHA512 | a5f26727ff1e29d193628d355bc062cf3e3db69f4b6f5fd1d5c2f4b8e79c85e9f43e73d7d12cd3e593bd0edf07d4f1413ebcda066d89efc8805e56c6be1c5ce3 |
memory/4204-2806-0x000000000EC00000-0x000000000EC46000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\TSEmbeddedPurchase.dll
| MD5 | 6b48ea282b62e610b683d481714631a1 |
| SHA1 | 05949b3b08b6b5a2554fb2f3673eca07dbd5cdb5 |
| SHA256 | 8c561e1f29e16359a95d476b94d1f2a9fbad29a0e98676aa5fbfa9f3888543e8 |
| SHA512 | f17fac6227dff63764bd8191c75707bbf9df6f900da0716f4806fc08604ea49ff74ca95f458dbb5f152b71b9862987737b5aa95ed1ccf5d938536c131b2a1bc8 |
memory/4204-2802-0x000000000EB90000-0x000000000EBA4000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\TS.Base.dll
| MD5 | a5ebdb6a6a6765fe62cd520eb5a29400 |
| SHA1 | df9cd98287d48ba673e4390ca34cbe5697239cca |
| SHA256 | 5dab592210a41da93f640fa647f432aae3e186d1f79cca798b19144d589b9002 |
| SHA512 | bc2df4695735350478bcabfd52718bdd3167662954acdc79f466c6a0cf813c6cbfe0f06d787aaceaf3180a5751d20a94d4ee2b65bfd981894fba0ef91bafb2a3 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\AndriodPDALibrary.dll
| MD5 | 554019fe8a53a9aefecf8c148e745b78 |
| SHA1 | 37e32cad2dfa3167421eb5a50c527fa9b44ad3f9 |
| SHA256 | 9851989a35a8ec1d830066bc79e58ff489b8654d84c26f4275baa3af1f277b5f |
| SHA512 | 93db34a0de5fef0ed9708b93bf61c4298cebbb23ec5eb96eb61f72da8e218afa7fdb85a324f528a1bc6b03bad7ea7578405541ed7e8cd6ede7d9ff65f20b87bd |
C:\Program Files (x86)\Tenorshare\4uKey for Android\repair_device.dll
| MD5 | ba144e0cd4d3f82598b69bbcc0d30e78 |
| SHA1 | 2b0571f4e7934ab53e14b5ab2e4f8dd25491af9e |
| SHA256 | 5253e1f1bd5ba20175bc39b53afcd87d42d609c49c52ac9784baafee51a45272 |
| SHA512 | 3385cadcb8d109e87cbd2930d508d3e55952ac9c6b2a86e66a1e2dde398c39df34e00f04d7bf9d3a27639e6b02dd34228ffc1c031de8bfd713e0c9b10c49d0e2 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\Mtk_Frp_Dll.dll
| MD5 | 7ac317503f258008ee8a6b134165bae9 |
| SHA1 | 90d122ea4fdd56bb740c9a4cde3d085bac475d04 |
| SHA256 | 44eb29ed114d26a4ef27f5f1c1204d396d2a8f20ecf6a1be5cf12fc0331751c8 |
| SHA512 | a4748368e6bb26caa8ef34917851d37ab90b1e6cf437e26d048608426693e255e20a3ffe6709d10a549a2f75e25181174cdbd37dc76041344ff884e7cffb8828 |
C:\Program Files (x86)\Tenorshare\4uKey for Android\RepairDeviceDll.dll
| MD5 | ded964684dcc1c1064a21c762ee2dc2e |
| SHA1 | b351a746a5891d00128b914f2e14c73dd0baab24 |
| SHA256 | a1831bd6b089eeba34bc08e7b2413a4b2235bcdeac806e3c44c6f1e04f961d34 |
| SHA512 | bfb792ab42d1f2a63156160ce0daadc2f7082b2a78e7343ed9cd34e114ddf0b050cd4ea84b8dff89c82f0d2b53292b70039f083ee3dba4925eb25630c3d362d8 |
memory/4204-2789-0x000000000E900000-0x000000000E916000-memory.dmp
memory/4204-2785-0x000000000EAD0000-0x000000000EAE4000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\System.Windows.Interactivity.dll
| MD5 | 580244bc805220253a87196913eb3e5e |
| SHA1 | ce6c4c18cf638f980905b9cb6710ee1fa73bb397 |
| SHA256 | 93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf |
| SHA512 | 2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0 |
memory/4204-2810-0x000000000EBB0000-0x000000000EBC0000-memory.dmp
memory/4204-2811-0x000000000EBC0000-0x000000000EBC6000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\log4net.dll
| MD5 | 89fae4917324733916b9a4d59aed4a6a |
| SHA1 | ae38246943f7197d7c68d2aa28990214bca898b6 |
| SHA256 | 28d4294e82424986102aa3f55beee539db737188aa99e07dba1e890a20fa990a |
| SHA512 | ea35ea6bbef497ffc16ef11305d4860dc42f12c38e52997539a95e34a2adfaf7e3fa362a9d25452dbfc58744f6257aae2a6c63625d3c50886e55d8153a85bc8d |
memory/4204-2815-0x0000000014460000-0x00000000144A6000-memory.dmp
memory/4204-2816-0x00000000147A0000-0x0000000014926000-memory.dmp
memory/4204-2817-0x0000000014670000-0x00000000146CE000-memory.dmp
memory/4204-2818-0x0000000014930000-0x00000000149E2000-memory.dmp
memory/4204-2819-0x0000000014640000-0x0000000014662000-memory.dmp
memory/4204-2820-0x00000000149F0000-0x0000000014D44000-memory.dmp
memory/4204-2821-0x0000000014E10000-0x0000000014ECA000-memory.dmp
memory/4204-2822-0x0000000014740000-0x000000001476B000-memory.dmp
memory/4204-2823-0x0000000015480000-0x0000000015A24000-memory.dmp
memory/4204-2824-0x0000000014F70000-0x0000000015002000-memory.dmp
memory/4204-2826-0x0000000015310000-0x00000000153DB000-memory.dmp
memory/4204-2830-0x0000000006FA0000-0x0000000007069000-memory.dmp
memory/4204-2831-0x00000000070B0000-0x00000000070B1000-memory.dmp
memory/4204-2832-0x000000006B510000-0x000000006BE28000-memory.dmp
memory/4204-2836-0x0000000007320000-0x0000000007386000-memory.dmp
C:\tenorshare\adb\adb_usb.ini
| MD5 | ef9926e7a8bea56f7c3bfe05f1b18973 |
| SHA1 | 636e12906e4704c870efa7cfc2e07113f0a53323 |
| SHA256 | 4b5e5d4029d3a60d0712e754d426dd144b6cf1224dbae8a3280db223f9eada9d |
| SHA512 | a3d5416de0a474d7255a1efd31736ff75ddab6b37541f1ccbbe0ee3bbc5d56ce5890dba1cc267af56097b3c30117ca90bb703678760785c50731bfcaf47681fa |
C:\tenorshare\adb\AdbWinUsbApi.dll
| MD5 | 6fba496860ba419c2a4c3408833e7a41 |
| SHA1 | c190138e738912e931ec1e6a799367ed1d7cda52 |
| SHA256 | 068b6e00ef3beb624468c4ab8ddf0e89defc9ff594978a9d0780b4e95dc890f5 |
| SHA512 | 9f6a24f44b6b0b6295684a40dd5f056d22b40789d9c8d95be1700c6e360b4ce3d5bec8567077a913bed967e39a79fec75d6c2b72e7ebc1fa774f5ffe8a13cff3 |
C:\tenorshare\adk\drivers\SAMSUNG_Android.cat
| MD5 | 3a1b808695e771a5c5862847975110cd |
| SHA1 | fa55750486e20a03ea2104c18f7a9e15889a640a |
| SHA256 | 3561a45cb01351ac80e7128c884bc610f2d38990d5b996596272e555dd0ce0e6 |
| SHA512 | 44c043f8ac7dae6edc65b5e2f86c19037b74eded6d60115445b131c06daf179f39d27e0e3d2848e286f7479c4e5d99966187053d19ff0a89c07b509946b3a41f |
C:\tenorshare\adk\drivers\SAMSUNG_Android.inf
| MD5 | df483136fa23957c63d59a38abc2d9bb |
| SHA1 | 69eacccc5fa674cf5fe0daf9078bfa56a574cc24 |
| SHA256 | 084747988d360ae9c9b88cac88a71e0e16c5b4e317219e799a320097a39f51c5 |
| SHA512 | cb6b12ec3f50f7cf55ac11a91ccb3e323878cf7d4508fb040e513dc8dbf9f3f0189534041747123a86a2aacfdaa4632715e153e7792579260e03969719d82f35 |
C:\tenorshare\adk\drivers\amd64\libusb0.sys
| MD5 | c7d21310ea0a644aa6394de1e46e3d31 |
| SHA1 | 38a4a10cd3868e4a7874ba633c7b13c13de3f33c |
| SHA256 | 597f27a2696f945fd6388ca62d5ee98e44694f477f57ef8a68c2151b2276e838 |
| SHA512 | 1cb3279c156773579005733710a25aa317b3a3a08a69dd5b2729b80a0ca5fc35a4f547666598d1151503754539f7a7109bb4ad603af84a1d2e4a7635d5cf7a8c |
C:\tenorshare\adk\drivers\amd64\libusbK.dll
| MD5 | 97470a3e5505f6fdec57fa1e4126052e |
| SHA1 | c6081de4dd374cb7f03d2c52d2a9eb28fe92fefd |
| SHA256 | fe26c89b5851b3807b9000cf2ffd6e4083e2f567a4019b5a57aeb9b976064cf0 |
| SHA512 | 2af7f9e98f2764b9d4e7b1e16d91588c289d4fdeb2a273370e0814d541aad40d47f6725b9341a59c02064ef9b08a3ab5f5e442373fbd463346de24bad3a4f38b |
C:\tenorshare\adk\drivers\amd64\libusbK.sys
| MD5 | ada2d34031c8981d8a31089733ebff0d |
| SHA1 | 133e460cf09a25e07c669db850e61bb5e8ec572d |
| SHA256 | 0f86090e2493b77ef3c2169c6b573306685606341519fe3f99ee09bfa12bdf5d |
| SHA512 | 361bdef7546dc5da84e972b04f43c85e1532d539e15c78207ed70729d09f92ad8d09cd63aaf33918ea5a6c37c6fee6067d729ede4b17394e432d987b3e3533c1 |
C:\tenorshare\adk\drivers\amd64\WdfCoInstaller01009.dll
| MD5 | 4da5da193e0e4f86f6f8fd43ef25329a |
| SHA1 | 68a44d37ff535a2c454f2440e1429833a1c6d810 |
| SHA256 | 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e |
| SHA512 | b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853 |
C:\tenorshare\adk\drivers\amd64\winusbcoinstaller2.dll
| MD5 | 246900ce6474718730ecd4f873234cf5 |
| SHA1 | 0c84b56c82e4624824154d27926ded1c45f4b331 |
| SHA256 | 981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6 |
| SHA512 | 6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c |
C:\tenorshare\adk\drivers\license\libusb0\installer_license.txt
| MD5 | 3f886ccce73c834d0ba9a07b89a5adad |
| SHA1 | 9a88c6dcf2d6c77cb13da92c956cc0fd23882e7d |
| SHA256 | 49a8af4fc09a41b51744b936c9e7700001020f3c5ac4476d87767c6fc3ca2a1c |
| SHA512 | 12e2de91ea28d09db246d22a0fc9c8ba04c6a1af6722c8a933556ad9ec6200770dfd828b6e43f4821afb258e9122de41d4aa42ad912b4e0c7f26101a1115b94e |
C:\tenorshare\adk\drivers\license\WinUSB\license.rtf
| MD5 | 0e36781bb0f25fe141f3fd13e733de6a |
| SHA1 | fdbd8c2ae37169d4eed84cd1adf4e4a8b666e561 |
| SHA256 | 749f67297cd87fc45d0986e3fe9ff0977a80f80d63188885816bc6f9324892c0 |
| SHA512 | 6264de32c517be4fbb2872d18e77a0f0b078142acf344e6180b7e54399654354f82052f66a4f1d2e9f332bfdf1b1ea644599fc298a078786584d4c32d02d9be0 |
C:\tenorshare\adk\drivers\x86\libusb0.sys
| MD5 | b716d4d759663bc4174fd0a379da8e50 |
| SHA1 | d3ec6dc9a60548754f78079b3454827acd7fb210 |
| SHA256 | cf05e87ab212a0f8a6f3e675448de1637042527a32b086651c27597501ee833c |
| SHA512 | c43713dee7082df3d6d172d88c21d16722373e1cc1d60b01e00c9fd4ef84e8ae52356a5296d43193034a8b39b92b871d37b4192a1737b1e03de22fd09522ee46 |
C:\tenorshare\adk\drivers\x86\libusbK.sys
| MD5 | 3081c6c34049d16d519b3b23776312e3 |
| SHA1 | d213d5b2ff59819c326083083d4c5a2775ef4334 |
| SHA256 | 0dc8fe163846582e710281d30193ade4f312e49b8808feec7b1bc0f526c3a75a |
| SHA512 | 5df4f0e7566a0dfb000f52f6c3d1939f9930f02f23263995d7e36bfa2fe5b7f85668fdb0bb40042228e8e336f6e249accc2d06fa867f85571e0c2f5b31e78224 |
C:\tenorshare\adk\drivers\x86\WdfCoInstaller01009.dll
| MD5 | a9970042be512c7981b36e689c5f3f9f |
| SHA1 | b0ba0de22ade0ee5324eaa82e179f41d2c67b63e |
| SHA256 | 7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77 |
| SHA512 | 8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d |
C:\tenorshare\adk\drivers\x86\winusbcoinstaller2.dll
| MD5 | 8e7b9f81e8823fee2d82f7de3a44300b |
| SHA1 | 1633b3715014c90d1c552cd757ef5de33c161dee |
| SHA256 | ebe3b7708dd974ee87efed3113028d266af87ca8dbae77c47c6f7612824d3d6c |
| SHA512 | 9ae37b2747589a0eb312473d895ef87404f4a395a27e15855826a75b4711ea934ca9a2b289df0abe0a8825dec2d5654a0b1603cf0b039fe25662359b730ce1a9 |
memory/4204-2875-0x0000000007680000-0x00000000076E2000-memory.dmp
memory/4204-2876-0x00000000075D0000-0x000000000761C000-memory.dmp
memory/4204-2877-0x0000000007870000-0x00000000078AC000-memory.dmp
memory/4204-2878-0x0000000007840000-0x0000000007861000-memory.dmp
memory/4204-2879-0x0000000007910000-0x000000000793A000-memory.dmp
memory/4204-2880-0x00000000085D0000-0x0000000008646000-memory.dmp
memory/4204-2881-0x00000000076F0000-0x000000000770E000-memory.dmp
memory/4204-2887-0x00000000079B0000-0x00000000079E0000-memory.dmp
memory/4204-2890-0x0000000008CC0000-0x0000000008D10000-memory.dmp
C:\Program Files (x86)\Tenorshare\4uKey for Android\cloud
| MD5 | d2bd79999dd6f59df6cd32d3283cd381 |
| SHA1 | 9682b2eb0dc4701d9a6b9b5cdece93be10289352 |
| SHA256 | 76ff545dd8c74d1c676c1eb832ff95b4d9d94d91fb5d9843814558a48efb9abf |
| SHA512 | 30b5b340693cc96889b8bed37591a5d5d5e4136dafddd3c191131b243a82e846f6e95df705c79cc79652853c8b2dc6f1e06d732dfde4a1ea77e527fc6bc8af54 |
memory/4204-2895-0x0000000008650000-0x000000000865C000-memory.dmp
memory/4204-2896-0x0000000008E20000-0x0000000008E28000-memory.dmp
memory/4204-2899-0x0000000009C10000-0x0000000009C18000-memory.dmp
memory/4204-2900-0x0000000009540000-0x000000000955A000-memory.dmp
memory/4204-2901-0x0000000009C20000-0x0000000009F0C000-memory.dmp
memory/4204-2904-0x000000000AAB0000-0x000000000AABE000-memory.dmp
memory/4204-2903-0x000000000A960000-0x000000000A998000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{96675df5-8780-814f-8e2e-7d24fab13a8e}\amd64\WdfCoInstaller01009.dll
| MD5 | 88db5179ffd901f3baa2ad67080b7173 |
| SHA1 | 514d54016356cc715b1055c0c2f3e9690e1f3b5f |
| SHA256 | 1cd446e97e112db2235d8418195d53315a929f4efe157066151eecd58d93385e |
| SHA512 | 4cfc131c0fd26b25fe1fc89b28eec4662fdbc8fcd914c20ab25a1178764ff1dcad65250de42fc66a9a54a5139b98db903bbb53903afa6f70d79657f2fc9f8870 |
C:\Users\Admin\AppData\Local\Temp\{96675df5-8780-814f-8e2e-7d24fab13a8e}\amd64\WinUSBCoInstaller2.dll
| MD5 | 2522aad5fccbaf4f689a80d49c11930f |
| SHA1 | 3728e15a4a4e7a705abc0190990a04e9349dc94f |
| SHA256 | cbbd9824b24ed78515a74d2d82a759c46a48ee0533069eced1b59811ee92825b |
| SHA512 | 3fb98a7f609ac74a3c765817e8faa324c4cab83539857329afcaf34f213d99750837fe7b0d42e289e88690ee5f81c69869a4ea11285f2a4e5fde2c75270630e3 |
C:\Users\Admin\AppData\Local\Temp\{96675df5-8780-814f-8e2e-7d24fab13a8e}\android_general.inf
| MD5 | 3a17e20ae8879d95f89737d2d0a63dd0 |
| SHA1 | be156a27afeaea39d6a7c9d25cfa8dafaf91756b |
| SHA256 | c57bb3a91d37b71f2ca2add50f295d44058c2d004dca6449f3c6896b5815d88f |
| SHA512 | 26bb7ba4ba0c42b01a418fdef94f10cb107a372568977e903ba26af08a8f4e3e79881fc26b5330ccbf61b0c0cc0d3571a576037c6f09f406e45229de40d3b527 |
C:\Users\Admin\AppData\Local\Temp\{96675df5-8780-814f-8e2e-7d24fab13a8e}\android_general.cat
| MD5 | d700af17f6b7daf62ff0e51b8ba7ed78 |
| SHA1 | da57bbf4c482d4cdf8ea87b95123c30ae620b628 |
| SHA256 | f3a741dc23f5c8948c882f888e4c6b86c2fc5c4d2107d37e87d36399b9c25137 |
| SHA512 | 805b73b8d659b837cd743fa424b8f4be15c357e3af6c0e011a8942d90459b7a1bf93f1e8f7dcc313ad1fd06124ffd528e83321ce5fa4fcf9d9d4e700eff5d024 |
C:\Users\Admin\AppData\Local\Temp\{abcc9a7b-4afd-0044-889e-50e1f9c9c428}\android_winusb.inf
| MD5 | 461bc0c9b848e1ffa52094cf9b2d29de |
| SHA1 | 70ee67fb13b2f2be1f5a57ab193643aefba8d39c |
| SHA256 | 5b02e78de9e81a9df5d8d94eb88e5045b28994b586f24f282d339905ceef5052 |
| SHA512 | 8e2241c83fd9d0064849410ca2c1f17f674fd9714136a5e37729902c4a3a237cf7cb169e58d4f9d066748d11fb605845e4141b3917a25018e9a5baa51b7b1faa |
C:\Users\Admin\AppData\Local\Temp\{abcc9a7b-4afd-0044-889e-50e1f9c9c428}\android_winusb.cat
| MD5 | 4637fa749ec464a904dc514a654be4fe |
| SHA1 | 7ad8b58bf97c0570cf4fe4d2e81f25547d6e0916 |
| SHA256 | 958d3a85eb3d63fafa805d170eefaad1baaf431fa0fc836c7c5c811a9ff79b70 |
| SHA512 | cb2fe02525b59635122abfda7d214b3f99120a6bbbff2cb8a40edafde8564ac9fe980dadf1f660d2f08452b7cae0a72be762663c4769f3b4bb863ccdc8f73df5 |
C:\Users\Admin\AppData\Local\Temp\{abcc9a7b-4afd-0044-889e-50e1f9c9c428}\amd64\WinUSBCoInstaller.dll
| MD5 | 61591d21c9f63a427782c673757f01a1 |
| SHA1 | b090fe47327e3556476550ddb6269c8eeaed0015 |
| SHA256 | ec896fe452bb9fde9e148dda20c527b8053ba1e98b74bf47102b2ca1e4794e13 |
| SHA512 | e388a7af4911f3794b66cff701fb4232f35f03d404d63ee95651ab40e9cb26ed425497d37f63c9e1f3be14a45a8ee79ba055836539670fc92c5ad350cbdfe26e |
C:\Users\Admin\AppData\Local\Temp\{abcc9a7b-4afd-0044-889e-50e1f9c9c428}\amd64\WdfCoInstaller01007.dll
| MD5 | 3743ae1bca793fecb691c67ed4640e10 |
| SHA1 | 1ca41b65159d64dd6cc95f0146884d96c7c9514d |
| SHA256 | 5324858c8f8fe2985adef687478475a0f40ee47892145a4df26ca4532e8c67e4 |
| SHA512 | 5be0a24a4844c763ceb167006eb663b7722aa40b77310886d22d184916ec36601285feb8a7ee79a0df952f00354bbca1da0f9d353690f586303f8b5a42af5560 |
C:\Users\Admin\AppData\Local\Temp\{609e3325-4a03-9740-a968-37b7f42d61a7}\ssudAdb.cat
| MD5 | c737261dd3748b1851b01b6d88a89585 |
| SHA1 | 94fe1bde09975085b4a464ee01846b6b3283d3f6 |
| SHA256 | 0fefdbc1a0b2259cac93283ad18b16b3390a4f9e2984d6b96bf601b591f20f66 |
| SHA512 | 5ccdb39fe34a9144b815109f7317a1e1bd6a78d86952a734cdaa2303255e56ed73471231acb27f256658ebd0c91d897750aa8a4305a3baa8977d9f3233465bda |
C:\Users\Admin\AppData\Local\Temp\{609e3325-4a03-9740-a968-37b7f42d61a7}\ssudadb.inf
| MD5 | 5b19b37f2db547aa46ae5bbb742d1a1b |
| SHA1 | 701281e8283e9e3681220099a9da5013a5a437af |
| SHA256 | caacb8a0af03cd1756121deda00344a8a808000c6a1633ed7d520cfd22c26eb0 |
| SHA512 | c005c5b45285c90d3c82c8933ccc0237a1716ae38e6354c61c8cb97437f6ec64b7cf8a5930c81d1c5f7489d5815cab7f2a0eabeb232478917f814a15ef35bf35 |
C:\Users\Admin\AppData\Local\Temp\{54b425b0-4b51-6c49-ab96-05ebad307e0e}\amd64\ssudqcfilter.sys
| MD5 | bc0e0f5e7cc6b5a4c1eb406ae2b6c85b |
| SHA1 | 0f812245bff2f40f7eba2fa3f1d0e68de54d3354 |
| SHA256 | 3eb684f76a6ffb2c7a6f52f4efb70d5c0e500cce4c88706f10cdff1a06faac83 |
| SHA512 | 2c3e22b98d8d5c561b306751d07d75f93f0b8081bc2ac731af79e4a07da8c4e3b4774164eacfd05a9fb379a7d220808735eb78143662b78731e66958d8366a4d |
C:\Users\Admin\AppData\Local\Temp\{54b425b0-4b51-6c49-ab96-05ebad307e0e}\amd64\ssudbus.sys
| MD5 | bc319c065335b10a5aa5938a677a60d5 |
| SHA1 | 2504afcb10e538105a670c873b47656ee799d476 |
| SHA256 | 6f32af2a440e763dc2add06f3422dcf3285bdfa9e69e5c3cd67a10f039b2830f |
| SHA512 | 0c19b616411af9cab7e419da8a1cda65cb3f6bfe3e82700c275d2aba97ad46ee8385909a432ff2682e811f8834c0159b2d0b332eeacd6d4f067d993720cd303d |
C:\Users\Admin\AppData\Local\Temp\{54b425b0-4b51-6c49-ab96-05ebad307e0e}\ssudbus.inf
| MD5 | e9553abb6404746c5a3f144447eefb79 |
| SHA1 | 85a33267f12961af9ed9ae799deda5e62bea236f |
| SHA256 | 61e0b4d0b8d4d854fe0b3064eb799bb917947d431227f32d4e4e2fc6063dac2e |
| SHA512 | dd811c54513cc01ff0f9ee802549262a54b74cce203332f200c1b7ec4880589cb50e1f5c9d4cd4b6e9d7d1c0c3316e070982b6aa7f29f76df7a07656a184092f |
C:\Users\Admin\AppData\Local\Temp\{54b425b0-4b51-6c49-ab96-05ebad307e0e}\ssudbus.cat
| MD5 | e2abd1060f2b4b2a3946208f20a2a05d |
| SHA1 | 6ecc41b90dc29eb5f3b5b3471b5b357ebe56d45a |
| SHA256 | a0906ecad6bf8cd05bd5b73077ab5c228bcaa529e54f290b6fd72f40609a47af |
| SHA512 | 7db9e69ca4bab295cd2662665259a1911091700102fabfd02f53dc1c3e1887157da1d0f7a31ee4ee8fcec6a788380095d0282b6d0e50b862a53a0e5e1d12d13c |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | e7b15a6562f7effd12e237853de1c4d9 |
| SHA1 | 52947adf61f3c644c83cd08d87f01b843105fc3a |
| SHA256 | 5f910300a0fe3c01274e844de8ca1f899d4d3cd81d447ec01c86dd18b5395da9 |
| SHA512 | 5a6ba2337abadad224af39b15ffee26f916eb02a481d3ffa6146cd3d0d957cb025cf45cc6a45ae277cd17dc3ca21d177e91084f49675bd769a3d9c1fd8dba190 |
C:\Users\Admin\AppData\Local\Temp\{25a58219-ef05-0645-8c9b-4a2f282384c7}\ssudmdm.cat
| MD5 | 613ef003087cba0ef5e4672fe521078f |
| SHA1 | 0df801e371af14329b41a274d11cab3be2aff7f4 |
| SHA256 | 08e5698aa190265b85b72ede336738aa67ab72db3036ed6925b838c2e3398f34 |
| SHA512 | c79c117e7628b6b0da119ff334b21ec0504296eb82ce98eb3580119ec402e3149be8b91d3f244aa2b7ec3c4f7f8f4d654694a27ae30db5d8359c146bdc5bbfa9 |
C:\Users\Admin\AppData\Local\Temp\{25a58219-ef05-0645-8c9b-4a2f282384c7}\amd64\ssudmdm.sys
| MD5 | 37680aeca1bf2d430719a297f68ecd49 |
| SHA1 | 99a25f410cc1cdba3f53b8ef9d50bb0ab6c8d8f2 |
| SHA256 | 64e6a2c077316ce4807f2f480324f4011003686f698ccb0aa93c659daae1fab5 |
| SHA512 | 1f95496307b9a48706d59572219f7ae55e55b47b5c0dd388001c4f12d22ed559482db77a0d460580c75290d9d30b63615585a680f8951e1c6a146bbea5819848 |
memory/4204-3279-0x000000000EF40000-0x000000000EF7E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{25a58219-ef05-0645-8c9b-4a2f282384c7}\ssudmdm.inf
| MD5 | 46ae75a7c8213cfd255693f2e5e56265 |
| SHA1 | 88ed314360b98e6e82e7cc3201faeb4a9fd291b4 |
| SHA256 | 4d6c35449ceb28237b3efbc8816196cce7546537a1000705e0e33b7b0c3dfc7f |
| SHA512 | 2b1bf8f7274472146203e5d6e51a5b81306c89aee5ae287ddb9c5a0bdba9b2831d1ab11fbf5a10aca6b6795b06b0ba34d70631b534b7db555474b65390e08e15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ed4f114f7a2dc900088d1fe808b70af1 |
| SHA1 | c78c30a0e54ec9123c611204110acb0b7bd8f474 |
| SHA256 | 9fca3da5c7ff5848e3dd5da0cc54fee97f357253520c6e6c55dc1290ec88703b |
| SHA512 | f531fb13f743fad6d5f26d112557177c456de4bf376c36806820dce531b312a1dce63d414c4aaff0adc8f24bae0df4337803beae2dc6d777e2862c3335787b86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ea4d372-17e6-49ca-beb8-09b12eda4297.tmp
| MD5 | eee16a5f046394baba54fa580c916423 |
| SHA1 | 4b1aaba0627f06fedd2754aafde9879a51a9debf |
| SHA256 | 8edbeebe2f3f917fd1339c16d59d2cf9f0ce30cea061daedf8dc70514e08991d |
| SHA512 | b110fea6f021a2b361ecbfe215b0c236934629e4e8a8ba82dbf3da0b67d2af05f7eb3b2123813d56cf6e18073fd53d604dbc934f4a607eab765a77f742c20d74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd1cd6fcb761db1e15ab870bc7f3ef66 |
| SHA1 | 6e50658370e47bd0985f06c60ab4c8314bfee8a9 |
| SHA256 | 8109431c03c083fe0cf43e340ed274524b059f4c9788338dc0fd1315f6c2694d |
| SHA512 | 96a7f3d1daafb6c3292faf97975dc0b766441f275d2f348ed4408302819f8c7c3ee294624041ce049912ac4625e87150525dad45b61869c69457bd5cc8ae787a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/4204-3441-0x000000000F670000-0x000000000F6E4000-memory.dmp
memory/4204-3442-0x0000000006B40000-0x0000000006B48000-memory.dmp
memory/4204-3499-0x0000000002960000-0x000000000298E000-memory.dmp
memory/4204-3500-0x0000000002900000-0x0000000002908000-memory.dmp
memory/4204-3548-0x00000000028B0000-0x00000000028B8000-memory.dmp