Malware Analysis Report

2025-01-22 12:48

Sample ID 240522-nzb23aee86
Target 4mekey.exe
SHA256 f25252902543ef4074d6d5433b3d3a0b1d45bfbedb8e468ba5c0e2b731fa94ea
Tags
upx discovery evasion trojan vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f25252902543ef4074d6d5433b3d3a0b1d45bfbedb8e468ba5c0e2b731fa94ea

Threat Level: Shows suspicious behavior

The file 4mekey.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx discovery evasion trojan vmprotect

UPX packed file

VMProtect packed file

Looks up external IP address via web service

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Checks installed software on the system

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-22 11:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-22 11:49

Reported

2024-05-22 11:51

Platform

win11-20240426-en

Max time kernel

86s

Max time network

88s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4mekey.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE927.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE939.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\netaapl64.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE928.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\netaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32E.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE93A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\netaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.inf C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE939.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.cat C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.sys C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\WdfCoInstaller01009.dll C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE93A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.cat C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE927.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\SETE928.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74}\SETE32D.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\netaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netaapl64.inf_amd64_56f23639c9617984\wdfcoinstaller01009.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ece5e89f-78ae-b24d-bda0-37ee27826a74} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2840a600-0c65-4040-9143-f5c631643339}\wdfcoinstaller01009.dll C:\Windows\system32\DrvInst.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\AirTrafficHost.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\is-FG4BT.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\res\rootfs\jbin\loader.app\is-4M7BL.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\logs\2024-05-22_iso.log C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\api-ms-win-core-libraryloader-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-0S5A7.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\is-6K980.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\is-SUNGN.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\vcruntime140_1.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\libplist.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-FOCM6.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-FH27K.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-H3VJT.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\is-UB8KK.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\is-UE1J9.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\libxml2.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-F6UQ0.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-VKL8U.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\is-UTE0A.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\is-3LIKJ.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\is-1DRM6.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\AgentSupportCLR.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\CFNetwork.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\api-ms-win-crt-locale-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-9S2RK.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-AIDGB.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\cloud.3da8a18b.tmp C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\libssl-1_1-x64.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\PresentationFramework.Aero2.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\res\libcrypto-1_1.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\CoreFoundation.resources\ru.lproj\is-8T3M9.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\System.Windows.Interactivity.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\BugSplatRc64.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\api-ms-win-crt-math-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-M7UN6.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\CoreFoundation.resources\cs.lproj\is-6KSVS.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\is-87GSH.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\is-NOLLS.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\MDCrashReportTool_main.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\AWSSDK.S3.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-JPKJ3.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\is-DE1UP.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\CoreFoundation.resources\sk.lproj\is-5NLM3.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\ext_script\setuppass\is-686PB.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x86\NetDrivers86\is-7GACK.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\is-C4N1M.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\res\is-L5NQJ.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\res\plist-2.0_x86.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-350K6.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-CQE1S.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\is-V27G8.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\CalcHashAB.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\CommonRegister.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\RegisterAndLog.dll C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\CoreFoundation.resources\vi.lproj\is-6804H.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File created C:\Program Files (x86)\Tenorshare\4MeKey\MobileDevicex86\is-6DRJP.tmp C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
File opened for modification C:\Program Files (x86)\Tenorshare\4MeKey\res\lib_bypass16_x86.exe C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\CheckErrorx64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\CheckErrorx64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION\Tenorshare 4MeKey.exe = "1" C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Tenorshare 4MeKey.exe = "1" C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Tenorshare 4MeKey.exe = "11000" C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\AppleMobileDeviceProcess.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\AppleMobileDeviceProcess.exe N/A
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1292 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe
PID 1292 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe
PID 1292 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe
PID 4472 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp
PID 4472 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp
PID 4472 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp
PID 1292 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe
PID 1292 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe
PID 1292 wrote to memory of 3428 N/A C:\Users\Admin\AppData\Local\Temp\4mekey.exe C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe
PID 3428 wrote to memory of 892 N/A C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe
PID 3428 wrote to memory of 892 N/A C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe
PID 892 wrote to memory of 1644 N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 892 wrote to memory of 1644 N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 892 wrote to memory of 680 N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe
PID 892 wrote to memory of 680 N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe
PID 892 wrote to memory of 680 N/A C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 3888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1644 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4mekey.exe

"C:\Users\Admin\AppData\Local\Temp\4mekey.exe"

C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe

/VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\4MeKey\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\4MeKey_Setup_20240522115039.log" /sptrack null

C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp

"C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp" /SL5="$90246,90004456,373248,C:\Users\Admin\AppData\Local\Temp\4mekey_ts\4mekey_ts_4.2.3.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\4MeKey\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\4MeKey_Setup_20240522115039.log" /sptrack null

C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe"

C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cbs.tenorshare.com/go?pid=2422&a=i&v=4.2.3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffea12a3cb8,0x7ffea12a3cc8,0x7ffea12a3cd8

C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\Monitor\Monitor.exe" 892(#-+)UA-167618528-2(#-+)4MeKey(#-+)4.2.3.3(#-+)&cd1=4.2.3.3&cd2=0&cd3=TS&cd4=EN(#-+)1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\CheckErrorx64.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\CheckErrorx64.exe"

C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe" -d "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\UsbDrivers64\usbaapl64.inf"

C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe" -d "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\NetDrivers64\netaapl64.inf"

C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe" -i "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\UsbDrivers64\usbaapl64.inf"

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\UsbDrivers64\usbaapl64.inf"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{d3bed9f3-87de-d34d-a352-deb4111cae38}\usbaapl64.inf" "9" "463da41db" "0000000000000148" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\UsbDrivers64"

C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe" -i "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\NetDrivers64\netaapl64.inf"

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\NetDrivers64\netaapl64.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2d30bd7d-0b5d-ac44-87aa-67ea33502183}\netaapl64.inf" "9" "42ef90b23" "0000000000000164" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\NetDrivers64"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Tenorshare\4MeKey\AppleMobileDeviceProcess.exe

"C:\Program Files (x86)\Tenorshare\4MeKey\AppleMobileDeviceProcess.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cbs.tenorshare.com/go?pid=2422&a=db&v=4.2.3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa8,0x10c,0x7ffea12a3cb8,0x7ffea12a3cc8,0x7ffea12a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9677617797219010257,18062476952721582292,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.tenorshare.com udp
US 104.17.192.141:80 www.tenorshare.com tcp
US 104.17.192.141:443 www.tenorshare.com tcp
US 8.8.8.8:53 141.192.17.104.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.3.37:443 analytics.afirstsoft.cn tcp
N/A 127.0.0.1:50865 tcp
N/A 127.0.0.1:50867 tcp
N/A 127.0.0.1:50869 tcp
N/A 127.0.0.1:50871 tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.17.207.155:443 www.tenorshare.com tcp
US 104.18.25.249:80 images.tenorshare.com tcp
N/A 224.0.0.251:5353 udp
US 104.17.207.155:443 www.tenorshare.com tcp
US 104.17.207.155:443 www.tenorshare.com tcp
US 104.18.25.249:443 images.tenorshare.com tcp
US 104.18.16.57:443 assets.afirstsoft.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
US 104.18.24.249:443 images.tenorshare.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 analytics.afirstsoft.cn udp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
US 163.181.154.215:443 pixeltrack.clientgear.com tcp
US 208.95.112.2:443 pro.ip-api.com tcp
US 47.252.78.131:443 event.clientgear.com tcp
N/A 127.0.0.1:50878 tcp
N/A 127.0.0.1:50880 tcp
N/A 127.0.0.1:50886 tcp
N/A 127.0.0.1:50888 tcp
N/A 127.0.0.1:50908 tcp
N/A 127.0.0.1:50910 tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 13.107.253.64:443 www.clarity.ms tcp
US 104.18.4.144:443 assets.afs-static.com tcp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 download.tenorshare.com udp
GB 172.217.169.2:443 googleads.g.doubleclick.net tcp
US 104.18.24.249:443 download.tenorshare.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
US 104.18.25.249:443 download.tenorshare.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
KR 103.243.202.190:443 cm-exchange.toast.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
GB 108.156.39.117:443 s.ad.smaato.net tcp
NL 35.214.244.87:443 csync.loopme.me tcp
US 34.149.50.64:443 s.seedtag.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 141.226.228.48:443 sync.taboola.com tcp
KR 103.243.202.190:443 cm-exchange.toast.com tcp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 204.79.197.237:443 c.bing.com tcp
N/A 127.0.0.1:50969 tcp
N/A 127.0.0.1:50971 tcp
N/A 127.0.0.1:51002 tcp
N/A 127.0.0.1:51004 tcp
N/A 127.0.0.1:51016 tcp
N/A 127.0.0.1:51018 tcp
N/A 127.0.0.1:51066 tcp
N/A 127.0.0.1:51068 tcp
N/A 127.0.0.1:51079 tcp
N/A 127.0.0.1:51081 tcp
N/A 127.0.0.1:51093 tcp
N/A 127.0.0.1:51095 tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.24.249:443 download.tenorshare.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
N/A 127.0.0.1:51318 tcp
N/A 127.0.0.1:51320 tcp
N/A 127.0.0.1:63650 udp
N/A 127.0.0.1:51329 tcp
N/A 127.0.0.1:51332 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:63652 udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:51342 tcp
N/A 127.0.0.1:51344 tcp
N/A 127.0.0.1:51350 tcp
N/A 127.0.0.1:51352 tcp
N/A 127.0.0.1:51363 tcp
N/A 127.0.0.1:51365 tcp
N/A 127.0.0.1:51370 tcp
N/A 127.0.0.1:51372 tcp
N/A 127.0.0.1:51379 tcp
N/A 127.0.0.1:51382 tcp
N/A 127.0.0.1:51391 tcp
N/A 127.0.0.1:51393 tcp
N/A 127.0.0.1:51403 tcp
N/A 127.0.0.1:51406 tcp
N/A 127.0.0.1:51418 tcp
N/A 127.0.0.1:51420 tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
N/A 127.0.0.1:51431 tcp
N/A 127.0.0.1:51433 tcp
N/A 127.0.0.1:51439 tcp
N/A 127.0.0.1:51441 tcp
N/A 127.0.0.1:51453 tcp
N/A 127.0.0.1:51455 tcp
N/A 127.0.0.1:51461 tcp
N/A 127.0.0.1:51464 tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
N/A 127.0.0.1:51469 tcp
N/A 127.0.0.1:51472 tcp
US 104.18.24.249:443 download.tenorshare.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
US 104.18.52.27:443 polyfill.io tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 104.18.2.37:443 analytics.afirstsoft.cn tcp
US 104.18.25.249:443 download.tenorshare.com tcp
US 104.18.25.249:443 download.tenorshare.com tcp
US 104.18.25.249:443 download.tenorshare.com tcp
N/A 127.0.0.1:51478 tcp
N/A 127.0.0.1:51480 tcp
N/A 127.0.0.1:51489 tcp
N/A 127.0.0.1:51491 tcp
N/A 127.0.0.1:51498 tcp
N/A 127.0.0.1:51500 tcp
N/A 127.0.0.1:51509 tcp
N/A 127.0.0.1:51511 tcp
N/A 127.0.0.1:51527 tcp
N/A 127.0.0.1:51530 tcp
N/A 127.0.0.1:51535 tcp
N/A 127.0.0.1:51537 tcp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp

Files

memory/1292-0-0x0000000000400000-0x0000000000802000-memory.dmp

memory/1292-15-0x0000000000400000-0x0000000000802000-memory.dmp

memory/4472-30-0x0000000000400000-0x0000000000465000-memory.dmp

memory/4472-33-0x0000000000401000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-K0AD0.tmp\4mekey_ts_4.2.3.tmp

MD5 4c056dbfc6b6eeb4c2370bfc55a81a86
SHA1 9ec424411088a692cee71633a9d2db9a15d42996
SHA256 ed77f516c1b7cd9bdc345d6e97829d891716d5f5687a90b48a451c2c420f1f9a
SHA512 5b10f889ed68bc67d86245f6e4dd118a9d101c02d3cc1e8795caf01f61e34260661cdb2d89faa482d277fef24cd2c64ac128c314fe30f91cb3468043f7d24a9a

memory/4640-37-0x0000000000400000-0x000000000056A000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe

MD5 6ec308b33a146a58770f034202155391
SHA1 a0020437db51fe79e9f574a32f8c15033f6fb0fe
SHA256 0ad42200705d2b2c09c8bf5e0bf78b0514897b63766ac1b5df4b478e9fb9b2d4
SHA512 9a9e4192f40b4c0757992877f742a7946a5174ddbf18dc92c1236fde8112f069b326d5f5666c3ba3384a6975d3f1392dbd5ad29a9eef8fa1016d7bcbb77aaca7

memory/1292-770-0x0000000000400000-0x0000000000802000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\logo.ico

MD5 7c79eb2c535b1579356152be49641292
SHA1 9b7edea17f2a60600f6e5ba9ed0d9abda46d0941
SHA256 a969e3683813145ed2daebf799047a39f1b011360ee3268524b171b9440b1f28
SHA512 3a151d3416f449e1aaa8c22e33f444aef133a1dae04006444d11e363428c121ffb0702c0ac5bc3113636340b93d7e3d2bb474ad564563092ec7d9c751e7568d0

C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.exe

MD5 ee4f44b5e039f8f6210d794ef7c09327
SHA1 faef2c567c97f1fdb6f94018c03bfa62dba163f2
SHA256 11e5064116ce7ba032524f88334bb912473e079cbe6d97dd2446b74d20de73ba
SHA512 46b403eb0325c1dfb133790e58bdd79a7f2321e581274c148644e35aaa74b0775d961995ef9578fa8c75a604ddf846cdd225b650388094969c6393a150d6f59b

memory/4640-884-0x0000000000400000-0x000000000056A000-memory.dmp

memory/4472-885-0x0000000000400000-0x0000000000465000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\NetFrameCheck.db

MD5 1cded0579dac00bd788056ae09b73b64
SHA1 73dcc8d49fbf023cf04481f037bdba72a53c0221
SHA256 6ba057eeccafc058649411f28a3d1a6f2f29f9f87b0fa06b87aac0f1a723c3c4
SHA512 743ebb057e97ba0d86e3b40ad78481215f129ad47fcfddc6aea4e040c68b4a6bf3ae7528178243c06bef17b7ba2b672a25ab9fade8ebc65fd35700c52d6c9ac1

C:\Program Files (x86)\Tenorshare\4MeKey\Tenorshare 4MeKey.exe.config

MD5 a807be65ad4becd06d9e436468c6b4b0
SHA1 ee087b748f59627baaa61a0994a27d1eeeb941cd
SHA256 2b02b7397089a9ab9852977e9781dd752aef203f6017e23713b44e38b7540853
SHA512 8738ab5224731e05f27e73e0c4207bc1f0a75ac8f743d51d3fb1fcee6d43c40705f7bd7b88085d5c9e3a4e164fa52ba0bc1917aa79ea8ef3c09dd7d42304b2ab

memory/892-895-0x00000212403D0000-0x0000021240FF6000-memory.dmp

memory/892-897-0x0000021241410000-0x0000021241422000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\AppService.dll

MD5 25823ecab6ae9237e3443f55edabd5f5
SHA1 240b51983f73a11b561e02ff842a540105b5232e
SHA256 2629f0febe495d2422c745944cc71ae56c4207898924bf9b8558adfc8508c0c2
SHA512 5a0568f7e9036cd2ba1139f27f2dcd1206119fc231209c94e9d00cebef1b21cd631913ba8c204b06aa70ca3fa2e54c30a9287405e0001c812dd0e0b6ea626f57

C:\Program Files (x86)\Tenorshare\4MeKey\TS.MvvmLight.dll

MD5 f39c88447e2faa4c67e70c6ec0ea36b8
SHA1 09015aab4bd0aa888f7b187c4bc31d0bbe7ccf75
SHA256 6dd4e569540152a6d7b094a38d0da530835c5a5b17612e92b5d81a540a97492d
SHA512 26e137a617ae1a044bc216d139995dd6f0235a614185c5b6cd674e439ddceb521475bb9d6a7f0fb99304af9c81562eb27138e90f8780005762d3e59157c65f97

memory/892-899-0x000002125B590000-0x000002125B61C000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\log4net.dll

MD5 2c9467fe372255b0f720cfe7a39847e7
SHA1 d115102ce612fffe17ed35576b877a8c350eb14a
SHA256 0e359d07ad1d39d9102776c94480507d6d38d80bf40a7d2f67dfa54cff4aec01
SHA512 fa816986c941b5b4a3214daa56211d1990d4f1013a283249f92d239889d125e51e57380d10a2ff1119517a9a3e1b72c1c3be71a79898b1096cac6d402634a852

memory/892-901-0x0000021242C70000-0x0000021242CB6000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\TS.UI.dll

MD5 9da381137ad994d196eb14ca30e215e5
SHA1 a4173d0c05cb1966e09b2fa4685f312c7a1a4a42
SHA256 9c169ef3e0ed7ff00055f0596ebff0d43fc6e0cdf3f976b7d27dcdf414e02a9e
SHA512 8fd9506bc9ff0f7cde3634ca6049fe18ab8d6e81f19bee2569242dd1087154a263249142af49d42b9c2030aa455113d555088d83e2c4121ea0c09ebf9f208c0f

memory/892-903-0x000002125B740000-0x000002125B79A000-memory.dmp

memory/892-907-0x000002125B950000-0x000002125BA0C000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\CommonRegister.dll

MD5 e8ff3b7a55407593b488110728a1296b
SHA1 89f91fb810a477242d969608a8449b14ad4167bb
SHA256 11cbc84c16ed749e737f69b7c85711ca35621a443dc87177aa2f573c712df2b2
SHA512 1506430efba67a3137fd7539a3bdece9bd10215f79a77c8b77d0335e3c062e3cafbfc4b9482738534bb6d0f82e02b85c13a7a76481ccb5c4b88e4e2809103b93

C:\Program Files (x86)\Tenorshare\4MeKey\IosManager.dll

MD5 43fb7e014ee9748584a4c7f93aa7a84a
SHA1 7c30d0f665e30137c5378ebbf5e1ff7cd47c77f4
SHA256 68275425b2772059e017736f0f011d73937306370d43af0f3ac51b0b43f17b99
SHA512 ec9e71cf1c494f9069add2fe122e1b090fa763b97266694a4ce43aff15af3cfc160e66a0afde5ca58195b1c4abb37f3464923622de8313fa3400d11a1fd21656

memory/892-911-0x000002125B890000-0x000002125B8F0000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\ios_manager.dll

MD5 b1d6612c5ed18a9b78574b75de6be731
SHA1 652a8c451644bd7e64b7d29b9a9521e10c99cf91
SHA256 2d4afd3d1fa7f3374675d597d543cc82087c3b91c66e9702112f3dfab89eadb5
SHA512 eb335a35bd2bdc740988e3adadab6d2af39058102a86a39e92c988dde2b998aab5007e86d91449b99a2590e761b056dda49b17eb5b046cbdda7b2ad667862618

C:\Program Files (x86)\Tenorshare\4MeKey\libssl-1_1-x64.dll

MD5 6dc66dc73f3fd0f2e50d3b02ae76d2f3
SHA1 6fd3f11dcc20eace6c1a8c5f051d101aef4f0388
SHA256 b2fdefcec2d2a588b5ca34baa8f52d8a86a284d841aa45d947a0d30a8a6265a5
SHA512 9e3a1340e5680acaef2fadf09ccb98dd16de1ba2f90dfed41bf7fe8446eb8235f07e47f21d51b36332faecbce99df4150969f60189268a09ae316fa19e9b8d1a

C:\Program Files (x86)\Tenorshare\4MeKey\msvcp140.dll

MD5 b24f7a6e024fba17b7f75e99f17e8e40
SHA1 ba025193ffb1c371a23a9ae5df84503d0dd51579
SHA256 ec630e0336e5ce8973aada0a46ca402d300d326ca6fac2b153f8db51fe8f91cb
SHA512 06a60850d65bbf7fadf594fc8324568f71631ed53f8abd947a8659a16262f55b953b65c6951a072648350e0065e9ac0ea301bbdd2b11ba5b70033b23a6e0cdd3

memory/892-940-0x000002125BC60000-0x000002125BD12000-memory.dmp

memory/892-945-0x000002125BB50000-0x000002125BB5E000-memory.dmp

memory/892-947-0x000002125BD90000-0x000002125BDB2000-memory.dmp

memory/892-949-0x000002125BE20000-0x000002125BE80000-memory.dmp

memory/892-955-0x000002125C130000-0x000002125C16C000-memory.dmp

memory/892-957-0x000002125C170000-0x000002125C1AA000-memory.dmp

memory/892-956-0x000002125BC40000-0x000002125BC52000-memory.dmp

memory/892-959-0x000002125BD60000-0x000002125BD7C000-memory.dmp

memory/892-960-0x000002125CE10000-0x000002125D2DC000-memory.dmp

memory/892-968-0x000002125C1D0000-0x000002125C1EE000-memory.dmp

memory/892-976-0x000002125D2E0000-0x000002125D41B000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\FileReport.dll

MD5 eba46552e40525e1a5491fef8b748d7a
SHA1 8dc45e90daee728c46f2bfab4e5b3cab359c5c38
SHA256 142820fcab6ca4c9aa8f165390d03c8cfc289ec3f243aad5038e593b4080cc7c
SHA512 865b55051fe99b6812d3494d142e43b5405784775031f11cf8bf2a45b34d707dee701ecec2432f8615baefde490c03c3b70c4aba2a4b02fddcd1ad8f7f065fc6

C:\Program Files (x86)\Tenorshare\4MeKey\Register.dll

MD5 9629059000bb47474ad9ae0276ef26d1
SHA1 413069f2412293c02cab40dd712aefd7ce0e414f
SHA256 b2d0ba9c51c3006dd4115bfeab536509a05c937aab871a545ba9d91ec12a9d5a
SHA512 11c70ec1893ee6e390f75a79faa322204134c7dd1729d078f82f8ff1a136e42d72afd6cb7dfe65b08e466638be44fd0c7316d71438ec07a1a4f11e312536fffa

C:\Program Files (x86)\Tenorshare\4MeKey\SoftwareLog.dll

MD5 8200883afae3ca0333fbcd90734fed22
SHA1 c0c0148304be11fca40f416714be30f0c2f50abd
SHA256 51999ece95d5f7ed941fa9701f1283c806d15cc2755a951358ae6ffe1d140340
SHA512 7b1c876b56574ff0ebae3e2e5a33a5f4522ef17f7f8a734ec118531434783cbd067e4efed0d74ecbb4121b300982001015897392d82767be2cd327652d038133

C:\Program Files (x86)\Tenorshare\4MeKey\RegisterAndLog.dll

MD5 0a992baa557f41db1f1d0a1e475b63c3
SHA1 b1db96aa897540015960e0a6cfc3b5da6f4cefe7
SHA256 340fd8215c5d24825dac2e00bf517a15376160af2258aa7129daf6ab9b7efa68
SHA512 9a879421d9355184b9f70dcfaac6531d551ed7eca25eac2fedf5f7af72e52a0594249186fe13f972f97ceca59681a28062809b9dad1b157151d9fa7fcea6d9ce

memory/892-972-0x000002125BB60000-0x000002125BB6A000-memory.dmp

memory/892-971-0x000002125C1F0000-0x000002125C202000-memory.dmp

memory/892-970-0x000002125C720000-0x000002125C7DA000-memory.dmp

memory/892-969-0x000002125C5F0000-0x000002125C712000-memory.dmp

memory/892-967-0x000002125C1B0000-0x000002125C1CA000-memory.dmp

memory/892-966-0x000002125C470000-0x000002125C4B4000-memory.dmp

memory/892-965-0x000002125C430000-0x000002125C462000-memory.dmp

memory/892-964-0x000002125BE00000-0x000002125BE20000-memory.dmp

memory/892-963-0x000002125BDE0000-0x000002125BDF2000-memory.dmp

memory/892-962-0x000002125BDC0000-0x000002125BDE0000-memory.dmp

memory/892-961-0x000002125C3B0000-0x000002125C42E000-memory.dmp

memory/892-958-0x000002125C8E0000-0x000002125CE08000-memory.dmp

memory/892-954-0x000002125C2F0000-0x000002125C3A2000-memory.dmp

memory/892-984-0x00007FFEC1850000-0x00007FFEC1852000-memory.dmp

memory/892-985-0x00007FFE93800000-0x00007FFE9414D000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\Newtonsoft.Json.dll

MD5 195ffb7167db3219b217c4fd439eedd6
SHA1 1e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256 e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA512 56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

memory/892-952-0x000002125BE80000-0x000002125BEDA000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\TS.Common.dll

MD5 15c34a5c4308102e8922bb63f12ab74f
SHA1 4f719865f5f9f9489c5e84268a2ac11533f23dab
SHA256 0ef695f3fecc81a114f343703fcd02c926b621434fb89e2007e602e88ba35665
SHA512 3859b09512743f4462dca904cb231e8faa1d9dd4bc71f39e5e4e9c9bdc2bc4f40abc04149a7e52344e0522f40dc612fed19d9d20958bc0d769d1d814a7b333a0

memory/892-950-0x000002125C210000-0x000002125C2E4000-memory.dmp

memory/892-948-0x000002125C080000-0x000002125C128000-memory.dmp

memory/892-946-0x000002125BEF0000-0x000002125C078000-memory.dmp

memory/892-944-0x000002125BB70000-0x000002125BB82000-memory.dmp

memory/892-943-0x000002125BD20000-0x000002125BD58000-memory.dmp

memory/892-942-0x000002125BBA0000-0x000002125BBC2000-memory.dmp

memory/892-941-0x000002125BBF0000-0x000002125BC40000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\BugSplat64.dll

MD5 ac0df5eb7afe860c4cf7d7ee85909db8
SHA1 1e9eede865e76757b7a3187e13f083075d83c7de
SHA256 b9e3fd42a97ba6f3a7f6a4c2f44af224ef5d72f01bbf14ef14b5864c5503fdfc
SHA512 7db32a242eaeba71175cc8b463be21d55e3dd55db7cbb0bfcec731c22170a23bd0706b264483d1c6fa3abb809cb363aa8b98da14f09b64b9625a59966ae8907d

C:\Program Files (x86)\Tenorshare\4MeKey\vcruntime140_1.dll

MD5 56022d897586e9379f9cd1c2501c8027
SHA1 b08c83994dba5495b94e4444ae34e4ee0e284613
SHA256 695697490f937cfba26288071cce7d07eeb9bf0a2064895b76cab91e8fb67f98
SHA512 20f1918d62b91cfc2ccf0985409ea73681ef067ff68332d55c9b4ced993791dad175fbaac8470df53230ed5c8d4fd71b2782c1d33f0c4796092fa3d0bfcfcc1d

C:\Program Files (x86)\Tenorshare\4MeKey\ts_client.dll

MD5 91d2740d2652fee91046ec04a0741c54
SHA1 7ba6963fbeeba376da53df98b8961b2ca243194f
SHA256 551405fcf7cfd15026006c09dc5dc499379767d93d9a82ed6a2e630a0e64960c
SHA512 1feed96af105399eb6e4d900c78a04e6ba5547f9044e40abfa89e682b9d0bdae1bc45c6510927a437d650b93e3fcd0f5aced926f0352d27659464af4d8992aee

C:\Program Files (x86)\Tenorshare\4MeKey\libcurl.dll

MD5 a7c0072e20fa45d5b394eb86540905be
SHA1 a1fd3a64bbf8651c2e5320f4b8c4348624254eaf
SHA256 8e3634e20f014dd4fbb1812456c909d79e97bb1f3f1831c6beef63aebdf11c6d
SHA512 eb0d12aaeac795512096911a7d2a408f06ad9a4163df73ce706be2db761151330ce2363d5b93436f7208d474814560ba3e4acae85a29598d2daadbbc6a0b7d34

C:\Program Files (x86)\Tenorshare\4MeKey\ThreadCore.dll

MD5 4947064e842229937c814a7d02e62c6b
SHA1 202b23a6287523838b82c6172bea3f6d202466f9
SHA256 22f2205f40bec8e99582340f5e0ce79ecd92215a16c9fc864a1d5bcae9fbc9bf
SHA512 c494673f14b3e9b59e7e8611158d6ff3c95995b626f976b481f6a891346569a10971988c4c93180125c8c641e3fc7fe138f2f2b971dec4334b6d071fcefff07e

C:\Program Files (x86)\Tenorshare\4MeKey\SQLite3.dll

MD5 0f712be0cc22ee970eb2312109e6bfcc
SHA1 03c4c79e5e3e67d1d1a443394fd862ea02602436
SHA256 d29cf71c339bb95b01f44c784e8479cf2050156090ab62218ad78541fbdae786
SHA512 e490174642fcd88c3ec914f2f6c6143cfa3d15ceb3070c1bcf0f5f3a316bbfec5591ab6db1f0af26072f7c4aaf23059da27c32662c691734b480e687e28018d6

C:\Program Files (x86)\Tenorshare\4MeKey\ts_base.dll

MD5 813012aa3b1a63aaa595103557b70306
SHA1 2adb8e639c95d12bee565839d50c00da16110f05
SHA256 417765a7a2291b2b6d08cef5c1081d992b8eb6f364d8dfda5720b6eb565e5980
SHA512 f5c4f60a40da2f0d0363af4c80bf8ce4ea6873f0150ab49f72ea23b2ca137cd634e359c5e4571799de132eac93baaa250bece2a17a9982dbea6a7d2f696a8ef6

C:\Program Files (x86)\Tenorshare\4MeKey\vcruntime140.dll

MD5 7942be5474a095f673582997ae3054f1
SHA1 e982f6ebc74d31153ba9738741a7eec03a9fa5e8
SHA256 8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
SHA512 49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

C:\Program Files (x86)\Tenorshare\4MeKey\libcrypto-1_1-x64.dll

MD5 ce75a60a5acd00a3a19612559ba04753
SHA1 8efd69a17054f297102b6663db782301abbac827
SHA256 6e5c951a95f05d7f78d84187addc0b7d8d0609edd6c3669203a570cb2b6bc333
SHA512 cb4b6db8d266353a63d4010e47f3dc4ca16eaeff59eae78b22f42575a460b8806c768a8f4b3933f573fbb498f0bbad927bfcb635a821a4b5c8beedfd0cfcdd22

C:\Program Files (x86)\Tenorshare\4MeKey\itunes_manager.dll

MD5 916d62c9e307b11d0b7246a80bfcc689
SHA1 e84fe24a9f79a96c58deb1f7e193a21ff847f730
SHA256 22ba30eb5fbd29cfc11b76e7a193d8ed1d94bb34b412c24f516f55e1a810f983
SHA512 16767a9de7bde1a9ee679480b567fdc72f6e3dcc2cacb68f50835885851d6d956380b78cbcc00773b56bb80bb1aa2a4477427de2c7ec7e2129a7151729a2fec1

memory/1292-989-0x0000000000400000-0x0000000000802000-memory.dmp

memory/892-990-0x000002125C580000-0x000002125C59C000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\QRCoder.dll

MD5 ab8a24188c4b6a7c09d63fc2d4ed4d66
SHA1 d92c1fd21b9caedb8727aecd8143742ee12914f5
SHA256 4bdec1df4fea071d35a786b644bb35d2c1465d8da1785467e861e98536d65a3d
SHA512 b6adce22bf47c86849f34569f24b89afe6604638f25b76bff6481f719d6ce59980e7d42a8d37af3d4aed6d5edb2cb9c2ec13f8830bec29699c93b25ad1ea5893

memory/892-994-0x000002125C4C0000-0x000002125C4D0000-memory.dmp

memory/892-998-0x000002125C810000-0x000002125C856000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\BurnIsoManager.dll

MD5 a0ee751805bbd8f6d84957f6ef42a33d
SHA1 cbe6e84ecdbc1927c8bc705d7b5bc3e9367fd79c
SHA256 17169e6ea29266221da3bdeb12de5015280b820a5528094a54368a3873e8abeb
SHA512 20e0114856a82187b9d15be208ae1f923c4056fd5e3dfa897ee837b93a4592220ced08b4db55422837bde9b220df5d8b7af9e442768a0485611022f16e5b5fcf

memory/892-996-0x000002125C7E0000-0x000002125C80A000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\System.Windows.Interactivity.dll

MD5 580244bc805220253a87196913eb3e5e
SHA1 ce6c4c18cf638f980905b9cb6710ee1fa73bb397
SHA256 93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf
SHA512 2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

memory/892-992-0x000002125C5A0000-0x000002125C5B4000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\TS.Base.dll

MD5 aa3b6ed3d5556f2c522a0ae5e3740ad4
SHA1 b5842281d0b9afeb6af1db583b7e2e6af78611bd
SHA256 d561f33d6a91398505e9d56aa43b1aa5143376dd81ae22852af5b23abaa7fc5f
SHA512 6d4f7e2169073b6aa1b59d7110bb8964bc5aeabf8453614d31fba2ce225cfdea5f7a4e29847ef24f91391954048a04959947260de4fbe34ca946745718b5ccff

memory/892-999-0x000002125C5D0000-0x000002125C5D8000-memory.dmp

memory/892-1000-0x000002125D4B0000-0x000002125D53A000-memory.dmp

memory/892-1002-0x000002125C8A0000-0x000002125C8D2000-memory.dmp

memory/892-1001-0x000002125C880000-0x000002125C8A0000-memory.dmp

memory/892-1003-0x000002125C870000-0x000002125C87C000-memory.dmp

memory/892-1004-0x000002125D750000-0x000002125D794000-memory.dmp

memory/892-1005-0x000002125D7A0000-0x000002125D816000-memory.dmp

memory/892-1006-0x000002125D440000-0x000002125D45E000-memory.dmp

memory/892-1007-0x000002125D820000-0x000002125DB1B000-memory.dmp

memory/892-1008-0x000002125DB20000-0x000002125DC67000-memory.dmp

memory/892-1009-0x000002125D480000-0x000002125D498000-memory.dmp

memory/892-1010-0x000002125DCB0000-0x000002125DCEE000-memory.dmp

memory/892-1011-0x000002125DC70000-0x000002125DCA7000-memory.dmp

memory/892-1012-0x000002125DD60000-0x000002125DDCA000-memory.dmp

memory/892-1013-0x000002125DCF0000-0x000002125DD31000-memory.dmp

memory/892-1014-0x000002125DD40000-0x000002125DD4A000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\cloud

MD5 fc31b34eb1f36e5ff23be7f4621aa04e
SHA1 cef8d9c3577f04c9e102f942ee9bbe98dec50df5
SHA256 be7a52d6d1b2e5e2c7a9e338f3ab71b4b2e76797f19cc06d5899aece2701365b
SHA512 c5289e754453876b9646124952850f27325af5345c7522b9478a51c794277d5d0fa55cc105cbcab4dd72a2f76b107b97cea49a0296512c086412ddeb92441a65

memory/892-1032-0x0000021260080000-0x00000212600AE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7915c5c12c884cc2fa03af40f3d2e49d
SHA1 d48085f85761cde9c287b0b70a918c7ce8008629
SHA256 e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da
SHA512 4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

memory/892-1051-0x00000212600D0000-0x00000212600D8000-memory.dmp

memory/892-1055-0x00000212600E0000-0x00000212600E8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9faad3e004614b187287bed750e56acc
SHA1 eeea3627a208df5a8cf627b0d39561167d272ac5
SHA256 64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9
SHA512 a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 855a35052a7da54f104b3fbbebe1c814
SHA1 83b48c4e88f7b0c76b618584d49d19674fff4053
SHA256 fc896a34412227067551988f77d2930b2fcd0f1e31cce9bdef009f1f43d4c229
SHA512 89b32310af0cce82475a7b402aea5acfd25e8a741ba658166d9ea7b9b3f49f02c6637754b66a077a4e577dc9ae70607d6d892e47fa6e3fe76686d39821e03aa3

memory/892-1065-0x00000212600F0000-0x00000212600F8000-memory.dmp

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 f9a49a3e2415016fa85ddff0b8b38419
SHA1 f8c987119269e58d22a6b17ae2e8eca7744fb385
SHA256 14694dbee3897b6bd5aa596ebfd893e727179b67811920c174dc70e6eee8e579
SHA512 91ea129a51d2c3b342287c1250f5b0da6ba2a61eff11791d1cfae1f5c6dd2654c935be1452f4a681e794fd723a3c295e9bc9e59b9005aa4d8bd55ed36c9ad91c

C:\Program Files (x86)\Tenorshare\4MeKey\logs\RepairItunes.log

MD5 5321616733fd7d84f613df4c71d0c7a1
SHA1 53a49aabcc05c442a75664366c9fc1c1de27d388
SHA256 f62c4c5e87e9e2fc14d6f6fafc1247420d77a65a0226ae5055b61c6fe12ba811
SHA512 08ef909c9f84cbda811a90d90f7e626c878a7682f787798efc8a5a8e46afb15ca1f6ea49a052f73534bff66c923201e6ad1cf7a5080361f2a8df96c74c80d96e

C:\Program Files (x86)\Tenorshare\4MeKey\cloud

MD5 254161a39f2976fe79feffbb30bc355a
SHA1 aa17bf8bc0cdcb0abe0fae4a527de30fb5e43779
SHA256 11a06f50ff03f16e171c8e660b9ba2fae5cc57a947897d43152ead0584d72a3f
SHA512 64c710c4fe08ea7e9f0cba032197ee4e5e99a75943ff45a6af89732bb19c70c6c358797fbb3d0274845822d7c694270cd8fbf7d9cb9d1270b2dea8a2a1ed82ec

memory/892-1195-0x00000212645E0000-0x00000212646EA000-memory.dmp

C:\Program Files (x86)\Tenorshare\4MeKey\logs\RepairItunes.log

MD5 35b8761e5cc755cc850e9fa5d3d93396
SHA1 db7e44d2ce06323d6faf2cd3579e6482025a8021
SHA256 f7d1acf8a2edde7a7c0a396919fe80fa0fc1c3367979e9e19cee6e9e70adefed
SHA512 def817d3550f45bde56c07557dfffdd918728611a5341b94d18e1759acef454c6dce52555dc2cefb07e9a83a67c844d5150c191a5afcb45b9d8f44a25aaaa800

C:\Program Files (x86)\Tenorshare\4MeKey\iTunesRepairResources\x64\infInstallx64.exe

MD5 758a62e7daf555df8eafdd9c658e9970
SHA1 211ddf8f33562940df85bf9091fee0f08c791b03
SHA256 2ac77ba885f4a714d56d7b2e050aade3f4954cf6c13fe94259def92468d8ad2f
SHA512 314b150bde2630e1cfa70f19c5d5905af0e40b84468ef9ae79b73461d87b042586358fe4d197380100e5370fe7e44ca6f1b4dede4c0f13fd318fa99617e37044

C:\Users\Admin\AppData\Local\Temp\{d3bed9f3-87de-d34d-a352-deb4111cae38}\usbaapl64.inf

MD5 2da3a91b71919d035d8fd17b6b90bbc2
SHA1 c2c6a29f3abc80fd992777a92df30699124d37c5
SHA256 edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b
SHA512 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b

C:\Users\Admin\AppData\Local\Temp\{d3bed9f3-87de-d34d-a352-deb4111cae38}\SETE2AF.tmp

MD5 26eee7af8aa1ef8c1bd7c9327c602844
SHA1 990a56215aac7000eac9371f489a0fc57d560078
SHA256 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30
SHA512 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d

C:\Users\Admin\AppData\Local\Temp\{d3bed9f3-87de-d34d-a352-deb4111cae38}\usbaapl64.sys

MD5 f957092c63cd71d85903ca0d8370f473
SHA1 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d
SHA256 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf
SHA512 a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc

C:\Users\Admin\AppData\Local\Temp\{d3bed9f3-87de-d34d-a352-deb4111cae38}\usbaaplrc.dll

MD5 e7dc4ede67c8109dcff370c16645f469
SHA1 77fe25905df0020ba3e160d82e0c86c3c59855b3
SHA256 083465092937f4cd19176105bfe243cbd79fca0f2adeed636eb0531a945a33a7
SHA512 63f26693067eac934185efc50e19f3f5aad4a8999fb11e6c18b31a5c62f2e766de9b0ef8d1b13f668c6f149c7fe8bdf6a759866ece855fd5a1fb467a8cf377eb

C:\Users\Admin\AppData\Local\Temp\{2d30bd7d-0b5d-ac44-87aa-67ea33502183}\netaapl64.cat

MD5 168c4256eea6a76983d79d45f191469f
SHA1 2f4e6d8db4bcfeec816d31a70045895a3e6158e3
SHA256 2b8a6ebc3e10d06a6ebbcb4ef89992978836eb52d2ad1c09e19b137b0963c2f9
SHA512 743f28589f4357594c4490c6bdc46b6ca6e3164ab58495d686316ba8effc004e68507b26cb07032f3232ecf21045078a97aae0fad9ac78acff48ec2ae0c26585

C:\Users\Admin\AppData\Local\Temp\{2d30bd7d-0b5d-ac44-87aa-67ea33502183}\wdfcoinstaller01009.dll

MD5 4da5da193e0e4f86f6f8fd43ef25329a
SHA1 68a44d37ff535a2c454f2440e1429833a1c6d810
SHA256 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
SHA512 b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

C:\Users\Admin\AppData\Local\Temp\{2d30bd7d-0b5d-ac44-87aa-67ea33502183}\netaapl64.sys

MD5 ee00c544c025958af50c7b199f3c8595
SHA1 1a9320ad1ebcaaa21abb5527d9a55ca265deec5d
SHA256 d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1
SHA512 c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e

C:\Users\Admin\AppData\Local\Temp\{2d30bd7d-0b5d-ac44-87aa-67ea33502183}\netaapl64.inf

MD5 2428e7f81420a9d7e81dfce9fa0613b3
SHA1 96605444de2721d553530179ea96024f29b32827
SHA256 6db20d1374088a64b5a435189e3cbf1c0f30496d4a2c80346bc904605f3d0261
SHA512 fc98a3010d5a71ce4c9ec2ef16914cc6fabf531fdbf1cfc487d42dc352111e47f970565a011cc6ebd18b2632af5bc107e5c0e784127b789b68e6cb3f214aaf5b

C:\Program Files (x86)\Tenorshare\4MeKey\logs\RepairItunes.log

MD5 ea2844ec72a64c9dc1ce5ff9d19eae51
SHA1 3dca31901869173952f951bc31c2c82b6c044d70
SHA256 a76c25b0070eeba5f23dfb401b530a55800e98c8a56e5779e8827c620e6639fa
SHA512 3f27ba08a501e31016574221b364a5570543981dd71ec79d27c909696f50270463d6f7bc3d03e8a6322a7c5a923fba79221dd8f98e0c1c57bcc5cdc77415c8af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d733ddf6abd01e8d5aa641d572bafea5
SHA1 7ef8bd6aaa0bdbf88bb977307e7949a54169f070
SHA256 7122d52bf80265a3f3b1d9734dd8592917e60e02313d2d43dd84abb459d6202d
SHA512 a878c792fcce9f16dbb4e59acd9fd7113858e8ddbe99ef53a96a488d6f270a225b99c9b95d057e639525d3d826666d1f0616ffab0e8515cb6b8edaddb1f84c62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14da28f6e9d457d6a1176e88a7e67a64
SHA1 05718bbbe71508283413e4a416e998af12e0feec
SHA256 d96c506741e198a8f33d2b9c5f9876a8c5d030dfeb1143cc370f52eaa963f00e
SHA512 fe02d84fd1a9f8cb28d6d81be3e712d5bb6379ff55d30fb76803cded2653154a9645c3b0994e7de78856394eb92acab550ce7a76fb879577d25fa945e82154a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22e3557214082a53695f5c11f087e8c7
SHA1 ace4037867a5f588c73f36cf6f6de080c745f66b
SHA256 4eb3588b63677c65d8020a4eb279815b6405ab8ec55dba27139cf27860cdeb13
SHA512 98bb1830d5010113d60639f35efebe8a03edf8dc518390cfecd15b872577914fc0a3cd4efc285a474de1b129c0fcbe4f407728b5a0d3c4d6669c275ef29b10ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b67eca581ad2e49da5b9c2f78f8387f4
SHA1 afb02761838d0c563e71caa27ea28ad9bec7f9c9
SHA256 8dcfb6a33b62c2558eda0da828467fd9559a65dc48478398e72c4913d3f551ff
SHA512 c732b1c602940da4def2cceb1017a628d78817554bd5bfbc16f1e1f09b1e8d655aeac39eec5499d6c55db7f4be15d699b38ead129343b893784326e579ca561a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 257c4c7714da879c7eda0e71cd368242
SHA1 15680cbce9bd22fcdde97b4296726f39d9ea16c5
SHA256 67fc37234a1af7f94069649feeb562c315b65f6ada6fca15cbba9ba44a232f45
SHA512 ca9b18628cb04c9ae4bd709124ccdc55637a7e08b7b27c629863229300a74b4627c9325a8e5883004560e93f4302c9c869345576f616512b13476c8a68b0ef50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58628d.TMP

MD5 98aa7c4646a2dedb2ba345ced350cd5d
SHA1 6d769c0ab3a74df08be0de133fabb484d945b53c
SHA256 3644857e7ba736906f8e8e7e9f21bd5f4573e8809a1da45c1897eccb98de5e60
SHA512 e696f720bf45c1fb0b98952fffd1f0bd060863c8f1e1bbd6b72206d1c31eb0778c5de6b8f43e66b272062894c08a20cfc25fd2e3d294897fab416d1d92fb868b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9fcc46a293a884fd6f25f6b95c2ef6cf
SHA1 7dd3251c5f2b9be64be14eedae8abd50891d4872
SHA256 e08d5d396b0055103441e6e665fd8345c1074c078b00e06dcab6d025c35e5d19
SHA512 9d9f65c9d8202dd06af657cce02c494cea477ad82c789c734c2ef3a1e5a44663e5e06ad936b2e66c6a01c6fcf77e1dfb05ae579cf83daf543a28a46c4438defe