Malware Analysis Report

2025-08-05 10:48

Sample ID 241017-ak7zas1fjh
Target pct_trial_installer_20241016.17291238325471b9952.exe
SHA256 ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710
Tags
bootkit discovery execution persistence privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710

Threat Level: Likely malicious

The file pct_trial_installer_20241016.17291238325471b9952.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery execution persistence privilege_escalation

Command and Scripting Interpreter: PowerShell

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks installed software on the system

Loads dropped DLL

Drops file in Program Files directory

Unsigned PE

System Time Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Scheduled Task/Job: Scheduled Task

Modifies Internet Explorer settings

Modifies registry class

Runs .reg file with regedit

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 00:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 00:17

Reported

2024-10-17 00:20

Platform

win7-20240903-es

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\f: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\proBkg\is-GKIOV.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-GP7M4.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-R31E8.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-CV8HI.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-DG8OV.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-8OVKA.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-E6676.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-J6PCP.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\AppRuntime.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-HFKVD.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2GEE2.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\license\is-J0606.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-0KCF9.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Base\is-LSO08.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\is-MANG5.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-LF6NF.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\AccessImage.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-1O960.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-37AAE.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VQN2N.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2SJN2.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\imageformats\qjpeg.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\remote\interrupt\is-LQB1O.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-K48OK.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SystemDecrypt.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\is-3OEME.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-4KSKS.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-DRF38.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-FGGKG.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-P3GOS.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-3P12O.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-QE25G.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-J8EJ7.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-HK6GO.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-QUVVV.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-80RID.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Qt5Svg.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\is-OD2N2.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-DB4N3.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-A5M3T.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-P5B7I.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-E9JUR.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-FTDNF.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-8E8AL.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\mfc90.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQml\Models.2\is-NGNGB.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Qt5Network.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-5NQGD.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-2QDPP.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-V2BAT.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-6EGUG.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-D8AKU.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\is-Q34SD.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\mfc90u.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-I83P0.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-47U55.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-PU061.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-KCRTO.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\qtquickextrasplugin.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtLib.dll C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-77UDD.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-BSAAM.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Base\is-Q9MPO.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Desktop\is-OHJUJ.tmp C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Windows\SysWOW64\RegSvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\RegSvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\RegSvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\RegSvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PCTrans.exe = "11000" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E1E6281-8C1D-11EF-B03D-46A5335105DB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\update.easeus.com\ = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000f9585423dc7139d2965e47feec9f3fdcfe79e5834ea9198ce9ac81c444266685000000000e80000000020000200000008a40517e0df4d15b62f5b7d130979731a51e0324db8e032d272af67b4af4032420000000beb2854f4400c392930fe7fc7e1443beeb0a1ff8cdc6dbbf498da4892cfbca3940000000406cc9624b9ca0fceecf1b6b6a3ae2841b897358e75509eaf472f27c123ca0573d6a1077bc007a54c6d0ade55ce18576fa479273c69d97f88c400a7bc98ed825 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com\Total = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000009aa284b09a0526b38ab7c7c6c5cdbd21363a035fe2507f5f64232f2e80d933ef000000000e80000000020000200000003b2ea6f047e373f6494adce02ca587567987366949fd0fc7a2b4f0f0c348c0799000000016bf73c8c8a2b0d9fb156d8655c2d838869ddc301e02748b17fde7566c4961208071492c273311de707e14e47e7b5f81234762422b3a7fc2e0b91bddc2e88b1c525c3ca5cb2f559826ff858cbda1264754beda56f33fa9f780351f33c86e858e14f0a438ca6ff1a26740245cf39cfbac2ffc192d333c27d01dcdf869875e5f534331614537c3f6a563122cff96f595af400000004fa295c303f5345249b349e16d8f86fe2372a245214f6bd4de8579b9b8a6c713b16bbd94b1565582ca9f62e92dcc9ff7fbd8b95499cfa06f0a2e45337988c803 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DOMStorage\update.easeus.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70806b452a20db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\DefaultIcon\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\res\\Common\\pct_logo.ico,0" C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{35194CD4-99A2-4A38-A343-C9D64A482B07}\ = "PCTShellExMenu" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PCTShellExMenu.DLL\AppID = "{35194CD4-99A2-4A38-A343-C9D64A482B07}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers\PTCShellEx\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\command C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\ImageSh.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ = "IPTCShellEx" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\ = "Open(&O)" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\ShellFolder C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Implemented Categories\{00021490-0000-0000-C000-000000000046} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Implemented Categories C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\ProgID\ = "PCTShellExMenu.PTCShellEx.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.PCT\ = "PCT.file" C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PCTShellExMenu.DLL C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ = "IContextMenuImpl" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{35194CD4-99A2-4A38-A343-C9D64A482B07} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID\ = "{00DE9951-7B45-4756-98DC-C025EE3E11A1}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command\ = "\"C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\PCTrans.exe\" Code=ImagRestore ImagePath=\"%1\" RestoreSource=ImageFile" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\ = "Open(&O)" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\ = "{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Implemented Categories\{0000010e-0000-0000-C000-000000000046} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CurVer\ = "PCTShellExMenu.PTCShellEx.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\ = "EaseUS PCT ShellFolder!" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ = "IContextMenuImpl" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1\CLSID\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" C:\Windows\system32\regsvr32.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1908 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 1908 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 1908 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 1908 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2776 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2804 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2804 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2804 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2804 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1320 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 3016 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2736 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe

"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291238325471b9952.exe"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=pct_trial_installer_20241016.17291238325471b9952.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=13.0 ||| INSTALL_TYPE=0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-1488793075-819845221-1497111674-1000"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"1-17291238325471b9952\",\"Timezone\":\"GMT-00:00\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Spain\",\"Install_Path\":\"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans\",\"Language\":\"Spanish\",\"Os\":\"Microsoft Windows 7\",\"Pageid\":\"1-17291238325471b9952\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"g\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Spain\",\"Install_Path\":\"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans\",\"Language\":\"Spanish\",\"Os\":\"Microsoft Windows 7\",\"Pageid\":\"1-17291238325471b9952\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"13.17.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Pageid\":\"1-17291238325471b9952\",\"Testid\":\"\",\"Version\":\"trial\",\"Versionnumber\":\"13.17.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"10.14MB\",\"Cdn\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Elapsedtime\":\"7\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Installing" Activity "Info_Start_Install_Program"

C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe

/verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-1488793075-819845221-1497111674-1000 /Recommend=1-17291238325471b9952

C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp" /SL5="$50208,73762480,188928,C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe" /verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-1488793075-819845221-1497111674-1000 /Recommend=1-17291238325471b9952

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe'

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe'

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe" Register

C:\Windows\SysWOW64\RegSvr32.exe

"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"

C:\Windows\SysWOW64\RegSvr32.exe

"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"

C:\Windows\regedit.exe

regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe" install EaseUS_FileShare_Web

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc once /tn EaseUS_FileShare_Web /tr "\"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe\"/skipuac" /sd 10/10/3099 /st 01:10 /rl HIGHEST /f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe" /Enable "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291238325471b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291238325471b9952\",\"UE\":\"On\"}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe" PCTrans.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe" DataChannelUI.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /Enable

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://es.easeus.com/thankyou/install-todo-pctrans-trial.html?x-url=1-17291238325471b9952

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install_Finish" Activity "Result_Install_Program" Attribute "{\"Country\":\"Spain\",\"Elapsedtime\":\"19\",\"Language\":\"Spanish\",\"Pageid\":\"1-17291238325471b9952\",\"Result\":\"result_success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install_Finish" Activity "Click_Startnow"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Userinfo" "Attribute" "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291238325471b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291238325471b9952\",\"UE\":\"On\",\"Country\":\"Spain\",\"Timezone\":\"GMT-00:00\",\"OS\":\"Microsoft Windows 7 64-bit Service Pack 1 (6.1.7601.1.256)\",\"BuildNumber\":\"20240912\"}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Disk" "Attribute" "{\"Diskinfo\":{\"Disk0\":[\"WDC WDS100T2B0A2.5+\", \"255.99GB\", \"GPT\"]}}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_PartitionInfo" "Attribute" "{\"Partitioninfo\":{\"Partition2\":[\"Windows (C:)\", \"235.71GB\", \"MBR\"],\"Partition3\":[\"F (F:)\", \"20.00GB\", \"MBR\"]}}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe

"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans/bin/RemoteConfigSync.exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1056 -enum 0 0, "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.ini "C:\Users\Admin\AppData\Local\Temp\euphtupdate.ini" 0 "" 1 2888

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe" PCTrans.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.zip "C:\Users\Admin\AppData\Local\Temp\updateconfig.zip" 0 "" 1 2896

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/InnerBuy_Trial.ini "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\InnerBuyConfig.ini" 0 "" 1 1744

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/pctrans_es.ini "C:\Users\Admin\AppData\Local\Temp\\euphtupdate.ini" 0 "" 1 1500

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe" -aup

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.easeus.com udp
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.13:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.5:80 download.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.15:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 d1.easeus.com udp
US 47.252.97.15:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.15:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.107:443 d1.easeus.com tcp
CZ 65.9.95.107:443 d1.easeus.com tcp
CZ 65.9.95.107:443 d1.easeus.com tcp
CZ 65.9.95.107:443 d1.easeus.com tcp
US 47.252.97.15:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.15:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 8.8.8.8:53 es.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 172.217.16.234:443 firebaseremoteconfig.googleapis.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 www.easeus.com udp
GB 172.217.16.234:443 firebaseremoteconfig.googleapis.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 104.18.6.90:443 www.easeus.com tcp
US 8.8.8.8:53 update.easeus.com udp
US 8.8.8.8:53 update.easeus.com udp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.116:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
N/A 224.0.1.2:7868 udp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
N/A 127.0.0.1:55891 tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
HK 8.218.236.152:80 track.easeus.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
CZ 65.9.98.16:80 ocsp.r2m03.amazontrust.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
CZ 65.9.95.39:443 update.easeus.com tcp
US 104.18.6.90:443 www.easeus.com tcp
US 104.18.6.90:443 www.easeus.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 images.easeus.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
CZ 65.9.95.125:443 images.easeus.com tcp
CZ 65.9.95.125:443 images.easeus.com tcp
CZ 65.9.95.125:443 images.easeus.com tcp
CZ 65.9.95.125:443 images.easeus.com tcp
N/A 127.0.0.1:56012 tcp
N/A 127.0.0.1:56019 tcp
N/A 127.0.0.1:56115 tcp
CZ 65.9.95.125:443 images.easeus.com tcp
CZ 65.9.95.125:443 images.easeus.com tcp
CZ 65.9.95.125:443 images.easeus.com tcp
CZ 65.9.95.125:443 images.easeus.com tcp
N/A 127.0.0.1:56205 tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
N/A 127.0.0.1:56471 tcp
N/A 127.0.0.1:56545 tcp
N/A 127.0.0.1:56602 tcp
N/A 127.0.0.1:56604 tcp
N/A 127.0.0.1:56626 tcp
N/A 127.0.0.1:56630 tcp
N/A 127.0.0.1:56649 tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.18:80 crl.microsoft.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.14:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.10:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.10:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 47.252.97.10:80 easeusinfo.us-east-1.log.aliyuncs.com tcp

Files

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe

MD5 b5791976db6be716f520c660de443e8e
SHA1 2a68065e1bce3540bbf506597639ea737d3817f2
SHA256 863c1c6cfbc0e16ea72b7bae915806c77b1fce1366ca9eb00c7a87038066db60
SHA512 8cc2c5703f02e0773ede600a16583776f4ec3fef9540eab1c5fb924fc8ecb1b84f4394c2dc9fa749f12cec45292495710b97f196015a0dafd3e571fba98c5b08

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\LanguageTransfor.ini

MD5 6470c77fbd30ca7245a77617f5575760
SHA1 5772f6c8ec51663a19420fc2c04009777511d4de
SHA256 ea177f6163205189df8409f21b934d46241f444993eb46c2dadd1e85b4bd142c
SHA512 6ffe419f191f7e88038624b0a53d5fe21d078e758059c769b7ed26e260862d815f246f8e2e3f4e2879bd3a654dbbde8ea6c5bedebf813015f66fe30cd85d4222

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\Spanish.ini

MD5 fd447c74f961170d34ce08957e6f76b4
SHA1 7783195cf35af1b35aec94f4f07d9a32ac787dde
SHA256 cdab320582a5c66b67393385f59ee813fc4ae9efdbcc8329ba8e2d3018ad0bc3
SHA512 3645d52cb0ff3a641dcfddd39c9868cac1b49485d089ccba705fe046a1dd267ac017e4a6606eeaa257e585c3328db26f85207b52cd8e5e4cfbcd2303a9471906

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\InitConfigure.ini

MD5 70171fe7fe218d663ad300b644223b9d
SHA1 4c1360ec499763e9d07e900d9eedb0464603e218
SHA256 c70893994b68127e7213e37a81f81f37c3b6efd4ffe75c6dc84c9326531acd0e
SHA512 473fea98b22927d6b9811b0a797030fb6e956b4b7ce8426410a63faad8d63cbc02a9673381e4a17b75c1cfebf4fae0a054351bd46f30421b8d8813d1f4a4ca18

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

MD5 63c4d4021b71947a29db6c5e99678d4a
SHA1 4d24026a82d98240221077dd72f3cc169c0597e5
SHA256 33c5f40b242955b96710a9e54a109b083d014e9d061ce5ac2875aba20c0acab7
SHA512 5cf5c481126fdb422614251dc4ed4052e36fc779226c5a233637f40f55d774d130b66342df47479e368b64f65b2a3eda6f62140e9413eb8540723043ac0f693b

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll

MD5 24c01bc1560fa2b6b72a201eeea4cbed
SHA1 d66a91bd8faa929d6a5c46d5cfca2b3e5d24edb8
SHA256 5875f5a1c9eb4c4c238c77104c946b6ecb9234609851edcf758d24bf3cdcb4c2
SHA512 3a34db05cb5de1cb9c1fb0aabbaadfb5746f51d84d92ad9a52a343a4ebf78c688cdc6156647baa09343107c922ceb2f53e76d152bc5f6f761b6b1ba6c7cc7b7a

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 ab58a2d88a29e61cff0969b0b9d82bfd
SHA1 259f1f8368fc26ca4352949a7acb7ca3468289a0
SHA256 7d663b6ba6b5f485f8f0f973168b5544a1d066d4842df764d95dc8692887a0e0
SHA512 6a183d5df079206229ecaee337505736faf6365c4683a4c17af889ec06f187592ceb2d64d130e7de4d9b6bb5f7de6b4517deec65005ef02c0e16a507fb33905d

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\skin.zip

MD5 161dccd75d78d1a141a54c60c1911f95
SHA1 6d12dea87f474b9e3c329b5fa8c58e7848fb3b89
SHA256 434c9936d6271c04ace67b39ff16cc74fbde2e007f5bc49092a2fbae91a13b3f
SHA512 5445042a550f25c3cf4876c448b50833951b3b8a9aadc9f522647461cdd2887616dd52a77802d591f3b039b0f8147290c2f76a95efb01d77dbd0c3406e3afa15

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 a618651cb1fbfb987c274fc28613f312
SHA1 eefe08e473f979e204a5bded0be4560922e029c7
SHA256 59c943107d50d569d6c1d0712e84c32ad3a6e56c14609e06c1e02c0bedcd6874
SHA512 a65943ac4b230e9aba4e2f0443a4e30b938aa809e0a9bf2c6aa90ffbc8e095c89852e14542d884919d8c735bba4a110af0afa11ae15228e1a58a0baf4fbda17e

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe

MD5 674413dbbc708d32d53b386254eedb54
SHA1 281ef9b78e8a80dac4b4efe9d8d76ee4eeedc79c
SHA256 72371235cb364ab3891597f40a3f50bd64660a808979bd28bcf1c0e7154aa949
SHA512 34cd6e982c98d7d4cb763c9bbb20942a507fabc189f3fedd30433d2b79739189a3efbe81f4db465f9e401e3f01939bc8148b178679a0780fe1b000259fd947fe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\downloader.ico

MD5 7bd4c0fec91d5635665186f1d2dfa7c7
SHA1 8d6b4e7fcee1334bbe88a8a08e0b8c2334a081c1
SHA256 15dff50e862ab2c97f1fd35f1a2ec55e325bdc67616d1168176a35633db0cb03
SHA512 fd38bdb639bf413a544d402bbdfe1669402b50ee14ce54faaeeb011973aaefbd5b00462c71332c147d98a9efb818d2a05343543e9766dc8150ebd29bc18183fb

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 86f32eba93cc34bad8b1ccc38da7af02
SHA1 468dff27c32a07aa8b21af26ea045f4ba305a91e
SHA256 0c3afea00f6e63f33b13cd972bf1eb9cf92ecbb9ddaeecee38c96de1e792b435
SHA512 dbf4b8e4139cdfed25e7efce40f6e0f59b9a52e173e9b9d2f641ce758f6e2b312d01098e50ae7dabfc8ba7701ac193299a38eb117b6214230a54d3b9aa65dbdf

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 38a361e74296eaa49d1762a2eb9611ce
SHA1 7d99782dd24b5a2437bcdf8157b94e68575ea86f
SHA256 42d59e389edae4949e4e6b267f01929df1b39a27b94379dd3bdc7d04c807c7aa
SHA512 54e0206eb3775fb93e868796bb2eaa5c87868094eeea9b554ed92e11d0fa5c37dea063d68edb7bbf157aae47cc8eea53caf74795d6844955027a10f753147dc8

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 f8b0e3ecb7122aa3bc1ff4778f1ab0dc
SHA1 ac53a1043edbe087fceeae3df5572135c175417a
SHA256 124e801eafca16ee732444ab2099b4343a0fc0a04e19b53c18b723d93a764607
SHA512 d279412a63474cedee280060187edfb0954c19e68c391a6125258bca1560ab4d5b08a6da2e75802133f047ec5a4461122113f2c56d0715ec7d26c624488460d6

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EasyLog.log

MD5 71f3ede54122a7efdea6317fc20998a2
SHA1 b52589d58f81bcae41d4884a376c1cc8cdbe00d6
SHA256 a2c5fc6ce09d365ceda10f4475d29309a3e7a0302aeb8f0a990661436a42ebdc
SHA512 54fb219b78d97b1ae011fa2b1c112ba7be968cf5ee7d7d20942083e9ee600bb04490ac1b026ebaa9f55af2d01042e7048059638747ca0b76a8ab12ee8af89603

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 a7389bdb54b9a2cbbcb26b1a807a993d
SHA1 8538eb6ce51b0c5892dc40dc2c46212f4645129a
SHA256 30bb564c487bc9c6e2f055fda2afb8c2e71c0921746ed592179c432e974d61ee
SHA512 d74ea39cf9e2ff783998fdafaac06d171faec62a6c503dd08aaac6cffe1af7362f0dfb4e53b81fa056def62114a1d3c1ad814a8b779644141306e4c63d5ebe33

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 79e88602fbc44d984459be3a4a93c38b
SHA1 7b7385827ac89cbea2bd70124410c8a6c2d105f8
SHA256 9153bec814d0c157144812398f598c93e8443f2d6c6fb51d4f95afeeb1c6e590
SHA512 cee7713c9febbc8b1de85e9db51ee1d0ba8ed8e0f52120f2504e00d1781fea5ec34838dccc755804da312974d9f137a14374c4ff1d1eeb2f324a91775cb415f2

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 0081269f4a9f92ae813930cc20417789
SHA1 62015fbf638a7b8a5bf6e91eac3c956a4a22b059
SHA256 113ec069700937845c32a481e4f7d3f58305990fa1431aff93d9d123d7a942f3
SHA512 f2ca81433bd117de4d241a97a5764db2c670d5f50c673f1440cbf14af9280fda16bf3f76e2f3d55c5adbe75b488981145ba5ba9e5503e40e0e86a2e571c55b44

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 53ac111cfff9e0a103d861b2ca8657e6
SHA1 77e9689e56c632203f86e9798a1063fb647da166
SHA256 500894e209d357405a68b0778e0cc37e58567753927c6ba73408d83fa5c48d4c
SHA512 e97f2479fdbfd944d09b1dcd1321b5f840f37a45e3992bc47eb31b7bc18f3110c9ae3a0495e3ce439d4986e6bd3a3a809a5da5d12e5225ca77962950bf88c2f1

memory/2292-257-0x0000000000400000-0x0000000000438000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-LTRDB.tmp\pct_trial_easeus.tmp

MD5 cfab0bf664ca7e21dd9e2471bd92d41a
SHA1 af005dc1f482e8a1ef5ec486ddc820267ab9ba28
SHA256 9e315817772688ffde48f2d27962a55f708242cbe96ac36f147e30485c6b9e50
SHA512 58b62496aaee55f86ba4ad547ce270135e1f66b2501ad118fa7c43e579340145811139bea2f71373fecdbed2b10fa97beae6522e84abf4080d2db95c8bb411b6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-482EQ.tmp

MD5 ea9eaeed036748315cf2955ff7761c39
SHA1 c477863567edf7cb812154572fdddd8c8649dd32
SHA256 265742883ff410f9f0d503fae5c73e2835ff17b6eecad9603c087ccdce65fddb
SHA512 09838422061f84e42296dfd1ed087b78d14d9c38dadec4b4f396a4cf2acb2c59a8f5b79258a999c979d5d273382897356399c1f4687277410549c67a3c7b8913

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-ASCHF.tmp

MD5 365289953286d1d1684634643a053f49
SHA1 165c65d3f826f9569525817112bd734e1185eda5
SHA256 9f73067dc2b822776fef384bf396693a1ce1f953b5ba5e9650681c1e2d324ee4
SHA512 7725d55eae106c97255509dd1dd01e5066e306cf1cecd3ae4580c4b8e3c4c66ad1cad1ab6d10b2f185200e30163ad38e2be73dca9c564735f634f4498d91cd6f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-GI6QI.tmp

MD5 8f786a81373b4e8d43b680227b502f9f
SHA1 30023effa63b4b48a2968b81611fbb752ead56eb
SHA256 d5b81ac00fe51cdebc33166cf9b04ae1ad544fb70b2d1421d60e71343cd04ba5
SHA512 ec571044d73c53616a1f64f80e28c80837a94ab3b64a41ef6fbd3fb6f8441c82c97437dacdf8257f882953f4f4f8940d7a2ff45a92feb1f857d6e02df59b026c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-KQ2EH.tmp

MD5 c54011f7f97a68ebad07cb5860595d9d
SHA1 fcb34d827cfddc32c4f6d0109514f437cd167189
SHA256 edd375f4f562fd51ea7eb96b0bfa95975eb42f79d054951714fab07c91578b4c
SHA512 b9dd824bc700fe1d074e6d51b999e6813dac4cd1791472ccbb739f83d4e7455f0b97b6678d6ea0f62c4214b315a87f3d22df5a5270462e962780f11bee65cb5a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-JOVPA.tmp

MD5 cdb5483ad30acb81e6fc38bac0e70d10
SHA1 ff287227d69f29709bf27dad762fa674086561c9
SHA256 5a49452c9c49fd7fc2ae564fb7d8d42befb016c10c38ac280e351bb3f5319882
SHA512 58e559bceb1cc9942923d20afc49801d255675dddec5adc87aef71430eeed5ad9daf9b96247cc505c6b7df7f22f484c1f5244e1ea300ac8162fedf669dac2683

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-34BRC.tmp

MD5 fc729316b9f0d0d2a753d83458f19d27
SHA1 a71732c2c1f46a52e7af3dbecdefdcfe522f69f2
SHA256 8f2f9ca6110f2cd6b4861e1ebbca5476792872c1b5b611d5fe48dc6cb8bcf39e
SHA512 c99bb5521915aac6ff618a9629e7f61198712634d5b9dc733bafe9ba53fbfd9f506db1dba7a7c38bccf7f95e6cdbc617add2bba7e99e249d55ae33da0160c696

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-3A497.tmp

MD5 cf67be58984e3fa5068d8db07da19ba6
SHA1 78214e50ce271ac6d7da66fc221e69fedd405498
SHA256 d1a462bd64ba14491f8f671766c6a5030b4d2b4a71fb9186073a6c88081d3eed
SHA512 c7508569ed126feb7b636194d213717618a1dbfbd40065683b3299936490ed5e0d6fc61261dfad6006fe73e5eff2981b043fad253ca8ff0493ce5554c40ec4e5

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2O3JS.tmp

MD5 5ec9bc4e91a825a767bf709726924a8e
SHA1 6d5bc48d7fa24d499013f15e7dc31d7aaad3a01c
SHA256 0ff28d2793d021e10979d8338a76cc76c4846907b28cf6113b018245b715e281
SHA512 dc3f8fee4b0cdb4fe07171da956f90f73d04564197267ece6e1fbadd566b36483f304376ba0e1aad6b13e14d3466c0a95a9d54d65d86e1772a2f801c2b7e4284

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-QIQ37.tmp

MD5 c69ff0e678478eb4a6818806664d9196
SHA1 2f28315260951357e1812997c2c623ddbbe911cd
SHA256 0823c22330d319f5181b9051aa0778d007d47bd173099271277849157b3859ee
SHA512 90d3b5e2b9a8b73bc6c4d10fcece8d91f120ab69d9bcdcb39cb9c1dfeeb0a6003fb1756264cf55e7df5a033718e7fac9580203b0ec363d8af79b5f02b821023d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-KC7NV.tmp

MD5 faba95629feaa0dcb735958390fc9cf4
SHA1 c9a0a870d9eb8ff183efb7ac3fdfb5af5c47a885
SHA256 78bc6bc9ecc7901fb56bc1929324b8c9ec0e999dee17ec9de49e817f0c5bea41
SHA512 7449612867f8692bc7a98b182d2a9921485804dc82b65eab131ae6dd110e11eb73b70f71a58a026bec752d506a4412b9b60983d140a763976d857c16ad05c30f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-PP758.tmp

MD5 88a5e9c0b52751459e8faf28d91f1ead
SHA1 130c628b6d67056d685d8493e267accf18a19d7a
SHA256 08d85a27079ecf282c26b7d34dfa0b5672385f9858e5ca3d2a239ac782aa2895
SHA512 cee77a6552ba8b42256513f8267aea3d6d97a93b56e655ddfc476fac6df2585b3ac5a82d4c9326a68e6a1d1952dbf4213763def715316d829a84fa97e8916d08

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-LDCQ4.tmp

MD5 c2f386ff90d53b056a69d87b39fd61df
SHA1 b1a4a52b64952ccf8b1253927d7001855c6a6007
SHA256 2848a604e42c9fb0770a598c138c213989f7000facb9f745aa5f5910b4aaa951
SHA512 e1bde389bd733e496d495d966a866b450992402305732aead32ea0ef479c624810ed22d09db3ac3e799fe91bae6b2a6eb6451ff834dbaf1c8369e03617b14ad9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-COPR5.tmp

MD5 b6db5e55b8b57f7f44423902fcdf94f6
SHA1 caa96d72a94c0c70f538a79b039332ad0599d041
SHA256 702207640938d9f8e135fe2ac783ff3bd1ae8f1c777ed55da2f38b7baadcc1a2
SHA512 b042cb6983a41a032fcae8e59a95dac4db05bbf6f7dade097a1f904d5097ad1f6c5e6e02f92138d554c9b329880f0fcfd8674ffe8f766b4a0a50cc73b45ea873

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2HPQO.tmp

MD5 74c04bdb7672e6f1688cc9b53651d5fa
SHA1 47f2614432bcab4708d6f3f5c88fbb1cc2139a24
SHA256 554951e9c282df960bf750ee5a6f1f03738fc2d5395a28d2261b780f5fe7a63e
SHA512 a77ddc3cb2520c86d0047f5d7290c40b6d0ccece3740166d2c8e9889d56ab21c9e8263be899ac45c49023940bd8a7cc29a61a5fec79b9ff201279f192290823b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-KVNUD.tmp

MD5 9fd27f5dd094d50b97d30d623dbcdc15
SHA1 fa1ca00fd22eafa1268553558e8350ffc7ce0f43
SHA256 1e2d1c289834ed3ff05394a675af58a1f3a03cb46bf118b1cd3df163a63e2149
SHA512 49eab357e4964bda2400634174778ccf101ffc40abf9a5585d432330428e3bb93d17bea2d433e396780266d74949de43a4541d3655afc68079998eb05a794c2a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-9LQ2H.tmp

MD5 a1cdf6df3953ec3d3a05892f3a7dfbce
SHA1 17b47e4f6f1848f134859828c329c61c0c9c06db
SHA256 67c799d9a989097b3442e19ab23466d8aec24c4695a5aabaa64067b595126adf
SHA512 48da47b03723ba7bbf589f734d5d6bae7c39202ab363b53d5901c08749bceff21bb13c63163778e674774e70306586d6dd9069f8924e5dc65acfdcad7bb42e9c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-GOGOP.tmp

MD5 ebaeb1736871f5af6750d880f9c8f56b
SHA1 9a1dfed0ff7543d3551e93d21da50d72c1fb0dc1
SHA256 271547a0096cdfd8789c23d94c89ea2f4ac4f39d4121035090b18dcd3b972f83
SHA512 c5b7409dc5bac68e7a7b5ec6eb82093628eced6b55b31ea4b3a93629657d25521ba4efc5401259b60cd7b881be55cbcd82b7ac39cdf998bf25260cdd4e63954d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-O6NAU.tmp

MD5 31e5c0c38f52ea021193ad8293aaba81
SHA1 cdd50ba8623a32dddefef9a59c57abc43e1975c2
SHA256 45f8e0006ae2e67b57cc708eddca308cd06224f4d90178feb325c868645ae207
SHA512 ed4625eaa5d78c1b5706bb389b0fdc602f5e52ea5ca3dc05004b5e1e15a0cd32221c0c47790ba4578521aa2279e8ce52b6bd403a0fccfe2bf23e2680057656c8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-BL150.tmp

MD5 6d24507b4982a1a5098dd9406575b4ba
SHA1 098e6c8a048d63099a53409db30c27b6b8096c5c
SHA256 63aeb6596fbf25ff06b1986e7f04b8d0f5e66ae5c63b8de07f1b9125a0ddadb4
SHA512 1c42d0ef2a21398632cae99368adc633e6420874308d1e37cd5b34189c4b4fd8b6cdb999bbaff049217433c216140037f80705d81a8edb580389f72f9893a945

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7HKID.tmp

MD5 9ae7f39df92f6bbd6890d0844e0a146b
SHA1 08aa2a725eaafbe0c571c7b1ab59d07b5ff15e05
SHA256 13bfcfc9be30e298e0a6fb4d20fe681ac83eb4aa58d1737bddd7e47f60ab1aa0
SHA512 92f7aa38577f0f11bbae86132a395520a09f3779199859053e2786ea88d44cad4155d23f22be38b1d2d121f3177d971c435b6f4054608604b73b85989fde92aa

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-S4J1F.tmp

MD5 8994aa12bbed3333440284af7f3f8101
SHA1 305d9566c8065c7399f53718f71781e4528f3612
SHA256 eda273213ff8e14de4df17535c278d31a52173a808533852078a9d6a45b79213
SHA512 f55fada44a94936f88a0c233508ae3b41539d55f9e649c0349cc97bb9fc7dbaecb745bac9c310640186657456a4529fb24e43e85b20ae64daee4adabad2e6a9b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-DQ8D8.tmp

MD5 bf6a5d8a44424e802683cac1d07a67b2
SHA1 43d4ab5516842327ed6972f5b24e6a32088bce96
SHA256 f88ec5d69fc516568cf725742a7f5e72a8fb016a9aa5159997c021c3dcf85981
SHA512 af9e0a4fc629faa3cac39a73420c1b0cf31d6f598865e90c71d06f9a42913081db6a438e18c4ca75c36f47fa6904ca144efeab76f025de85a2136b4b77840c3a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-C5R5E.tmp

MD5 c8ad97b5f4d802791bf78a967b046014
SHA1 06a912988df6941ebcd64f343b30f7875e996d8b
SHA256 b610794b5384be1d3af85d23b756945b9d53460563b8a8c31901b65512c0d567
SHA512 29630d68b33723da1a91c67937c0fdb7a3e3ff69f5268d8ff81783a2cdeb0201198f2dae1cb8e4e1ecba47dc85acfaa24146139c8de73f5e3108b553a23d00b8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-6PUTR.tmp

MD5 72fe91b7c8ad5250cdc6fcc60e08a3e4
SHA1 ad8ebfa645165b02ea1ee045d9472cb8c1b827b2
SHA256 cfc90a9c02091b88fdc4ffe08c2bff87fd5604ebedc084c6dcede8d0bbf529bd
SHA512 8978d61bd38e0dc303b66b72da1db49835cec305d31e5b7c8659713d7557081b116e913f7e942d67df90771eb2defbf3cc84c1e57f7ee81332821d91f44601c9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-9TMG1.tmp

MD5 c492ccf00c6dff644788e8903961f576
SHA1 451257913871c027f6724f38c48d7292dea1c284
SHA256 375bbf456beb2eda2153686d806e3bdc25a11b8d06b2ae7b3de2460bd6e963e0
SHA512 e3ba0c3d429bad9d8e5b0712506c3106de3343572170b8e80565adb325a5054b88204b3364de31fd2d4ca36b77937d4d29ff3072dbe0e1f56ee359bcbcf14a58

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-C7IBH.tmp

MD5 b95e3d14475c7b4d8a551e789a73eef2
SHA1 66791a121f26309e18b19b31ce5509d5d80819e6
SHA256 fc0c94822dbf0c3087fd4bfb84d7181a00bbc9f8de4cbfe1387ba1d83a7fb09c
SHA512 1b9070e391a44a6cb2f01bdc713e1155a5ccfa82a9361d5b8302e7b9582f3a21cbfe156f9199a571029da26149a1757d9a8c009ae80ad79a7c08eb712310e6cb

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-Q0OIM.tmp

MD5 ce26d003ae276a17c7227627a297f9dd
SHA1 cc642f27ec79b73bc67305c64fc7cb2b329e5754
SHA256 3054d03b401a44ad5ff02773106c201f80d2f78bc439c9cc74ae5dee63484387
SHA512 99c1e2a65d18ff25e45e0986e9a2f747c100ae71ee246076ded4dd5dd7e6f1dd1211b4b644e6dee4a054b1187f1519fae21c2d1f2b7ba3765f4ed1e0a68a6119

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-R43ER.tmp

MD5 8f7c6a5e3b791bf7c4d50bca0845adf5
SHA1 b11f0389da44c432390b90746c11e7e3da1f64ec
SHA256 2a3124e0ac67700c286c075c6423c3369759ff89faf3f7775650145ffb39ee3a
SHA512 ca6eb88e929e31efa0655e9930388396c85f370c24f6d72fc8f0dde217723983684ec52aad29e964363f7408b2c4e0e90c4eb630f802b6c6bb41dbd58fb53882

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-1Q7AB.tmp

MD5 a598046ebdf1516c21023d986ab43cd2
SHA1 603ce125e3fb1872dbaebaa9d1a3d0d80a16b567
SHA256 cf185c621901ddbfd76ed5341b2143e77980520467dfbe705e99260b84587644
SHA512 dd170baa1ecf2ccaf8c68a0bf4bce851e8b859df7ac4cb09a7953c9aececb61b63485679dc0c5f89b1ab4e87175788aa9706fa91ba353b8e337b41d8b07303f2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-QAQHC.tmp

MD5 a999e53405052dc4c842633ba30f60eb
SHA1 1fb32a47a26b56ea280617a71c4a40d2f7017919
SHA256 8a042b9acd1b26762a0105b840eb97ccebf9549df5cdf1135662ef5da0d1cbb6
SHA512 4bcb23fdb1f596f25f01452e18b6f1a545215ae63f0008f6cc5408b2ea861d0769a113112b72f7e0d8075ef303a87e8cb1b5af499bf2b671d3225aed4f2b59da

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-JC5M8.tmp

MD5 bc16115a339c0bdf5a5affaaa568253c
SHA1 5f36fa7bb74760efc9265d1a52dee6ef5a17be7b
SHA256 47184b3696abcfa5313c6c9ecb439f12393ff107f2c230bf0576814bc6e02241
SHA512 c7f39dac4d5fd9c5d02454abbfe94a84607b69ba1d26b27881039ef3c25362e16bc09fcbbad4d3ff7b13492c77a22152e0d5fb4432d934d387ea2893c50919d6

memory/2292-6391-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2124-6392-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-GP7M4.tmp

MD5 495c9c664b5be8bdaad7fd00feb04355
SHA1 2bb1f2aa889f68f744a8dda82cfc51df721363e0
SHA256 398c5cdb402c290ed4ccbe4e11a4947d02883877dd35b8eb731355c737e1c823
SHA512 c8f31da3e9b22ab13f2b0b1e1229efe7d58ef9bc0e30ea6b228f062eb04617c63daed9f01d43dfdb780645067be13e37b75b636bd6e0b90190e043619db177bc

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-BQ084.tmp

MD5 4eb62964a6ce446f5e842fd637baaa70
SHA1 a376149281f022a60cd2aeefb15578cfdaa05a77
SHA256 1a43e690a41ebc32848cbe71bfb957eee1684a1ec59965b1ee7900211233e4df
SHA512 68e9361d2d7af65ad0cb5eaeef09776e77cf80ebaee1170ed7d3a37006ec7ff98f5a8c4b510bde69b98418fef09c31bda348f71fa7675fd9193938e36789f57f

\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

MD5 7d8a83ddb4991af9aa4e65616d38a9bf
SHA1 13e9b549dc4fe810dc4293438e4f09ddae5ffa88
SHA256 4264f6d9454e997226427ef7a4eaafa6d58d72c124bbe3ff71831eb421e5d72a
SHA512 92d368cd162e39e1aec41faffb94f45ba9842bc97cae44d6c433867cea126791efc6d5de298aef4754c0405d8b854f13776bb1664e51febee479a8564f010a8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 dfa9067f7b92da8fb1369047a8191861
SHA1 3cfe6f0a143ab14fcefad138e594d4bab7dbbb0b
SHA256 fc02c604fb7267bee6517caad7785b6a148d27d73b409894d42ba766b3077856
SHA512 d4afe536d731fbf3147037e894f310383b1073f77b39c43faf4440d71705f3fa60224e549f1500480fa0803260552b6e0d1c7fa6dfbb7c15734b300581c7abfb

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe

MD5 81cb46917e30dd7831e5210fa3a8a163
SHA1 cff7dd034e6528dce3c7b21f612a3a215db5806c
SHA256 ae17fbafa1cdca80dc0f414159cecabadeb69ef9c4d69ac58412fa430e716de9
SHA512 70c1b8ed3a45fd7afa2eb6c3be33be5ba6d527c99afac82168db213483109af4a385e2d4f3fb8bb1c8a83a0b51f3d3910808cdfb725231bf3068d7eebdb7a48a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\MSVCP140.dll

MD5 996d01ad6a71761f29a98ec9e9f30007
SHA1 85aae459210739b2d24f24cfa1a42ccfe6478514
SHA256 c8e7456f4ac9aa65ef3ad61a6daf30efec9737344d173b2d6d2c16e752052a55
SHA512 6b145328a61bae1ab8be7ca9aa07e04eb06924cd2d24a8513b6415dfe112440016e21ce24ba69d8cc0fcadf9de5276b7b7961b9c0a91af4e03a0009521c41013

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

MD5 fdd2b614d0e52919749df5ae11176485
SHA1 f5ad021bcab11e51c49c81a90962130af8adeed9
SHA256 45593a96fc320f49123d9b8f813ad796f62345638dbdc8b58ac227a444978715
SHA512 e5682554503197369b4ae80382991606671374b1e96abf8221de776213de552fda0f74eb673a8546d05ad8468306702d79f3cc39731fedcdeac28cf709c2154c

memory/2292-6628-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 6787ef630b4aec8e0282bd948fde9f23
SHA1 1789630d4b277525892e0cea65bb5492eba2ef3d
SHA256 8142a3357e7319518d762d00cda427c1ff8ae000a6ab86b957c6dad6294463e0
SHA512 fa310898c53a7c2ff779aaa94352dbe1ced678dace4d2c34603ad39839acb532fc8a2b3525f0436c62aa6952f9a0e55fc6380c62eef65c931921886da93c65f6

memory/2124-6627-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 66d1e19eacf4d2d0b38d75ea6eca51a9
SHA1 cd971a0ce7a24af811e902aa8a7c901a054773c9
SHA256 a5fba95abeeb6144ca8ffa588882d5d3e407aeb3fa70f8eaf895ef3ac90dac2c
SHA512 f6e56c7b139c6147b5db5881f90726b9b04c968e803b8ce4b449c7cd684ca09aa51256649f6b0b2c2689aae1c8d28e7a3f4e836948df5a1c27d8a8b11a17bc20

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 7edfbba0ea1f838ea6a59675ce7531d7
SHA1 9d8054a35530600715fea604b5406e19a823358e
SHA256 0c05b6bbe05a608c0058297706602b2a07264edbf0283a369a497e6b1c1eacd7
SHA512 bf1174dce7b8cdfa4db07da70e468c6b4a26c679dc62b3276122956486d39c28fa2bf946a0e1aba632a1bf3f9462aec507a5961ffeccaaf071f61244e9e1ade6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 c67ec276737596b8d272a662a564755c
SHA1 c8ea0f8bdcbc605df1534f8455a098329206f9b3
SHA256 d23b5cc2381aabd490c9c490796d25f3807e79642700a4d8a3533da0054362b1
SHA512 69aaa77e3662dabc0515085af9b58e3829c0aebb141f14ce0101967e6b1839a3957450ef267f1559786a6ceefebaacad22dddeee180fa432785d3d9399b793b5

memory/1056-6687-0x0000000001000000-0x000000000100A000-memory.dmp

memory/1056-6686-0x0000000001000000-0x000000000100A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 9c4ef804f88d7652a173abe0e637dd17
SHA1 54fce7ae5279205a5cd9afaa0e5ecc35b881a250
SHA256 a18ac21106f4bc42007d6f3bf732d851727fe898f3874a74afaa8d7d6fd2751d
SHA512 b6be5760e1ddbc5fdb2b1372732b8a0c46a2f5156a2069f628fdd888e08fc17f5e5069be2f55bc5141f9060f50e4c18c856e598e3f0943daa1689db43fd05991

C:\Users\Admin\AppData\Local\Temp\CabCF43.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 63081170e1707531623dc2b5285cb35f
SHA1 2a89bb7f0a1863b0567667c3f334276f91c4038d
SHA256 9a19c1aaa8a95dbbdaf4ab1945f68bd466db7ff42651ff45a2cc08996658baa4
SHA512 7753132141617ffb43038235203b175ba8cebaf5ecefa63ec21ced6f5bcc862b7105f3c2b3ee98c7153cb99d1c3a0d0dffe558691c5c4e42c47c440e06cddccc

C:\Users\Admin\AppData\Local\Temp\TarCFA3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0669fc61a7568a86dd3dae98f581cc5a
SHA1 87d89fedf3b48b3c32185d9547a671b5becf00de
SHA256 cbe56d48f8409daac0f5c32bf13d5eabbb26e2d6161e79cca96ba7730918a63a
SHA512 3a0de172c0fa0dc53807323c4cfc2dc9ca29791651246792128c638b82ba77df49cd79df84f2799cc82f4bf6d6dc62ee61551d4403bb8c96c8fb244be9868683

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 f4353dcac6335650cdcb6c6368374957
SHA1 8d6b4690d0877d04e023aa1badf087cda113c229
SHA256 53d9e1d580ebf46df3525e48d2b21b054c30e1b5e017049e548e5e86360afb4c
SHA512 ff43abde5014bc14086e4cb0455060217deea5c79eaec2f4305146a689a72188789c99edb1e0c75b22ccd176358477cc0628ae21e45dc00db69d6d1dd49f8170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f06183f86056b7c98e5aa4965dc933f3
SHA1 a59a6023f424d61b48cce7a4046dbc14d5da859a
SHA256 1735300c9189c899e1a5022d0b93ca922c9ede75445e89330fe28599c8a19cda
SHA512 bd83e0656d1f295485f3bf9777cf112a62d922f7eb299937d224cf1378672cafa6e9279b90a69b1047d89be4ad79cd4ef13357ebaaaf8ec0ce2767a03103f924

C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\1C68B68D5E6A4026A27590D6E1C97AB8.jpg

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 488b34fa3bf162088da5540b51c46be6
SHA1 92591e309f62944cccafdacbc5e3f9bc16504ebe
SHA256 030dcf5cf613c922cd5c1621d13a1ae150a571896dadfc1ad69f284835489c54
SHA512 4b154bbe52300fe8925d6d5bdbf67544dbde9627a1265e9a627182c94fac146bf442da9f00621bf11b9f575adc3a45b812cd21a942d0ac964eb29058b6dc59a0

C:\ProgramData\SystemAcCrux\dfb35f2701c538eeac.bin

MD5 13b9d6e983529423b3a456278c617891
SHA1 9d8357be7f0611692e110f06032e9842a308578a
SHA256 75904285aa08f139ceb43e2c653e35ae774572bac1bebf2b9547aafface260fa
SHA512 69302b37aa1c3a182e4b2e508d34c8ad27233c9e8178c8c42a1a44fb71a624b2573c64f337882a16953a6c04e794c1e406726c6d99d46c774f6ed71ec9017319

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0c9ec271e760ed7625c2cc137651da6
SHA1 68f5a0112d96b017f486738fca6fb2c6141fc638
SHA256 8129e092b72555eff40459d31758a5ab96783176b65302a20d5528ea4dc81a37
SHA512 cecc036b7e71d539384ce3cdf51443ff2d335fca20ecbd1e971e4184bb28a9820141bf9fa38211f13070a1984df7e94c537ceddc89c63777a7782e714888d093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04e6514047da103febd15147666b9a75
SHA1 9b0a5cc10c89fe812ab966ef6bd2d7fe3fcc6100
SHA256 4f17837f7cc60951a8c00fb88cb18ccd6e6bde6e067bf34cba9cc088df0344d2
SHA512 fe64aacc4ad9d208cc0a43bec58792a2c541efa9f03465f4133ab4a0c4ebe9db791ef05b5e6bcc144fcccdcf0c24dce216a0d68a074e1a128298f97d4fcd7026

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_retain.ini

MD5 c0e61cce7072fdb568b3b28c2b300f4f
SHA1 6c69977a491d9bd9772c1d30bdad28cd3c085f83
SHA256 6c70249463a6151ea0fa3398b50a0deb8f1c72d66a33d5322eecb56201ce9db3
SHA512 859f287bbe501623bc2367a02f1ada729c12ab3074215a902eeaaaddf2a8ea6668f1a71cb1eec8db83644d57c18d12c849593689daf319ce4585b1d461c7f803

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 1bf9387be26da599855fd9b49360142e
SHA1 b739a23059b9b2d21bd2dce777eec2530a1b225d
SHA256 4292f556d908c84ed4a45c807c65e385a93518b753c7183d474183baf1d5fee9
SHA512 8ccba229185f8f2e8bb09c7eec9074557a3c1e8d5c05858457176c33ec318ef0dfbfea301dc362fa012a9b3c1e311cd420b7fc4ff839a8f3b69ce77b50229583

C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\4824571A1EB04835A8050D5A48B19227.jpg

MD5 6a114fffd529730579a7bd53b3ccce79
SHA1 c7c8487849425580b5a4d49d9a765929451ca0ba
SHA256 6715012d3972c3a78a5ebad2d63a78ac4d940a48814b9de03cd0c75f39d87341
SHA512 8ab6dcd37c18d28ba337f62b1ae03adaa06ee73e5d570db0a76cf7870a029e0faaf3d4824dd3f659c56de94605e410d0a1ef2fe9f49de6955b04398c6def2944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5212b2db18b3b6566cdb92ce53bf105
SHA1 2e25d3b632d5ef89653edbe4896b034ced9fbdda
SHA256 7ea2763ff78d13f8dac9e6cab4a95c6818fbfb0e7bcb2559663ed47b1755c118
SHA512 8913a5b6f655f73531800eb0ef108ee738d6472dc8eac098a836f8e397eff3ce148dc1b7951dea7c0c7781f75f264290640979a5d114b2553d457896476beaf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d1ba9dae31673487b6ec8a04ad9cca0
SHA1 6e0b84662076dfb5dbe981161bca196841764faf
SHA256 dac221cbf78c0b3216d5352b1fb328e8a9249fc60e7ff05c6517e45f73f84119
SHA512 7c43ff607e34d5b7782f0545b017271006428f849ae7b8055c2c3ba144da4ca71b8ab036f917bdf5d2cea32d836262b42f5fd7fbacc808d2880b07e7a0198456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70cdbc619eec1e4824671791e2b9f2e2
SHA1 84978cfc3ab2d98591c24233efea0a86a6fd372a
SHA256 2c2b2e0c4f4581e99e847cff06a2eab3ca7d30708c4bfe30a3a14684a3c49bfc
SHA512 1d4d8e62e0c51976b24a3a10ff16657de08d8abcc8f99989cd866e0aa561075d5e204af9919f9acf2c31bc7921cab548a3bfb0d49ebbd3adef9da5735ea5b708

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 64904847930a8230b6e32a89d7606186
SHA1 5c462d1a1cad021078fbbd8eed372747c4d85ea5
SHA256 e7b9dfa85ad6fbb85ef64be8f91029a99e223ea2e10c3f5a82435f37f5bfdb80
SHA512 0653a9af9707545901480ae39030503abf686f129f11e689e630808b6ec95d60ae6f52917ae8ae101455eff354830d11b78c7eeae1e6f871b9f2c09a49016f9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 477bbab1e9884ef240910cc2e08ded54
SHA1 be432b49cd5ecdc611ea14f7c922188b4ce37ef9
SHA256 a7783f79c62519694fb4716a3a3a8509029ed068188cf4dc4428d78c20de64bc
SHA512 3ee662de12790451fe285a67b6e1aee0905e8b4f0e4f83fec8c735ff7cd318b5ddad42d8f3111243f80e46023cc2dcf002f5e739bcc8f5e572fa4973cc3768d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0585f4c4e4c20e2d293442cf54bcc567
SHA1 83ae2c2c3b7058769bd6e8480bef8593c66e1906
SHA256 83c9942f44177d4336d57b7531d49ccc1152d56d2c71f1499622ea1b54709350
SHA512 aa7006bf3c1106012ba9959f45837616bf7c771e365f3c1edc4902c9852165ffae1aa488abf6be707bb9292fc49c279be30d041dc945a82239f2e0ad465535cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\fav[1].ico

MD5 dd4e2ba2d805ad81a3175c464589aceb
SHA1 9e9b8360dbc709dbca37385a8784e19b4ec58f91
SHA256 ad8bc6c01299b96217fe9b66d7a646e7e20cd67ebe01eb7188de5078b54b655f
SHA512 48f2947ae30cab5ff4c4fcadc0bd89874ec7411a47e30a1bfdbe4a7fefcf1c43f455f89d6bf9addbc22f567b58deb167f794aac6da2b9d455933f16c3cc264ca

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 e5c648873256f2e3ffa845e2a7fb5da2
SHA1 2b984f2024ac0d188c9bd773487aeb9a22fce68d
SHA256 5d0db4db23313b9803b6dd5a3186e29d152fbd55a16d18d5d316a79d5060bfeb
SHA512 6393408d33c0757462a37b92920bc259d7cd38450ad5219abd9ece118b65ab98c7befa7e94df7e0a2f005749907dc6db669938671b65c037474c33aaca9c085b

memory/1056-7643-0x0000000001000000-0x000000000100A000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0d99b10e4543b1ea26f985d537b7b80
SHA1 289be193f359f18187a5170abcebd637ccdf9222
SHA256 5982f55f729f014fc3da878f44a7766018c3162edfbba566b6e961e3fc00f58e
SHA512 009a1d019ca2b3945b88d911019b8cfa6d705a088cf4b6a806c5e1651a7f008dae5fb550853e1e3529da0c9f229ca64a81528c01a204a27511e71286f6334274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27ecad5750c37ac659c5ec2bb1d63ed7
SHA1 3eea600db81a27fa22e141332a34a59f85e09f2c
SHA256 4774c341ead0986f630b7b32cc9543f9a079eec4fcb60f4f61ccd440b09de5a5
SHA512 ad6538bae91a01ac69ba6d67b8ef7772e36ea9fffe796ebe5186fee835440e1c7c4a287d8ed1fd3b7a1abeb001034c38fe6a890e069a225eb2657d34261fe721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d281c75bf6ce023e3607e35b9821a3a
SHA1 dc03be575507f17e2a994b11bb64e51e089da18c
SHA256 74b454a54148274e0dde475ed1fe29087f62ddd1fb5b41e515363eb4fa8944da
SHA512 597173e98cdcf5d18820ddc3fdfac4ae9d34c8ed3c84000113ba6e2c5b3df1984ce9580f0679cc51b9abae3c0f9da7a05c5f6ca97e0bd2685b1094c25221d7bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d55b0c76aaeff7c8352cd30244066d
SHA1 130247716813b9b46a04340e462d094ed805c8a7
SHA256 82008bbca0a3a5fb210929f7561b1aec44b47b8503ba0225f43d8de9ea63eaaa
SHA512 b831b2ce8ea31cc6f1edad0248c40d885abfa8dfd0f127e878c0b19ff63658e5df89ca91a451c7c8bb41adcec66ff38e2ed25e30821d67177dc7728150a1f63a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09ab628156a82259f6fa5427a4fe936f
SHA1 7e6c5a1fc6d4c2b52f14d2fc0c91ab463332513c
SHA256 cfc2fdd671993f82817dd0e3def11cd025404d50e2ad66eaa75aa854ed916e70
SHA512 93a812298eab1ac3f8025d4828bfb02ca46baa429ccf1dd965dfbd43a3dea65e2abf51aa06ea0561edc920503dab38ff5b70714eeef6e10e79f686ca7ae1017b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c535fa42c10d93af9cfeac07f48cd9b
SHA1 f0f81785910118e0e529a79d4c1e732369dbf43c
SHA256 96bd56a72ed81e7fd5a1210addc593e6cddb5fe63f8e7d69c6a57a25722fc85b
SHA512 610cc4b2856cfdb45f3e547d1c092216d8c870066a22402a2bdce420566d8ab31b0b21e18711af5beb45665e19ed7a2181992f36915bbd132761f0b6584899d4

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 79cf52fe20ff661bcf872eb85e88a0bc
SHA1 b4ee2d156c6188bbcafb27c1fcdf85e9f06ec40b
SHA256 fedac4f5acb6bc2ed28543151bc3452424586f81e1d7b390f8bc846da47887cf
SHA512 cad8a64d8cdb993002c7d1f30bb7c963bd553a189bd164a841a3515e6f2c0f7ba2cde565b840c9c7565b1b6dc62954cbb42fe262ab34824a83d9e1a06f8d06db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21f2d307750b1ac2ad9175cdaf8365cf
SHA1 c01f972418b562d21340b82183137ac9601dac9a
SHA256 ec341d41f6126776a5396b85c7a0fe360b1f39b2ef491cab0a5b52bcc406643f
SHA512 62b9221a8af0b9e1a6c56f0c1e1fb1e9a07fc3d14ea55d233fcfd16f8b3c4acb8e438d2e9e40aa5eb508ac1e0e54670aa7b2c113f63c61afb1e244e09b50f146

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15b91ec5ed25333a6e3b6b684710981c
SHA1 3cae70adee51261c50bbd5ce7d749fa30d2270b6
SHA256 b6a8396d5b18b944993ec5f1f703ff88aa39d553504ad40a76947d15c53c3854
SHA512 5745f626d6e25b7036abe6a468043878a44926b79f07bb923c19fdbbc3f1d4d427eff615d81481bc4a702a66f6474a414717d3d9be96f5d798c47b6247e92f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b851166b6b9141251b031469e49fc6f
SHA1 9e463653a21bcad7bd0a144b54ceb00d57c21e86
SHA256 14fa71c725f0e7f053dacb6d2e6672436d0fbc0743deb4718a9248cf06315047
SHA512 ea6b8d3de3ee1da4e0094718bfe4d6b6762dbb7e199a2bc4414fd1dfdd7d137d863b3838b39be5de00a65a0ad08794626dda04baa983c5cb07b0277b66cd362b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_temp.ini

MD5 e1956ba05bcec37e57497ca5bb13fe69
SHA1 140ef26c93f1d58297c4079430103e10cb069cad
SHA256 c12655a70b8ca94cd21d6e0f1c55b1b91fcdbc351f9642aee9dc7b5dfe857f7c
SHA512 51cfc5d9014a70774d8b9760f26fbd0debceff087d09ac31a6643b9758210baa951dd22ebf52704f2eb455ce4eb45683afce05fd14ff15f292121d2d641ecfa7

memory/1056-8167-0x0000000003AF0000-0x0000000003AFA000-memory.dmp

memory/1056-8166-0x0000000003AF0000-0x0000000003AFA000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 be5710ac6881b46e8d627b257c327ced
SHA1 c7de6a86e2b765a3cf60f8284ca14aeabb7b77cd
SHA256 ceb31facba59a8e0e0766e5df3388de58af1b50f1dc894650131c36037823ceb
SHA512 2016e4959eed01f4e332f43e70fdc0157908fc226f41d2eea0a0ef8c2462c4874cf9ef980faf39b2bd43e5658fe63369eada77a3fc62d71acfeae9b144f8c7d6

memory/1056-8189-0x0000000003AF0000-0x0000000003AFA000-memory.dmp

memory/1056-8190-0x0000000003AF0000-0x0000000003AFA000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\pct_license.ini

MD5 c78c99313a9e0891f9c5f06d0935c08d
SHA1 5559ebe3c57b1a5576096481e894ac27fd85f81e
SHA256 cf1f6258558829194c5f0672b08b6f6cb60ccc834bd417891b0b43383955ec7c
SHA512 93de3e9085a1ab289ed27e0799cb89e17882788a51904af86e3bdf420d52829f0827ebe96ac244f8b23d699958743827135c44924342de6b75238012359adfd2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 a61a1fd649c6d689b6d36538d6c1fafc
SHA1 9e6a35143f3eebaedf0e69fc18a9034a09b762fd
SHA256 7e2a9c6cf6a3386ddd4dbc74b0b4c6d3adb03f52a2e94739767c35bd552771a8
SHA512 3cb81ac18c111af9b08a7c96d7b0c42b886ebfe7ce96f13663272c744ebd97e7252ed1ebcdf486ca2c3d7db17d8101dd6d1be7dd6e7b74be2fdf70fb46cd9d29

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 afcc48ae7966e16a0b299a8e9c858e8d
SHA1 d03ab195c79409961696e7035dfe07daa88e6a38
SHA256 13af34c6d01ee239ade1c2715c007a9e1d2684d5f3947d820eefb4d16f7f241f
SHA512 05c1060e947f0f03b2ed287d5e1c9f921a9a68a99953d925c9b89960de1c46811a5a7330f2e744cea35d7f5fb6f9510b3b2abb2b35a6b3948d8edb49852c18ce

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 ebe1f16efba4939163d57588970a3520
SHA1 0aedfb59da54180979f60e4a0a076c4cf0dc07c0
SHA256 a0a303fe0ab8e4fb5a199230812ec7e163fabea41775ba76d674a1723e1ac924
SHA512 044e863e59374738850cf3f631f731a96b363346734581c39562f236dab338df62e40159492ccd295e4e930626370b5a66053241d621d95d2175b358ca366b86

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 6eb1505bf5c8ed13e880266f018572b9
SHA1 96df67762568786ebdf282e9581d7a93fe6c56a0
SHA256 a0ef83844a7fc8c94d1ac53d3668a9ad7693bf230c47f1eafbd0ca3570998fe8
SHA512 93b63956a522100ce913c3cb149eab263caddbe1e605cc203525ec15a2428d46a2f7f0f979ae3aa005d26742c514d5bae0d621e808caa97561057305a90f49c8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 eca95cd77515f134938668d81d161889
SHA1 0053640de15882ad151a44027b294d1d04b7e0a4
SHA256 0b18eedf323887fa0480434685c535c2f5c6691f2cfc5a671dfbe873c5133aa2
SHA512 dcdab026e87fd052bd653bcd48f35306365651deb2c6d77bcdf8fceee4704c90ec8ead0fd347cabd8c2238b93dd1cb2ebfb89c786bc28a11869699d1a79488cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ace3ae995c0b21788a6e94c4aa265e30
SHA1 74c2b785e63780d75faf5e47f5183a93eba0340a
SHA256 511466716a592cc7b3999b146cafa6b164362a644b8502781eff938e9377e64e
SHA512 1a29d69290e25c503841d8d696c650ada0d8abf3be12026d5a8df60576288b4e22e3012ca67449875db2be55e04af79809ed30ffc055cb7801131f31b63245c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f47803157c9f73716f05e4459f646270
SHA1 edea9b320f7b3a08416cbb353701c3c083a29f0c
SHA256 1edf8cd5fe5ee5b46184c51f5eed89f053ba81b91fc90c98f60c0ba763441cca
SHA512 e8a16386a8bb65bb0bb35be1caf6ee4d1e6358511ba748d68e5b36d65cb46cbe5f7147e86999f0d48fa8a949152f18744412b9ae84b5bc1b91b058676ccceeff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 447cd8d2d58a37afda91051f46977f6f
SHA1 43a54121e6f9b540dd987d43a6e2f7bb1285ad72
SHA256 3cfa4893d6ff7488da70f84d0d40f08b40eccfd74a7b8b286f0314dcca08de69
SHA512 64fdf668d649f3dfa3bb8276c94ff8ec65ce9e5d64b78aa015a36b020cc500da40ccd301cb8618880527138ef6b3e693d7bae4fab272dbb15d2dadebd31e992c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7e1072399dfa3f2eceff630a4dcbb93
SHA1 47cb9b40696d7c9f70a7824a927fd5650e7955c4
SHA256 fe3b5a57368356a32d536d57258c756d573e555e57ba42dcb71cb8b23b57a337
SHA512 993f1dc215540c76d895709e5d76d8ae603b5fb5e6d988f26e6a9f152ae18c7a8cc3b804041636fabb5e4f5ae1f87fd6632ce668c992dbb4f10d74510c7c5de9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa34474b7e41d8c53df3dbfef375fc0e
SHA1 60a08ffae307c4cc09e4ffbe2d01676db084cdae
SHA256 c1cf1b6649d0d881b6359d2b892823d7ba65c52181e7a09ac6c9d6eedcbcd25b
SHA512 f40718741429791d7fb68b544b84e7bafaec85f1bdb86a6cd61593e773a84ea211104ea4571b96335e1ae14436e2313562cabae4476e1667925eba5009ff925b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 680d09e83a82fe71d00db6e5e64eb4b4
SHA1 061aa342917e3db28fc489af53b1cc0f7b571b64
SHA256 2cdfc77c9871c4024556e17d042c64a68ed0779510c2642d3534183508ce49e3
SHA512 f7746abb8af77ea0d419c27c366861da47d2c38984ccac0d4d2ad8de66fc310e7214dc71068d59237deae06338d19020941fbacfcd3c19c7bde158f9f026fb1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e597f3663a562e93c57dc7f77a84494b
SHA1 12e40cd04a03c88bb5cd269d5153b2648b514d96
SHA256 2ae4aa1b37f7aed3e36d1007ed683e217f68d40679474dc6d910c76bbae819ef
SHA512 6fda6872d6c40ee1851c38e22d846ad723ab7e25bc49b1c2378fb164ffdd95297762b8e5895c3371db0e2a6281c220a8d693db04ed4fa03cca807cc29e11b7de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7a8a3a019c4ad9f4099d93152d28e6d
SHA1 ef74e205eca731db5ecf2decd1a2e8007440be4a
SHA256 0fb77bbcb2b6e92d5a2d76c3fd355c83db1160af418bc53f64f9411a0d6268ad
SHA512 add2baa2664e9d88642601f39da9f6d972a97467d60b9a95ff847137155d86132ff8bb9e0f293a75f2f79a4f4fe4c9cda7950201fd3390751f6d65c5c23d7153