Malware Analysis Report

2025-08-05 10:48

Sample ID 241017-ajbvgavcjn
Target pct_trial_installer_20241016.17291238325471b9952.exe
SHA256 ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710
Tags
discovery bootkit execution persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710

Threat Level: Likely malicious

The file pct_trial_installer_20241016.17291238325471b9952.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery bootkit execution persistence privilege_escalation

Command and Scripting Interpreter: PowerShell

Writes to the Master Boot Record (MBR)

Downloads MZ/PE file

Enumerates connected drives

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Drops file in Program Files directory

Loads dropped DLL

Checks installed software on the system

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Program crash

System Time Discovery

Unsigned PE

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Modifies registry class

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Runs .reg file with regedit

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 00:14

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-17 00:14

Reported

2024-10-17 00:16

Platform

win7-20241010-es

Max time kernel

118s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe"

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 00:14

Reported

2024-10-17 00:16

Platform

win7-20240903-es

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\f: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-NF40G.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Private\is-SQ66S.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\is-8K0UL.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-VO3R3.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-JDFAO.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-64O4C.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-O7VGB.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\tree_loading\is-FHG02.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-D7O2T.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-333VJ.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-8J14F.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-4HGAJ.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\calc_loading\is-5VEGN.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-1PMHD.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pct_setup\is-V5P8G.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-IEGQ5.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-VIN2C.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\ErrorReport\is-D7MMB.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-I4ONR.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-LVSIL.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-MQV0B.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-4O5LK.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-UTOA7.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-EBCIQ.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-0OJHA.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-UN7SP.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-RVPBV.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-3A6O5.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-UICK8.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-9EJCQ.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\ChineseSimp\is-OSB3N.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-PQI64.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\tree_loading\is-OTK87.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\mfc140u.dll C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-DP23J.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-4PGH2.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-TDI1M.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-VBHT7.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\CardBtnGif\is-G83S9.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-OBL47.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MGITJ.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-E09SP.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-U3F5D.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-54OU0.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.dll C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-0JTAF.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Private\is-2NF30.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\Language\is-FB11A.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\api-ms-win-core-rtlsupport-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-HRLSN.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-61E5L.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\imageformats\is-JI687.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-IFQ59.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\ico_restore\is-DCFBL.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-MB10D.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-TUVT2.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-EH744.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-SBVA7.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\api-ms-win-core-util-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-2SEAV.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-7T79E.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-NA99F.tmp C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Windows\SysWOW64\RegSvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\RegSvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\RegSvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\RegSvr32.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PCTrans.exe = "11000" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB07DFD1-8C1C-11EF-B376-46A5335105DB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID\ = "{00DE9951-7B45-4756-98DC-C025EE3E11A1}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1\CLSID\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\PCTShellExMenu64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\imagesh.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\ = "{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\command\ = "\"C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\PCTrans.exe\" Code=ImagRestore ImagePath=\"%1\" RestoreSource=ImageFile" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InfoTip = "EaseUS PCT ShellFolder namespace extension" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\IniPath = "res\\language.ini" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\VersionIndependentProgID\ = "PCTShellExMenu.PTCShellEx" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{35194CD4-99A2-4A38-A343-C9D64A482B07} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ = "IContextMenuImpl" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CurVer C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CLSID\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\DefaultIcon\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\res\\Common\\pct_logo.ico,0" C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PCTShellExMenu.DLL\AppID = "{35194CD4-99A2-4A38-A343-C9D64A482B07}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ = "IPTCShellEx" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\ = "{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Implemented Categories\{0000010e-0000-0000-C000-000000000046} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PCTShellExMenu.DLL C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CurVer\ = "PCTShellExMenu.PTCShellEx.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers\PTCShellEx\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\ = "Open(&O)" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\0\win64 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\InprocServer32\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\PCTShellExMenu64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ = "EaseUS Todo PCTrans Image" C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers\PTCShellEx C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\ShellFolder C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\ImageSh.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\command\ = "explorer /idlist,%I,%L" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\ = "EaseUS PCT ShellFolder!" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command\ = "explorer /idlist,%I,%L" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD} C:\Windows\system32\regsvr32.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2808 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2808 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2808 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2808 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2592 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2592 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2592 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2592 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2228 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe

"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=pct_trial_installer_20241016.17291238325471b9952.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=13.0 ||| INSTALL_TYPE=0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-3063565911-2056067323-3330884624-1000"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"1-17291238325471b9952\",\"Timezone\":\"GMT-00:00\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"3\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Click_Unfold_Custom"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Spain\",\"Install_Path\":\"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans\",\"Language\":\"Spanish\",\"Os\":\"Microsoft Windows 7\",\"Pageid\":\"1-17291238325471b9952\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"13.17.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Pageid\":\"1-17291238325471b9952\",\"Testid\":\"\",\"Version\":\"trial\",\"Versionnumber\":\"13.17.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"10.14MB\",\"Cdn\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Elapsedtime\":\"7\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Installing" Activity "Info_Start_Install_Program"

C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe

/verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-3063565911-2056067323-3330884624-1000 /Recommend=1-17291238325471b9952

C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp

"C:\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp" /SL5="$3021E,73762480,188928,C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe" /verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-3063565911-2056067323-3330884624-1000 /Recommend=1-17291238325471b9952

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe'

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe'

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe" Register

C:\Windows\SysWOW64\RegSvr32.exe

"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"

C:\Windows\SysWOW64\RegSvr32.exe

"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"

C:\Windows\regedit.exe

regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe" install EaseUS_FileShare_Web

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc once /tn EaseUS_FileShare_Web /tr "\"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe\"/skipuac" /sd 10/10/3099 /st 01:10 /rl HIGHEST /f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe" /Enable "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291238325471b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291238325471b9952\",\"UE\":\"On\"}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe" PCTrans.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe" DataChannelUI.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /Enable

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://es.easeus.com/thankyou/install-todo-pctrans-trial.html?x-url=1-17291238325471b9952

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install_Finish" Activity "Result_Install_Program" Attribute "{\"Country\":\"Spain\",\"Elapsedtime\":\"18\",\"Language\":\"Spanish\",\"Pageid\":\"1-17291238325471b9952\",\"Result\":\"result_success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install_Finish" Activity "Click_Startnow"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Userinfo" "Attribute" "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291238325471b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291238325471b9952\",\"UE\":\"On\",\"Country\":\"Spain\",\"Timezone\":\"GMT-00:00\",\"OS\":\"Microsoft Windows 7 64-bit Service Pack 1 (6.1.7601.1.256)\",\"BuildNumber\":\"20240912\"}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Disk" "Attribute" "{\"Diskinfo\":{\"Disk0\":[\"WDC WDS100T2B0A2.5+\", \"255.99GB\", \"GPT\"]}}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_PartitionInfo" "Attribute" "{\"Partitioninfo\":{\"Partition2\":[\"Windows (C:)\", \"235.71GB\", \"MBR\"],\"Partition3\":[\"F (F:)\", \"20.00GB\", \"MBR\"]}}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe

"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans/bin/RemoteConfigSync.exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 2916 -enum 0 0, "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.ini "C:\Users\Admin\AppData\Local\Temp\euphtupdate.ini" 0 "" 1 2768

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe" PCTrans.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/pctrans_es.ini "C:\Users\Admin\AppData\Local\Temp\\euphtupdate.ini" 0 "" 1 1340

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/InnerBuy_Trial.ini "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\InnerBuyConfig.ini" 0 "" 1 2232

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe" -aup

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.easeus.com udp
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
CZ 65.9.95.124:80 download.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 d1.easeus.com udp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.111:443 d1.easeus.com tcp
CZ 65.9.95.111:443 d1.easeus.com tcp
CZ 65.9.95.111:443 d1.easeus.com tcp
CZ 65.9.95.111:443 d1.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 es.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 es.easeus.com udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
GB 172.217.169.10:443 firebaseremoteconfig.googleapis.com tcp
US 104.18.19.32:443 es.easeus.com tcp
US 104.18.19.32:443 es.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 www.easeus.com udp
GB 172.217.169.10:443 firebaseremoteconfig.googleapis.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 104.18.7.90:443 www.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 update.easeus.com udp
CZ 65.9.95.57:443 update.easeus.com tcp
N/A 224.0.1.2:7868 udp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.57:443 update.easeus.com tcp
CZ 65.9.95.57:443 update.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.57:443 update.easeus.com tcp
CZ 65.9.95.57:443 update.easeus.com tcp
N/A 127.0.0.1:55907 tcp
N/A 127.0.0.1:55954 tcp
N/A 127.0.0.1:55956 tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
N/A 127.0.0.1:56016 tcp
N/A 127.0.0.1:56249 tcp
N/A 127.0.0.1:56273 tcp
CZ 65.9.95.57:443 update.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.57:443 update.easeus.com tcp
CZ 65.9.95.57:443 update.easeus.com tcp
HK 8.218.236.152:80 track.easeus.com tcp
N/A 127.0.0.1:56505 tcp
N/A 127.0.0.1:56540 tcp
N/A 127.0.0.1:56597 tcp
N/A 127.0.0.1:56614 tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.18:80 crl.microsoft.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp

Files

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe

MD5 b5791976db6be716f520c660de443e8e
SHA1 2a68065e1bce3540bbf506597639ea737d3817f2
SHA256 863c1c6cfbc0e16ea72b7bae915806c77b1fce1366ca9eb00c7a87038066db60
SHA512 8cc2c5703f02e0773ede600a16583776f4ec3fef9540eab1c5fb924fc8ecb1b84f4394c2dc9fa749f12cec45292495710b97f196015a0dafd3e571fba98c5b08

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

MD5 63c4d4021b71947a29db6c5e99678d4a
SHA1 4d24026a82d98240221077dd72f3cc169c0597e5
SHA256 33c5f40b242955b96710a9e54a109b083d014e9d061ce5ac2875aba20c0acab7
SHA512 5cf5c481126fdb422614251dc4ed4052e36fc779226c5a233637f40f55d774d130b66342df47479e368b64f65b2a3eda6f62140e9413eb8540723043ac0f693b

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\skin.zip

MD5 161dccd75d78d1a141a54c60c1911f95
SHA1 6d12dea87f474b9e3c329b5fa8c58e7848fb3b89
SHA256 434c9936d6271c04ace67b39ff16cc74fbde2e007f5bc49092a2fbae91a13b3f
SHA512 5445042a550f25c3cf4876c448b50833951b3b8a9aadc9f522647461cdd2887616dd52a77802d591f3b039b0f8147290c2f76a95efb01d77dbd0c3406e3afa15

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\Spanish.ini

MD5 fd447c74f961170d34ce08957e6f76b4
SHA1 7783195cf35af1b35aec94f4f07d9a32ac787dde
SHA256 cdab320582a5c66b67393385f59ee813fc4ae9efdbcc8329ba8e2d3018ad0bc3
SHA512 3645d52cb0ff3a641dcfddd39c9868cac1b49485d089ccba705fe046a1dd267ac017e4a6606eeaa257e585c3328db26f85207b52cd8e5e4cfbcd2303a9471906

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\LanguageTransfor.ini

MD5 6470c77fbd30ca7245a77617f5575760
SHA1 5772f6c8ec51663a19420fc2c04009777511d4de
SHA256 ea177f6163205189df8409f21b934d46241f444993eb46c2dadd1e85b4bd142c
SHA512 6ffe419f191f7e88038624b0a53d5fe21d078e758059c769b7ed26e260862d815f246f8e2e3f4e2879bd3a654dbbde8ea6c5bedebf813015f66fe30cd85d4222

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\InitConfigure.ini

MD5 70171fe7fe218d663ad300b644223b9d
SHA1 4c1360ec499763e9d07e900d9eedb0464603e218
SHA256 c70893994b68127e7213e37a81f81f37c3b6efd4ffe75c6dc84c9326531acd0e
SHA512 473fea98b22927d6b9811b0a797030fb6e956b4b7ce8426410a63faad8d63cbc02a9673381e4a17b75c1cfebf4fae0a054351bd46f30421b8d8813d1f4a4ca18

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 dacc17f96916ca11ad4bf635e77ef1a9
SHA1 7c07fb7f3dda6496dca73da07ea4365d5593e0e7
SHA256 795f86df200fc42bf7fda7a40028ceaa55331bf0e1715bc70de24cdad1537b1c
SHA512 7e46b34e766459f43b242f3134251fcf2888e78feb099b93b4a66f0327410c8b71cadba33b95afe6b2a613ea70078159f1884f10f24f49c5c3f2f180783e9ae0

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll

MD5 24c01bc1560fa2b6b72a201eeea4cbed
SHA1 d66a91bd8faa929d6a5c46d5cfca2b3e5d24edb8
SHA256 5875f5a1c9eb4c4c238c77104c946b6ecb9234609851edcf758d24bf3cdcb4c2
SHA512 3a34db05cb5de1cb9c1fb0aabbaadfb5746f51d84d92ad9a52a343a4ebf78c688cdc6156647baa09343107c922ceb2f53e76d152bc5f6f761b6b1ba6c7cc7b7a

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\downloader.ico

MD5 7bd4c0fec91d5635665186f1d2dfa7c7
SHA1 8d6b4e7fcee1334bbe88a8a08e0b8c2334a081c1
SHA256 15dff50e862ab2c97f1fd35f1a2ec55e325bdc67616d1168176a35633db0cb03
SHA512 fd38bdb639bf413a544d402bbdfe1669402b50ee14ce54faaeeb011973aaefbd5b00462c71332c147d98a9efb818d2a05343543e9766dc8150ebd29bc18183fb

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe

MD5 674413dbbc708d32d53b386254eedb54
SHA1 281ef9b78e8a80dac4b4efe9d8d76ee4eeedc79c
SHA256 72371235cb364ab3891597f40a3f50bd64660a808979bd28bcf1c0e7154aa949
SHA512 34cd6e982c98d7d4cb763c9bbb20942a507fabc189f3fedd30433d2b79739189a3efbe81f4db465f9e401e3f01939bc8148b178679a0780fe1b000259fd947fe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 836ec6007837e565db370402563920d6
SHA1 ddc3f9171b8595ebe60511a661e73c5b7243f404
SHA256 f4401638a798e78970529b4d73be2b64250a32e68852be50991653ebd498ec81
SHA512 7eaff87a516c13f7072eeccbfebf6627b758f297a4436e9496683f9c38fbd505e3d7afc4db9e7903fb24294a0f4bf52cffd94e0d83e74048dc83970ca0be3d10

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 fdde81b8d71c9ac45e24ff94769e94e6
SHA1 118c1eb36bf90742ec5148270b25c9cc3656529c
SHA256 440acea819de68e30bf277a253aa46d1d87aaddbb29ce2e778bbfb8a060d47b2
SHA512 85618a93b1249b8f80f7ee996072d1d56a333f8de34ec43a29a664fa0562754382c020d4f44ad1f7822546fa7128afdb4bc88171efd4f2c65497b9d063fa63f0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 353e5b3a8e039c04745c42741d540207
SHA1 0cedf1ef5346af95e3a4403841ce515ffbf75555
SHA256 dba48538db78b791883c8b41087a133aeaf454ab79b8c0ef5326425fb82f741c
SHA512 7ba47405fa834701550fd7994badd0ddd24dcc92e832f244a0ee6ef75da8cf09a3269f995b4d56be5f627045ed946b5e08c4e40e6b226ce803e740ee91bd1743

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 2600030c040e8b907963bda44a87faa4
SHA1 90b4e252aba05d62b1d9356322f069ea2feafc96
SHA256 fba8a86ef5fb42963ea79dbe950ac90e420d10f6a68f2d52e95341e12bc1efb6
SHA512 51f11f0ef0aea3821407d58abdf78ec0f62573228f156cb41216c72ece360eebb6d8bcb404986e9a2a113b3830a69604051a2f501eb826770d67e510616c88c4

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 19bedfba38cce3c85fc03f8ca7246737
SHA1 38fdb70a50378db2fec8b87f1eddeab9518df490
SHA256 9ca0869dd594c6cd882dca133cfaea4117ff754f7dd04cec55f8481541a6c0f3
SHA512 e2594a4915461195e79a9ee499d26d9eceff72ce4d8c68397ea8bce53ed6257d0389ba17c449896c60df2b2242c9f6de1229f59f4447909cf011dbf7a357d2dd

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 37e3ae6aa652a5ace93f48d41a605c2e
SHA1 be7d282768f13c3a0955004dc2b21b3498e13a67
SHA256 0d6f7eb70e60b9237b7e898417e4649d511929149db8644948c82a815ef1cf76
SHA512 7992d3544029a7a749724c36d03aba4333265984a40bb719d223afc5badc66eb56c1af391028aa3fbfb6450a6d753bf8be782b9bb8419df10f84a77596c679a7

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EasyLog.log

MD5 425470ba7ac3429572ac34819928aae5
SHA1 0505b5b8e2ddfbf8e6b20c45a647d55f23c14737
SHA256 ac6f3ead290bfc96013c63ccddba3f83c7b3846759d6be32344a7b9d81ab1565
SHA512 b27f5d5af1b294f73e46ac7053ab1b3183581a3abe948a7ae0ec314dcec00df95f5e280e7787dd40798e23a5b4753dc6188695efaa65ffe0f681d464565f04e9

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 a3f9e53c9a8f90a78b39b01773c9ad75
SHA1 43f8602eff432a75b3644950b9dcefb38161f834
SHA256 e81bf1dfcdeb60c24acbd034f772f7575357be56dc202b6f926fd18cf2071626
SHA512 3ec3bc221362dcce06ff981064253482ff65dda841f862056917f22ec5b66583a6adb4a42d987a3521261437df50f997ad9d28dadd3a3753fee2ede8c85635b2

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 4178cf59eda2fd77a1f839086c9188b9
SHA1 ba4de7e265c39f966a7995888a5cbd06673f6211
SHA256 859e0ddbedbc02bda2c5dd206846b96ea854275eacd575e444e298abd09739fa
SHA512 ec66c5a4f3bceb14bdd6aa99ea469781f8913e05616a1128eb4f69857ac4a9b5510716509e096030b5974592241fb35bf6b1a354c876839f532b96be5fab42df

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 32a6d13a8ebd384ac2f1ff7aa59d34e1
SHA1 4eb679703797ae460f23649f27543b9fd8290adb
SHA256 811afcf521d0f05c29afc72ac30af82f1549323a81b21a4b2b8268cbc8879902
SHA512 02c3f44c688a181a5179d227490a5b813bd9f2a73c283f1aa19691cc05427fd6a89269cc3041d73ce6f2f557f11db64f3e842d66bd9a96d50253b7218c9ae655

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 0945ea87422a1899a2324b891757ea3a
SHA1 324d210ae10e9c37524deb7064d3f8faac708a9d
SHA256 a8aef14957d6643bdf579f81a495ae62e74e541e4e1e7163c0f9d4457f4696fd
SHA512 eb20169f732ab6afceee25b37ec5fccde36006bdbbad7bfd67b21048c31147f89f565ad4d28c8f9d31d3e54677186766ad61133a00d6a7d72517203ce49375d8

memory/2388-255-0x0000000000400000-0x0000000000438000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-GQLBQ.tmp\pct_trial_easeus.tmp

MD5 cfab0bf664ca7e21dd9e2471bd92d41a
SHA1 af005dc1f482e8a1ef5ec486ddc820267ab9ba28
SHA256 9e315817772688ffde48f2d27962a55f708242cbe96ac36f147e30485c6b9e50
SHA512 58b62496aaee55f86ba4ad547ce270135e1f66b2501ad118fa7c43e579340145811139bea2f71373fecdbed2b10fa97beae6522e84abf4080d2db95c8bb411b6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-8VCKD.tmp

MD5 ea9eaeed036748315cf2955ff7761c39
SHA1 c477863567edf7cb812154572fdddd8c8649dd32
SHA256 265742883ff410f9f0d503fae5c73e2835ff17b6eecad9603c087ccdce65fddb
SHA512 09838422061f84e42296dfd1ed087b78d14d9c38dadec4b4f396a4cf2acb2c59a8f5b79258a999c979d5d273382897356399c1f4687277410549c67a3c7b8913

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-OVBO6.tmp

MD5 365289953286d1d1684634643a053f49
SHA1 165c65d3f826f9569525817112bd734e1185eda5
SHA256 9f73067dc2b822776fef384bf396693a1ce1f953b5ba5e9650681c1e2d324ee4
SHA512 7725d55eae106c97255509dd1dd01e5066e306cf1cecd3ae4580c4b8e3c4c66ad1cad1ab6d10b2f185200e30163ad38e2be73dca9c564735f634f4498d91cd6f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-JAB2Q.tmp

MD5 8f786a81373b4e8d43b680227b502f9f
SHA1 30023effa63b4b48a2968b81611fbb752ead56eb
SHA256 d5b81ac00fe51cdebc33166cf9b04ae1ad544fb70b2d1421d60e71343cd04ba5
SHA512 ec571044d73c53616a1f64f80e28c80837a94ab3b64a41ef6fbd3fb6f8441c82c97437dacdf8257f882953f4f4f8940d7a2ff45a92feb1f857d6e02df59b026c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-KGSNO.tmp

MD5 c54011f7f97a68ebad07cb5860595d9d
SHA1 fcb34d827cfddc32c4f6d0109514f437cd167189
SHA256 edd375f4f562fd51ea7eb96b0bfa95975eb42f79d054951714fab07c91578b4c
SHA512 b9dd824bc700fe1d074e6d51b999e6813dac4cd1791472ccbb739f83d4e7455f0b97b6678d6ea0f62c4214b315a87f3d22df5a5270462e962780f11bee65cb5a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-IQGRL.tmp

MD5 cdb5483ad30acb81e6fc38bac0e70d10
SHA1 ff287227d69f29709bf27dad762fa674086561c9
SHA256 5a49452c9c49fd7fc2ae564fb7d8d42befb016c10c38ac280e351bb3f5319882
SHA512 58e559bceb1cc9942923d20afc49801d255675dddec5adc87aef71430eeed5ad9daf9b96247cc505c6b7df7f22f484c1f5244e1ea300ac8162fedf669dac2683

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-GJLMM.tmp

MD5 fc729316b9f0d0d2a753d83458f19d27
SHA1 a71732c2c1f46a52e7af3dbecdefdcfe522f69f2
SHA256 8f2f9ca6110f2cd6b4861e1ebbca5476792872c1b5b611d5fe48dc6cb8bcf39e
SHA512 c99bb5521915aac6ff618a9629e7f61198712634d5b9dc733bafe9ba53fbfd9f506db1dba7a7c38bccf7f95e6cdbc617add2bba7e99e249d55ae33da0160c696

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-NP2T5.tmp

MD5 cf67be58984e3fa5068d8db07da19ba6
SHA1 78214e50ce271ac6d7da66fc221e69fedd405498
SHA256 d1a462bd64ba14491f8f671766c6a5030b4d2b4a71fb9186073a6c88081d3eed
SHA512 c7508569ed126feb7b636194d213717618a1dbfbd40065683b3299936490ed5e0d6fc61261dfad6006fe73e5eff2981b043fad253ca8ff0493ce5554c40ec4e5

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-1DLHV.tmp

MD5 5ec9bc4e91a825a767bf709726924a8e
SHA1 6d5bc48d7fa24d499013f15e7dc31d7aaad3a01c
SHA256 0ff28d2793d021e10979d8338a76cc76c4846907b28cf6113b018245b715e281
SHA512 dc3f8fee4b0cdb4fe07171da956f90f73d04564197267ece6e1fbadd566b36483f304376ba0e1aad6b13e14d3466c0a95a9d54d65d86e1772a2f801c2b7e4284

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-J9O6R.tmp

MD5 c69ff0e678478eb4a6818806664d9196
SHA1 2f28315260951357e1812997c2c623ddbbe911cd
SHA256 0823c22330d319f5181b9051aa0778d007d47bd173099271277849157b3859ee
SHA512 90d3b5e2b9a8b73bc6c4d10fcece8d91f120ab69d9bcdcb39cb9c1dfeeb0a6003fb1756264cf55e7df5a033718e7fac9580203b0ec363d8af79b5f02b821023d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-REJIO.tmp

MD5 faba95629feaa0dcb735958390fc9cf4
SHA1 c9a0a870d9eb8ff183efb7ac3fdfb5af5c47a885
SHA256 78bc6bc9ecc7901fb56bc1929324b8c9ec0e999dee17ec9de49e817f0c5bea41
SHA512 7449612867f8692bc7a98b182d2a9921485804dc82b65eab131ae6dd110e11eb73b70f71a58a026bec752d506a4412b9b60983d140a763976d857c16ad05c30f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-B9SAA.tmp

MD5 88a5e9c0b52751459e8faf28d91f1ead
SHA1 130c628b6d67056d685d8493e267accf18a19d7a
SHA256 08d85a27079ecf282c26b7d34dfa0b5672385f9858e5ca3d2a239ac782aa2895
SHA512 cee77a6552ba8b42256513f8267aea3d6d97a93b56e655ddfc476fac6df2585b3ac5a82d4c9326a68e6a1d1952dbf4213763def715316d829a84fa97e8916d08

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VMI6O.tmp

MD5 c2f386ff90d53b056a69d87b39fd61df
SHA1 b1a4a52b64952ccf8b1253927d7001855c6a6007
SHA256 2848a604e42c9fb0770a598c138c213989f7000facb9f745aa5f5910b4aaa951
SHA512 e1bde389bd733e496d495d966a866b450992402305732aead32ea0ef479c624810ed22d09db3ac3e799fe91bae6b2a6eb6451ff834dbaf1c8369e03617b14ad9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-RQOJ3.tmp

MD5 b6db5e55b8b57f7f44423902fcdf94f6
SHA1 caa96d72a94c0c70f538a79b039332ad0599d041
SHA256 702207640938d9f8e135fe2ac783ff3bd1ae8f1c777ed55da2f38b7baadcc1a2
SHA512 b042cb6983a41a032fcae8e59a95dac4db05bbf6f7dade097a1f904d5097ad1f6c5e6e02f92138d554c9b329880f0fcfd8674ffe8f766b4a0a50cc73b45ea873

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-RVPBV.tmp

MD5 74c04bdb7672e6f1688cc9b53651d5fa
SHA1 47f2614432bcab4708d6f3f5c88fbb1cc2139a24
SHA256 554951e9c282df960bf750ee5a6f1f03738fc2d5395a28d2261b780f5fe7a63e
SHA512 a77ddc3cb2520c86d0047f5d7290c40b6d0ccece3740166d2c8e9889d56ab21c9e8263be899ac45c49023940bd8a7cc29a61a5fec79b9ff201279f192290823b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-3S1SK.tmp

MD5 9fd27f5dd094d50b97d30d623dbcdc15
SHA1 fa1ca00fd22eafa1268553558e8350ffc7ce0f43
SHA256 1e2d1c289834ed3ff05394a675af58a1f3a03cb46bf118b1cd3df163a63e2149
SHA512 49eab357e4964bda2400634174778ccf101ffc40abf9a5585d432330428e3bb93d17bea2d433e396780266d74949de43a4541d3655afc68079998eb05a794c2a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-EGCU9.tmp

MD5 a1cdf6df3953ec3d3a05892f3a7dfbce
SHA1 17b47e4f6f1848f134859828c329c61c0c9c06db
SHA256 67c799d9a989097b3442e19ab23466d8aec24c4695a5aabaa64067b595126adf
SHA512 48da47b03723ba7bbf589f734d5d6bae7c39202ab363b53d5901c08749bceff21bb13c63163778e674774e70306586d6dd9069f8924e5dc65acfdcad7bb42e9c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-DAP84.tmp

MD5 ebaeb1736871f5af6750d880f9c8f56b
SHA1 9a1dfed0ff7543d3551e93d21da50d72c1fb0dc1
SHA256 271547a0096cdfd8789c23d94c89ea2f4ac4f39d4121035090b18dcd3b972f83
SHA512 c5b7409dc5bac68e7a7b5ec6eb82093628eced6b55b31ea4b3a93629657d25521ba4efc5401259b60cd7b881be55cbcd82b7ac39cdf998bf25260cdd4e63954d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-4DSPR.tmp

MD5 31e5c0c38f52ea021193ad8293aaba81
SHA1 cdd50ba8623a32dddefef9a59c57abc43e1975c2
SHA256 45f8e0006ae2e67b57cc708eddca308cd06224f4d90178feb325c868645ae207
SHA512 ed4625eaa5d78c1b5706bb389b0fdc602f5e52ea5ca3dc05004b5e1e15a0cd32221c0c47790ba4578521aa2279e8ce52b6bd403a0fccfe2bf23e2680057656c8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7JHJH.tmp

MD5 6d24507b4982a1a5098dd9406575b4ba
SHA1 098e6c8a048d63099a53409db30c27b6b8096c5c
SHA256 63aeb6596fbf25ff06b1986e7f04b8d0f5e66ae5c63b8de07f1b9125a0ddadb4
SHA512 1c42d0ef2a21398632cae99368adc633e6420874308d1e37cd5b34189c4b4fd8b6cdb999bbaff049217433c216140037f80705d81a8edb580389f72f9893a945

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-FCU9D.tmp

MD5 9ae7f39df92f6bbd6890d0844e0a146b
SHA1 08aa2a725eaafbe0c571c7b1ab59d07b5ff15e05
SHA256 13bfcfc9be30e298e0a6fb4d20fe681ac83eb4aa58d1737bddd7e47f60ab1aa0
SHA512 92f7aa38577f0f11bbae86132a395520a09f3779199859053e2786ea88d44cad4155d23f22be38b1d2d121f3177d971c435b6f4054608604b73b85989fde92aa

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MAPTM.tmp

MD5 bf6a5d8a44424e802683cac1d07a67b2
SHA1 43d4ab5516842327ed6972f5b24e6a32088bce96
SHA256 f88ec5d69fc516568cf725742a7f5e72a8fb016a9aa5159997c021c3dcf85981
SHA512 af9e0a4fc629faa3cac39a73420c1b0cf31d6f598865e90c71d06f9a42913081db6a438e18c4ca75c36f47fa6904ca144efeab76f025de85a2136b4b77840c3a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-USL6Q.tmp

MD5 8994aa12bbed3333440284af7f3f8101
SHA1 305d9566c8065c7399f53718f71781e4528f3612
SHA256 eda273213ff8e14de4df17535c278d31a52173a808533852078a9d6a45b79213
SHA512 f55fada44a94936f88a0c233508ae3b41539d55f9e649c0349cc97bb9fc7dbaecb745bac9c310640186657456a4529fb24e43e85b20ae64daee4adabad2e6a9b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MRNKP.tmp

MD5 72fe91b7c8ad5250cdc6fcc60e08a3e4
SHA1 ad8ebfa645165b02ea1ee045d9472cb8c1b827b2
SHA256 cfc90a9c02091b88fdc4ffe08c2bff87fd5604ebedc084c6dcede8d0bbf529bd
SHA512 8978d61bd38e0dc303b66b72da1db49835cec305d31e5b7c8659713d7557081b116e913f7e942d67df90771eb2defbf3cc84c1e57f7ee81332821d91f44601c9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-77D1H.tmp

MD5 c8ad97b5f4d802791bf78a967b046014
SHA1 06a912988df6941ebcd64f343b30f7875e996d8b
SHA256 b610794b5384be1d3af85d23b756945b9d53460563b8a8c31901b65512c0d567
SHA512 29630d68b33723da1a91c67937c0fdb7a3e3ff69f5268d8ff81783a2cdeb0201198f2dae1cb8e4e1ecba47dc85acfaa24146139c8de73f5e3108b553a23d00b8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-M0I3U.tmp

MD5 c492ccf00c6dff644788e8903961f576
SHA1 451257913871c027f6724f38c48d7292dea1c284
SHA256 375bbf456beb2eda2153686d806e3bdc25a11b8d06b2ae7b3de2460bd6e963e0
SHA512 e3ba0c3d429bad9d8e5b0712506c3106de3343572170b8e80565adb325a5054b88204b3364de31fd2d4ca36b77937d4d29ff3072dbe0e1f56ee359bcbcf14a58

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VEQKF.tmp

MD5 b95e3d14475c7b4d8a551e789a73eef2
SHA1 66791a121f26309e18b19b31ce5509d5d80819e6
SHA256 fc0c94822dbf0c3087fd4bfb84d7181a00bbc9f8de4cbfe1387ba1d83a7fb09c
SHA512 1b9070e391a44a6cb2f01bdc713e1155a5ccfa82a9361d5b8302e7b9582f3a21cbfe156f9199a571029da26149a1757d9a8c009ae80ad79a7c08eb712310e6cb

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-DRLCN.tmp

MD5 ce26d003ae276a17c7227627a297f9dd
SHA1 cc642f27ec79b73bc67305c64fc7cb2b329e5754
SHA256 3054d03b401a44ad5ff02773106c201f80d2f78bc439c9cc74ae5dee63484387
SHA512 99c1e2a65d18ff25e45e0986e9a2f747c100ae71ee246076ded4dd5dd7e6f1dd1211b4b644e6dee4a054b1187f1519fae21c2d1f2b7ba3765f4ed1e0a68a6119

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-5F813.tmp

MD5 8f7c6a5e3b791bf7c4d50bca0845adf5
SHA1 b11f0389da44c432390b90746c11e7e3da1f64ec
SHA256 2a3124e0ac67700c286c075c6423c3369759ff89faf3f7775650145ffb39ee3a
SHA512 ca6eb88e929e31efa0655e9930388396c85f370c24f6d72fc8f0dde217723983684ec52aad29e964363f7408b2c4e0e90c4eb630f802b6c6bb41dbd58fb53882

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-GVN8F.tmp

MD5 a598046ebdf1516c21023d986ab43cd2
SHA1 603ce125e3fb1872dbaebaa9d1a3d0d80a16b567
SHA256 cf185c621901ddbfd76ed5341b2143e77980520467dfbe705e99260b84587644
SHA512 dd170baa1ecf2ccaf8c68a0bf4bce851e8b859df7ac4cb09a7953c9aececb61b63485679dc0c5f89b1ab4e87175788aa9706fa91ba353b8e337b41d8b07303f2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MD4B6.tmp

MD5 a999e53405052dc4c842633ba30f60eb
SHA1 1fb32a47a26b56ea280617a71c4a40d2f7017919
SHA256 8a042b9acd1b26762a0105b840eb97ccebf9549df5cdf1135662ef5da0d1cbb6
SHA512 4bcb23fdb1f596f25f01452e18b6f1a545215ae63f0008f6cc5408b2ea861d0769a113112b72f7e0d8075ef303a87e8cb1b5af499bf2b671d3225aed4f2b59da

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-4U9II.tmp

MD5 bc16115a339c0bdf5a5affaaa568253c
SHA1 5f36fa7bb74760efc9265d1a52dee6ef5a17be7b
SHA256 47184b3696abcfa5313c6c9ecb439f12393ff107f2c230bf0576814bc6e02241
SHA512 c7f39dac4d5fd9c5d02454abbfe94a84607b69ba1d26b27881039ef3c25362e16bc09fcbbad4d3ff7b13492c77a22152e0d5fb4432d934d387ea2893c50919d6

memory/904-6390-0x0000000000400000-0x000000000053D000-memory.dmp

memory/2388-6389-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-0L3P9.tmp

MD5 4eb62964a6ce446f5e842fd637baaa70
SHA1 a376149281f022a60cd2aeefb15578cfdaa05a77
SHA256 1a43e690a41ebc32848cbe71bfb957eee1684a1ec59965b1ee7900211233e4df
SHA512 68e9361d2d7af65ad0cb5eaeef09776e77cf80ebaee1170ed7d3a37006ec7ff98f5a8c4b510bde69b98418fef09c31bda348f71fa7675fd9193938e36789f57f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-BCIAS.tmp

MD5 495c9c664b5be8bdaad7fd00feb04355
SHA1 2bb1f2aa889f68f744a8dda82cfc51df721363e0
SHA256 398c5cdb402c290ed4ccbe4e11a4947d02883877dd35b8eb731355c737e1c823
SHA512 c8f31da3e9b22ab13f2b0b1e1229efe7d58ef9bc0e30ea6b228f062eb04617c63daed9f01d43dfdb780645067be13e37b75b636bd6e0b90190e043619db177bc

\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

MD5 7d8a83ddb4991af9aa4e65616d38a9bf
SHA1 13e9b549dc4fe810dc4293438e4f09ddae5ffa88
SHA256 4264f6d9454e997226427ef7a4eaafa6d58d72c124bbe3ff71831eb421e5d72a
SHA512 92d368cd162e39e1aec41faffb94f45ba9842bc97cae44d6c433867cea126791efc6d5de298aef4754c0405d8b854f13776bb1664e51febee479a8564f010a8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NCJJQPFXGN6ABRGJLYZX.temp

MD5 37d56c641a703fa26275c2fde3648bd1
SHA1 3fe243d50d5055edd90e4dbb4f62c412145d969f
SHA256 cdaa49f629c400e94d0951e14e45cea01116453bbd7e018f9d1074fccdd3d394
SHA512 e38b1f6af99aa596a00b675345a003489b13c88b93f893461696b91cf1878b60a80dea59448e3ac0858907accc26eafb341bd132f2438548dd1f5696b7daf667

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe

MD5 81cb46917e30dd7831e5210fa3a8a163
SHA1 cff7dd034e6528dce3c7b21f612a3a215db5806c
SHA256 ae17fbafa1cdca80dc0f414159cecabadeb69ef9c4d69ac58412fa430e716de9
SHA512 70c1b8ed3a45fd7afa2eb6c3be33be5ba6d527c99afac82168db213483109af4a385e2d4f3fb8bb1c8a83a0b51f3d3910808cdfb725231bf3068d7eebdb7a48a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\MSVCP140.dll

MD5 996d01ad6a71761f29a98ec9e9f30007
SHA1 85aae459210739b2d24f24cfa1a42ccfe6478514
SHA256 c8e7456f4ac9aa65ef3ad61a6daf30efec9737344d173b2d6d2c16e752052a55
SHA512 6b145328a61bae1ab8be7ca9aa07e04eb06924cd2d24a8513b6415dfe112440016e21ce24ba69d8cc0fcadf9de5276b7b7961b9c0a91af4e03a0009521c41013

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

MD5 fdd2b614d0e52919749df5ae11176485
SHA1 f5ad021bcab11e51c49c81a90962130af8adeed9
SHA256 45593a96fc320f49123d9b8f813ad796f62345638dbdc8b58ac227a444978715
SHA512 e5682554503197369b4ae80382991606671374b1e96abf8221de776213de552fda0f74eb673a8546d05ad8468306702d79f3cc39731fedcdeac28cf709c2154c

memory/904-6624-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 b69c83c1a6d36d81be6403c538c19731
SHA1 2f572254a1d6b12866404ba2d96e36241baac5f8
SHA256 18724eff8211c26db38c3cee2f372d71545b910662367ebf96da603a905c92e7
SHA512 5368f3c77a78122ed483f81982c21c503e3301a3c5341a877e09e18b6b947edd5726a9c2b63adb5b18a4e972963e53f9087e8b46ec5eface73e58decc4142cda

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 2aafa19326bbea4ef3168ca6d9c2a279
SHA1 5d80d55f08cfdd804d06d5866ccfe6062e80693b
SHA256 1a1972915ff39443606509171c4366639ec8897b12d9c18c9f1e4ca594cc698d
SHA512 b16ec2172d239f689a09e5d692878e3a5d0d3e2add5bec0edd255a9a64b8cdaaf44f6a0064d0836a97f99336526f6b8d31336117b380d5588ea051be4df17f34

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 9074b98d71b5c6eff4e7eeeb2cacf597
SHA1 7b6e302ad0c9af0a656eaa0c2d76803ac3ff102d
SHA256 39096338677b66c4da3ad9465bb6cd2f455ecba3c75cfadf518ca01ec3e78cc6
SHA512 66c098d407ff71b7828ecfbeec9c027d875ba7c1383c0abf1c4708e44f378947dcaee470bdf9516e409ea0f6ac82b9dbd26cbce6ca7b14104328669a57c44203

memory/2388-6625-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 98ab2271d7678cb5c2ef87d7cf3bba76
SHA1 7f89d249a4f494883151b6cebad75be4f5d16cb8
SHA256 6d9c19aa3f12bc57e409889fbb20f470eb2958b2fabdbcba02b668644a26083b
SHA512 04bae35db55ea52c0b9c3448c592c086d7d261e3e4574c1295a809980fc6bc9349fab23350e82daf36555d07d79a9892f9be858b93340ed4d8c5e1b5ddccc2d7

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 a91b7d7665e0ee38e2ba1faa797556b2
SHA1 2110fa4fbdee7cd0add45abf48a81b5abb2f217e
SHA256 76699c7f7c0b47e903935401bbda4a61b5b9821d01db823386b1a304cd0bf8c0
SHA512 77abe6dd9931065b3d4bdbfcc17ed944da3ae3fc0f0c660d0a8494812cde77c3dcc1d57ce458b79f1a8e5c020886e8e88f5a656ec2e6d8de7b1cb80ea32852de

memory/2916-6704-0x0000000000460000-0x000000000046A000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 f3144d4c047e3b8f1b40a088c691afe2
SHA1 da52df12776793ef09ccb4f9ff84f7ef2919fb41
SHA256 9377c6a9a0e27c88276634802d028429342af6b31127144a6372f0f909b1c10a
SHA512 d13d6370ea964535ad34382c67958c4e9735e0018626617699b7a4362aa61f18b57f4ff49c3bd6eab2b0fbae1ec21435618ea94c76d3c0bdda946ab7fe2c0fa7

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 a437027a4384281cd9a6d596b9f599fb
SHA1 53a406f7ac95753a21fae887dd6506391f5cef34
SHA256 a2f4d895a07344d9f95690a844b35c8ba2694edef517e72656b4b180b42f2906
SHA512 74e4ada5e9915670ddbf01a8ab177691f898cb4b70b1e557164e66bc45e00044a19eb9289362386575086f3cbba5c295bda97c7f9b826cc32f2f6ba484ae12d9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 d582c726f68cd481e82b7f3eb2be4e9c
SHA1 87c78a2cf4a5e27340d79d841b9544dee609e545
SHA256 c72a2aecccca73ee7968b9ad3f4e5eab88e072267324298191d6909212d3d2cc
SHA512 bffde92f1f8e9f6217ae7c98d2536adf75f6703e695d72e435260741e8ffa8893f2b95018d35d43ac60913eb7c9ccd2fb8252a7607c2a1bfd256b88fd5927ad4

C:\ProgramData\SystemAcCrux\dfb35f2701c538eeac.bin

MD5 13b9d6e983529423b3a456278c617891
SHA1 9d8357be7f0611692e110f06032e9842a308578a
SHA256 75904285aa08f139ceb43e2c653e35ae774572bac1bebf2b9547aafface260fa
SHA512 69302b37aa1c3a182e4b2e508d34c8ad27233c9e8178c8c42a1a44fb71a624b2573c64f337882a16953a6c04e794c1e406726c6d99d46c774f6ed71ec9017319

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_retain.ini

MD5 6b50b6e91c69a77b5aeabfa71d28177e
SHA1 d919891d95163408b217e745817afa8f7c8ce7f3
SHA256 fe5e803eaff265bc9642e7c27e5de4cfe49a78f994b241e5299dee45e54d81d6
SHA512 fc6def2cde5fa2609f92610c825a0e7650090345aae23b5051bd8d15dbd641d06e37587c34c1817de50cd766f5748c45eb3350881bc3a401fd1f753e7e888a28

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 f763d4a326d8a717a621ea34fa0c13b7
SHA1 edd17aae49665730ff6e03bf07bb6ac868e2fc1d
SHA256 e8655e4ca1a98ec3ac61d3c567c774242bdb2b4297657e27fe5abe75d4f67f83
SHA512 44b09eb6194cb03a55a8c120935f1825084b02eb3fb43ebb3e55506f78cad0b89a43a1df1848e9750e30e71d6025b72aa319ad2d7d87bf04e8f255fc1acf60ce

C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\CD88795B6F724C418AE51030FDCA0FF6.jpg

MD5 6a114fffd529730579a7bd53b3ccce79
SHA1 c7c8487849425580b5a4d49d9a765929451ca0ba
SHA256 6715012d3972c3a78a5ebad2d63a78ac4d940a48814b9de03cd0c75f39d87341
SHA512 8ab6dcd37c18d28ba337f62b1ae03adaa06ee73e5d570db0a76cf7870a029e0faaf3d4824dd3f659c56de94605e410d0a1ef2fe9f49de6955b04398c6def2944

C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\EC129C828C1C41A69ECA4FC34CCDA525.jpg

MD5 343fa15c150a516b20cc9f787cfd530e
SHA1 369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256 d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA512 7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 b965cfca533edee0dca3e5f40a7ef59a
SHA1 70dd510105248cd0539f8dc747bc94d8c527ae69
SHA256 d8f22487f87d7d31303d6ac1c9a6c2c5e188616ae42192c455dda88a620c5eed
SHA512 852cea8c195353c4870970a63be0e1402da27eb6ae4c19bcdf97490fd099c5427f84b91dac05cc95b064121bafb71867a8fde7a70d54023c36babae30ff89cee

C:\Users\Admin\AppData\Local\Temp\Cab24B2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar24D4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 315496517260898f5307bdcfa1846abc
SHA1 39c0ba3559a7de0c5c8a60011c4706630201b5dd
SHA256 54b13571aa1520043e836991b32967f87ca78e7b1c9cee281b27635cdfa37b74
SHA512 18e0c12f3224131e135aa490ba9fa1329ed7908d63d27856966e1bcf1b2eae77b089baab4869e14a9f20c7d22a9e0d32fe6689f060e8933ca80d2c8167d49e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14694453892b64156e16318485761bfa
SHA1 24aaf540c9e364f0c88d763b64d5fb330b5b3f7a
SHA256 55c0d97e85c070dd62f3d944f6afeff106b70505006a583eed8a187a09d90959
SHA512 9a2734887499d7f4d18bd8db77ef0f9f367782a65bc7c46d11d8ad0dc27b20b884d0c750689964fc6596616863ec245228eec82fea844f3e2906e9ef20597162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3392ea1c810cc29587a6257e813c5af8
SHA1 f4435cb14a9011f1367e9dc80bf691c39998027b
SHA256 aa7625b1a2c706accc59386b47e020add3b8087fc63eba6785ccbdfdf225f247
SHA512 eecc28e111473f6c396362bbabbc9d90edc20fdf7e3f060317b8b06f627dbdeb2b1279bc3c15a488c3dc2c850cee3861f562bd9e1bf9a760e6f512cf54356fc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

memory/2916-7266-0x0000000000460000-0x000000000046A000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 c61f0eceee56cf68841190a176042d35
SHA1 29a272f4c90e7a146b2bdb5ee27a9dba6fc999b8
SHA256 fd41415c104b8b911abdbb1da7e7f7ba0fddb875743e085e14db38af47d57ddd
SHA512 1aa4b060951708be539f652c9d5a9945a4486728a41ab5b453f051e350392a6003a7d87ce2e00a857c562926fccef662c889b2d06175fa1fa252181ccbe0a977

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 06b51a368639b3af00ef1395fdf1061c
SHA1 57570f66a627fc35da79e42ed65582fc4140f96a
SHA256 951b41c4450b9d959452efd6bf5ff3e0b8eca42079764042ad02a398344e9b7d
SHA512 59424bd858d0eab67d93471f70982d87c30f46723a4152842ad8d7acef43788b974ae5e298da5d13f66ad116dfec16039e27c04ee34dcb8d1a619fcd6b999d16

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 6f76ccd6f0b4859c36999821f36029c4
SHA1 cc10528158ac475edce0cbdfec03a240e70a410a
SHA256 3cc1f31ae376172497ebbc67b68156cf05e26a2bf6782431168c49d12d7a058b
SHA512 d2ec0b68d3e794eee6f3314fe7d7513fd042df4a0459974b649bd98af81975b0ec80fae85d67cfe472fc66dc4aa2134341ced406147916b5c14c72e9d539d981

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 bcf7387fa026e2edfa23d9573cc87957
SHA1 da121e538bd29ce6dbc3ed374855a7abea36076b
SHA256 2201184ad12a241864d0a92ce25ee600fe3b1928d7bcf3afe45018a8bf84be8a
SHA512 3721f7b494076f9555cfa61d0e69d8ef4ac8c35e06a05ddea7630c162465413683ac5b10f459fcd50884c08b91b5fd47e1c7b7d11c5d16756efcdd36c0ae25c8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 38d65aaf5cb5b8cda16ab457e76b3110
SHA1 35d0f573ac55063c12211910e179bf85dbc7edab
SHA256 a1f98b919654963addbf6ec83af31a50d548ab66f86f605f5c4750241a42fc77
SHA512 6e8a6156bed4ba7353aa454099f501d16f531ac65c1a971e60459b0f8f40df621f151f3519efa7f9969084ea4065155ecdc0604a27aa396ac0616489f8395a16

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 94cd63e952ff0419defd426c3a3024e9
SHA1 e1e734850bbebebb0e8ea6ab17cb8d50313d0620
SHA256 fd6898072a9d394ce518d5219895ad320f0da61db14e484b993c26c0bcb0c26f
SHA512 9851d19a21fe47559f85df00c3c331820deaeea57d4121e8b4e5fadd6f081f51244446360f11d5637ba3615a944b2345c32621d05ba5e0d3155cd0e9f011c2c2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 5ad35f539079d2b6fb333856db44d088
SHA1 f4868e202638be607f33daefe9c2e875b0046013
SHA256 03b7d7ab69e9fa62f532eb79f99a1c2e93263c6f671bb402c3a2809c8d77e21b
SHA512 a88150320d77189f2b345cd6805dfc119eb4516a894b9ff6539efeba380f8a11ad3fab29049c4feb3580b81a9ba26e7ba316efc4fde5fcc5505b7a5d3f9938f7

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 79af1416897b491ed6bfe9de92b6568e
SHA1 419b4c77e0bde075cf18e5673ed094b7efa06c0c
SHA256 49e22394ad8720a5f302fad58ac843db110f7c13ba2375f1cd3cddf62a180163
SHA512 a8825c9708222c783b106a061760c260c398227ffc4c32f1cbd51faca29b03044733f629e7bf8ed810ad4650637dcd888189f98e243a59d520da4c59bed07bb0

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 d89ad5c222e003d8d41fc9f8fd1f132d
SHA1 44f3a1e26a0f35e89b3ff9b705cfd53597c73ccc
SHA256 cf87d55793ec64f4e468de25daedd24c37c19ae1255c60a50a41f2fd8cf09d21
SHA512 db7f7e5eae83ca6437d9cb57581206accef15aac1e6163413c008b3a1f8f93fa97f1ec87e013357333d9999f028789c2b33deeb551baedd813bd155cb7bc9baf

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 7f262c7ea89e96c646d7429ccaf5fc91
SHA1 3c218dae0d978a0bd2f0f6adb63d2d6af6e7c57f
SHA256 87d1fc43e32f111b2bca09b0ea5ee7d20ef7d79a4572f61ee961cdfb7b54030e
SHA512 9eff25b90dca5899d02c163c282b9c407be2b821995a9bad56c5a65564b4bd50d233ab69d0e49f20abb68009d0359231f98631251a05ee8aef8dbedb30bbbabb

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_temp.ini

MD5 2fb4d7aff35adbffc1890835b63c6b3d
SHA1 5c6b5252aef5aa63cfc74561ff8831c9e8c94f90
SHA256 ba6363d390f2a77ba4e579f70aea9ecfd867defa3e03a38a4f0541d942eef060
SHA512 52464171b2e1a2104b0658f9c85d8c52ee97373389f0bdac52185e387b66b377f1d5de44dc810b6ede1adcb21d71f7e9794ba969e56d12300cc896c08eb5cb5f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 d9881f8ef2dfcdb2e66c6b51b3e3be87
SHA1 7483ebf684f9df9c2cf258332ac75c9520e83342
SHA256 97223431dc1a22d5d3dbd7192692155754b2ee2f37be86422f2ee963859a035b
SHA512 ddd4e25a9236f59ddc1b13e410d6e26263717c544e2e01c250fc257f2e73869810790ce3cc8d3c90e5e3c65a1317566359c4441433b788afc1691158914cccf4

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 34fc1c370e465327f7b7aa384e524594
SHA1 7c4099a98bbfacd46e40dca6880c1e365dbaba98
SHA256 351c51de18081381f4d1cc25e83c554413194491d87767fafd0a9183613a6515
SHA512 a4bbc96cb73e227d5acd8e25fda5b897c052c74b909bf63f1c035e07a1b9dacb24f6cf0b328c9798ccfdcae043799e84423672dabf927b223cb052584d7b348d

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-17 00:14

Reported

2024-10-17 00:16

Platform

win7-20240903-es

Max time kernel

150s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2852 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2852 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2852 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2852 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2852 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2308 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-2872745919-2748461613-2989606286-1000"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"\",\"Timezone\":\"GMT-00:00\"}"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"5\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Elapsedtime\":\"5\",\"Errorinfo\":\"1004\",\"Result\":\"result_fail\"}"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Download_Failed" Activity "Click_Retry"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.easeus.com udp
US 8.8.8.8:53 track.easeus.com udp
CZ 65.9.95.77:80 download.easeus.com tcp
HK 8.218.236.152:80 track.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.77:80 download.easeus.com tcp
CZ 65.9.95.77:80 download.easeus.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 download.easeus.com udp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
CZ 65.9.95.124:80 download.easeus.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 413423c644c6f518ab34e3dc42a4f3f3
SHA1 19a08ac54c26e404d54f5a3b6868f7dbced96f40
SHA256 11fba3f5a27333bbf24993058b3edb05302f1143622b6a52a0d4398ebc74aa9d
SHA512 e7c82f54df28395c923a58da83f1dba2a9ba15d239e25418cd1065aa7e743850fa60f108ca43ece06253409e6babe3cfd11dbf3f7942d4e0240641cc35a5fb24

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 998ecd08861d2e07eee39635115eca7b
SHA1 e691a9d5ca2abd69fd6735b750008a6bd9230d6d
SHA256 c1ad4e4a7ccce5536bd6fe05cf34661d1a15daf01d3ecb0f60e5379318e4890b
SHA512 efee66f939d5c14c6e73f07f55d980d9b4763077764d94290aecc9af4a7cfbf8ec4fdc3a3e9c4c471b2877aeeab80ae16ed1022de52f18bf27e27de3acb475c2

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 1c01dc5b737a5ae9f77b95dc323a2955
SHA1 64452e2ff238a3d8f7dbd05500f1ffa1c8a6fa13
SHA256 d8aa289def65435e3313e7aa7a9557ec972fcc98458f709ccb7601883886ebe6
SHA512 cb23c06450cc51ebd815b7238fc68bbb2ae2404f8cb371ab2429804815f593db58a766f2b9aa952186a13bab3354a88f5487dd319c9be639a52f4af162dfce12

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 4ef414c4e72488cf900890373c420a03
SHA1 063cd558b40795915d9aa910412bb5759bfba2e0
SHA256 ec8b64c919a6b4f5b59617e950707604dbd878721a8a098fe5a455757f1d9be5
SHA512 800e2dcd144b84ff0adccdbe958d9aacb90593035c37df25136140064a6043d33b8b6a8a71ca17d827aa5d7553ff5d208d180e1116f534f07f038953adec8a87

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 4d6a6899dff7f3cb86136cb86dfc1877
SHA1 c6091321cb33aac3a13cbfc401f8caa0a83fcbad
SHA256 8e10556c5d27d0460e952252d548d1e655186574836a1e9ea0ee27e998b4998f
SHA512 d7a5aee696022ab8f129ff7544baa08d78f9e19816610985004963fe651f6edb86e0359384e50a185728e5d865f3be2d34b49879adce0060f45f87d0375561ff

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-17 00:14

Reported

2024-10-17 00:16

Platform

win7-20240903-es

Max time kernel

121s

Max time network

122s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 256

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-17 00:14

Reported

2024-10-17 00:16

Platform

win7-20240903-es

Max time kernel

118s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 8ca3932b29dffcb46ef4e9e948769485
SHA1 c32036b6fe67b4c9fcf2424102500bebd0254c10
SHA256 dd3720ef5b6810bd5335551fcac06907240a0202e6293e2326ac5cb43e0cb81b
SHA512 49ed207920960335bde4200e2e18921d929875075a8608177e27459388e9bc738880a1c3f894a453ed465ac0ad14452efe1c63d0175bc0ef7571e70bf08c7ea0

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99