Analysis Overview
SHA256
ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710
Threat Level: Likely malicious
The file pct_trial_installer_20241016.17291248214345b9952.exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Writes to the Master Boot Record (MBR)
Downloads MZ/PE file
Enumerates connected drives
Modifies WinLogon
Drops file in System32 directory
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Drops file in Windows directory
Drops file in Program Files directory
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
System Time Discovery
Program crash
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Scheduled Task/Job: Scheduled Task
Runs .reg file with regedit
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-17 00:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-10-17 00:27
Reported
2024-10-17 00:30
Platform
win7-20241010-es
Max time kernel
119s
Max time network
125s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe"
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-17 00:27
Reported
2024-10-17 00:30
Platform
win7-20240903-es
Max time kernel
76s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| File opened (read-only) | \??\f: | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF | C:\Windows\system32\DrvInst.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-A18GC.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-BMMKT.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\proBkg\is-641MI.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-T5KBT.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-KIG7A.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\remote\left\is-KUOFJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-38TOO.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-1CSK3.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-97S3M.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\ico_restore\is-6TCOS.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Portuguese\is-9061F.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-P79MQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Desktop\is-DKJJA.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\Private\is-2GEG7.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-FDHBA.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7IKP9.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Base\is-TQF0K.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-IRNIG.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-VU9QO.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-IO5S8.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-LCONC.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\bearer\is-KP6Q6.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-file-l2-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-OPQL7.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-DS622.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\is-6KRF1.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-AGRMT.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-7CIVG.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-8I430.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-VFO4L.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-UAHGS.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VAN33.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-BPT6D.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Desktop\is-DG62H.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfig.ini.qghXyu | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-OISHF.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\tree_loading\is-OU55S.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-console-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\api-ms-win-core-heap-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-R4UEL.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-BGNJH.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\Private\is-VIK52.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-IMKMR.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-1OT1F.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\ico_radar_gif\is-2F27B.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-221JN.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MTP4K.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-SQ34J.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-296B4.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MKOTO.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\is-LFSSC.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-UT1EC.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-BK4LK.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-SE74J.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-1M2OB.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Arabic\is-3DH0T.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-Q6OVA.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-HRCLI.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-FE4BE.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-7IA1E.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-KRB7V.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| File created | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-28IV1.tmp | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\volsnap.PNF | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\RegSvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\RegSvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com\Total = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PCTrans.exe = "11000" | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\update.easeus.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD8F83D1-8C1E-11EF-8DDD-5E2C95561916} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\update.easeus.com\ = "41" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\63C768CF\LanguageList = 650073002d0045005300000065007300000065006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PCTShellExMenu.DLL | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ = "IPTCShellEx" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\DefaultIcon\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\res\\Common\\pct_logo.ico,0" | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command\ = "\"C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\PCTrans.exe\" Code=ImagRestore ImagePath=\"%1\" RestoreSource=ImageFile" | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\Version = "1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1\ = "PTCShellEx Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers\PTCShellEx | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\ = "PTCShellEx Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ = "IContextMenuImpl" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\ = "ImageSh 1.0 Type Library" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{35194CD4-99A2-4A38-A343-C9D64A482B07}\ = "PCTShellExMenu" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CLSID\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\ShellFolder\Attributes = "2684354560" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID\ = "{00DE9951-7B45-4756-98DC-C025EE3E11A1}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\ImageSh.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.PCT | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\ = "{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\PCTShellExMenu64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\command\ = "explorer /idlist,%I,%L" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\ = "Open(&O)" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Implemented Categories | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B} | C:\Windows\system32\regsvr32.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe
"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=pct_trial_installer_20241016.17291248214345b9952.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=13.0 ||| INSTALL_TYPE=0
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/Uid "S-1-5-21-4177215427-74451935-3209572229-1000"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"1-17291248214345b9952\",\"Timezone\":\"GMT-00:00\"}"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"3\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Spain\",\"Install_Path\":\"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans\",\"Language\":\"Spanish\",\"Os\":\"Microsoft Windows 7\",\"Pageid\":\"1-17291248214345b9952\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"13.17.0\"}"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Pageid\":\"1-17291248214345b9952\",\"Testid\":\"\",\"Version\":\"trial\",\"Versionnumber\":\"13.17.0\"}"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"11.83MB\",\"Cdn\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Elapsedtime\":\"6\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Installing" Activity "Info_Start_Install_Program"
C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe
/verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-4177215427-74451935-3209572229-1000 /Recommend=1-17291248214345b9952
C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp" /SL5="$601F8,73762480,188928,C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe" /verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-4177215427-74451935-3209572229-1000 /Recommend=1-17291248214345b9952
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe'
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe'
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe" Register
C:\Windows\SysWOW64\RegSvr32.exe
"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"
C:\Windows\SysWOW64\RegSvr32.exe
"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"
C:\Windows\regedit.exe
regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe" install EaseUS_FileShare_Web
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc once /tn EaseUS_FileShare_Web /tr "\"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe\"/skipuac" /sd 10/10/3099 /st 01:10 /rl HIGHEST /f
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe" /Enable "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291248214345b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291248214345b9952\",\"UE\":\"On\"}"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe" PCTrans.exe
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe" DataChannelUI.exe
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /Enable
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://es.easeus.com/thankyou/install-todo-pctrans-trial.html?x-url=1-17291248214345b9952
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Install_Finish" Activity "Result_Install_Program" Attribute "{\"Country\":\"Spain\",\"Elapsedtime\":\"18\",\"Language\":\"Spanish\",\"Pageid\":\"1-17291248214345b9952\",\"Result\":\"result_success\"}"
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Install_Finish" Activity "Click_Startnow"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Userinfo" "Attribute" "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291248214345b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291248214345b9952\",\"UE\":\"On\",\"Country\":\"Spain\",\"Timezone\":\"GMT-00:00\",\"OS\":\"Microsoft Windows 7 64-bit Service Pack 1 (6.1.7601.1.256)\",\"BuildNumber\":\"20240912\"}"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1408 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Disk" "Attribute" "{\"Diskinfo\":{\"Disk0\":[\"WDC WDS100T2B0A2.5+\", \"255.99GB\", \"GPT\"]}}"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_PartitionInfo" "Attribute" "{\"Partitioninfo\":{\"Partition2\":[\"Windows (C:)\", \"235.71GB\", \"MBR\"],\"Partition3\":[\"F (F:)\", \"20.00GB\", \"MBR\"]}}"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe
"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans/bin/RemoteConfigSync.exe"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe
firebasefetch.exe
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -enum 0 0, "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.ini "C:\Users\Admin\AppData\Local\Temp\euphtupdate.ini" 0 "" 1 2608
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe" PCTrans.exe
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.zip "C:\Users\Admin\AppData\Local\Temp\updateconfig.zip" 0 "" 1 2264
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/pctrans_es.ini "C:\Users\Admin\AppData\Local\Temp\\euphtupdate.ini" 0 "" 1 2556
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/InnerBuy_Trial.ini "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\InnerBuyConfig.ini" 0 "" 1 2168
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe" -aup
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\TBFVSS64.exe
"1" "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\TBFVSS_DLL_SRV_64.dll"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000574" "00000000000004D4"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Google Chrome" "Google Chrome" 1 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030" "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" 0 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219" "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" 517 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660" "{ef6b00ec-13e1-4c25-9064-b2f383cb8412}" 0 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" 0 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219" "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" 4 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704" "{4d8dcf8c-a72a-43e1-9833-c12724db736e}" 0 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161" "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" 517 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161" "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" 4 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660" "{61087a79-ac85-455c-934d-1fa22cc64f36}" 0 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704" "{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}" 0 0 0 "x"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe
-h 1516 -analyze "Application system dll" "PCTAppCoreSystemDll" 1025 0 0 "x"
C:\Windows\SysWOW64\Explorer.exe
Explorer /select,"F:\PCTransImage\backup.PCT"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\SysWOW64\Notepad.exe
Notepad "F:\PCTransImage\Instrucciones de restauración.txt"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe" Code=ImagRestore ImagePath="F:\PCTransImage\backup.PCT" RestoreSource=ImageFile
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe
"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans/bin/RemoteConfigSync.exe"
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe
firebasefetch.exe
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe
firebasefetch.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.easeus.com | udp |
| US | 8.8.8.8:53 | track.easeus.com | udp |
| HK | 8.218.236.152:80 | track.easeus.com | tcp |
| GB | 13.224.81.5:80 | download.easeus.com | tcp |
| US | 8.8.8.8:53 | easeusinfo.us-east-1.log.aliyuncs.com | udp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | d1.easeus.com | udp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| GB | 18.172.88.97:443 | d1.easeus.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| GB | 18.172.88.97:443 | d1.easeus.com | tcp |
| GB | 18.172.88.97:443 | d1.easeus.com | tcp |
| GB | 18.172.88.97:443 | d1.easeus.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | es.easeus.com | udp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| HK | 8.218.236.152:80 | track.easeus.com | tcp |
| US | 8.8.8.8:53 | www.easeus.com | udp |
| US | 8.8.8.8:53 | firebaseremoteconfig.googleapis.com | udp |
| GB | 142.250.180.10:443 | firebaseremoteconfig.googleapis.com | tcp |
| US | 104.18.18.32:443 | es.easeus.com | tcp |
| US | 104.18.18.32:443 | es.easeus.com | tcp |
| US | 104.18.6.90:443 | www.easeus.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | update.easeus.com | udp |
| US | 8.8.8.8:53 | update.easeus.com | udp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| GB | 18.172.88.65:443 | update.easeus.com | tcp |
| GB | 18.172.88.65:443 | update.easeus.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| N/A | 224.0.1.2:7868 | udp | |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| N/A | 127.0.0.1:55895 | tcp | |
| N/A | 127.0.0.1:55901 | tcp | |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| CZ | 65.9.95.4:443 | update.easeus.com | tcp |
| N/A | 127.0.0.1:56076 | tcp | |
| US | 104.18.18.32:443 | es.easeus.com | tcp |
| US | 104.18.18.32:443 | es.easeus.com | tcp |
| US | 104.18.18.32:443 | es.easeus.com | tcp |
| US | 104.18.18.32:443 | es.easeus.com | tcp |
| GB | 18.172.88.65:443 | update.easeus.com | tcp |
| GB | 18.172.88.65:443 | update.easeus.com | tcp |
| GB | 18.172.88.65:443 | update.easeus.com | tcp |
| GB | 18.172.88.65:443 | update.easeus.com | tcp |
| US | 104.18.6.90:443 | www.easeus.com | tcp |
| US | 104.18.6.90:443 | www.easeus.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | images.easeus.com | udp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| CZ | 65.9.95.107:443 | images.easeus.com | tcp |
| N/A | 127.0.0.1:56313 | tcp | |
| N/A | 127.0.0.1:56361 | tcp | |
| N/A | 127.0.0.1:56441 | tcp | |
| N/A | 127.0.0.1:56467 | tcp | |
| HK | 8.218.236.152:80 | track.easeus.com | tcp |
| N/A | 127.0.0.1:56587 | tcp | |
| N/A | 127.0.0.1:56629 | tcp | |
| N/A | 127.0.0.1:56668 | tcp | |
| N/A | 127.0.0.1:56895 | tcp | |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.9:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | easeusinfo.us-east-1.log.aliyuncs.com | udp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.8:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| GB | 142.250.180.10:443 | firebaseremoteconfig.googleapis.com | tcp |
| US | 104.18.6.90:443 | www.easeus.com | tcp |
| GB | 142.250.180.10:443 | firebaseremoteconfig.googleapis.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
| MD5 | b5791976db6be716f520c660de443e8e |
| SHA1 | 2a68065e1bce3540bbf506597639ea737d3817f2 |
| SHA256 | 863c1c6cfbc0e16ea72b7bae915806c77b1fce1366ca9eb00c7a87038066db60 |
| SHA512 | 8cc2c5703f02e0773ede600a16583776f4ec3fef9540eab1c5fb924fc8ecb1b84f4394c2dc9fa749f12cec45292495710b97f196015a0dafd3e571fba98c5b08 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\LanguageTransfor.ini
| MD5 | 6470c77fbd30ca7245a77617f5575760 |
| SHA1 | 5772f6c8ec51663a19420fc2c04009777511d4de |
| SHA256 | ea177f6163205189df8409f21b934d46241f444993eb46c2dadd1e85b4bd142c |
| SHA512 | 6ffe419f191f7e88038624b0a53d5fe21d078e758059c769b7ed26e260862d815f246f8e2e3f4e2879bd3a654dbbde8ea6c5bedebf813015f66fe30cd85d4222 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\InitConfigure.ini
| MD5 | 70171fe7fe218d663ad300b644223b9d |
| SHA1 | 4c1360ec499763e9d07e900d9eedb0464603e218 |
| SHA256 | c70893994b68127e7213e37a81f81f37c3b6efd4ffe75c6dc84c9326531acd0e |
| SHA512 | 473fea98b22927d6b9811b0a797030fb6e956b4b7ce8426410a63faad8d63cbc02a9673381e4a17b75c1cfebf4fae0a054351bd46f30421b8d8813d1f4a4ca18 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\Spanish.ini
| MD5 | fd447c74f961170d34ce08957e6f76b4 |
| SHA1 | 7783195cf35af1b35aec94f4f07d9a32ac787dde |
| SHA256 | cdab320582a5c66b67393385f59ee813fc4ae9efdbcc8329ba8e2d3018ad0bc3 |
| SHA512 | 3645d52cb0ff3a641dcfddd39c9868cac1b49485d089ccba705fe046a1dd267ac017e4a6606eeaa257e585c3328db26f85207b52cd8e5e4cfbcd2303a9471906 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
| MD5 | 63c4d4021b71947a29db6c5e99678d4a |
| SHA1 | 4d24026a82d98240221077dd72f3cc169c0597e5 |
| SHA256 | 33c5f40b242955b96710a9e54a109b083d014e9d061ce5ac2875aba20c0acab7 |
| SHA512 | 5cf5c481126fdb422614251dc4ed4052e36fc779226c5a233637f40f55d774d130b66342df47479e368b64f65b2a3eda6f62140e9413eb8540723043ac0f693b |
\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll
| MD5 | 24c01bc1560fa2b6b72a201eeea4cbed |
| SHA1 | d66a91bd8faa929d6a5c46d5cfca2b3e5d24edb8 |
| SHA256 | 5875f5a1c9eb4c4c238c77104c946b6ecb9234609851edcf758d24bf3cdcb4c2 |
| SHA512 | 3a34db05cb5de1cb9c1fb0aabbaadfb5746f51d84d92ad9a52a343a4ebf78c688cdc6156647baa09343107c922ceb2f53e76d152bc5f6f761b6b1ba6c7cc7b7a |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\skin.zip
| MD5 | 161dccd75d78d1a141a54c60c1911f95 |
| SHA1 | 6d12dea87f474b9e3c329b5fa8c58e7848fb3b89 |
| SHA256 | 434c9936d6271c04ace67b39ff16cc74fbde2e007f5bc49092a2fbae91a13b3f |
| SHA512 | 5445042a550f25c3cf4876c448b50833951b3b8a9aadc9f522647461cdd2887616dd52a77802d591f3b039b0f8147290c2f76a95efb01d77dbd0c3406e3afa15 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini
| MD5 | 88cd746bcebcb97015e76047dc71b9d3 |
| SHA1 | 4f5327fdb5b6789d44dd63b4b0d107ee83be825c |
| SHA256 | 56ffc96fcfeea041bb4a52caf1392e6be65974841773f2ce138044882ecf8656 |
| SHA512 | 0d553f2c20635174f4e98fee638af6462b558823b93e98e2412fb93a0ee34b5d7248944c0e58a1648d5d9db5322a9f3483e26349adeee639b63ab866fdc2a6ee |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\downloader.ico
| MD5 | 7bd4c0fec91d5635665186f1d2dfa7c7 |
| SHA1 | 8d6b4e7fcee1334bbe88a8a08e0b8c2334a081c1 |
| SHA256 | 15dff50e862ab2c97f1fd35f1a2ec55e325bdc67616d1168176a35633db0cb03 |
| SHA512 | fd38bdb639bf413a544d402bbdfe1669402b50ee14ce54faaeeb011973aaefbd5b00462c71332c147d98a9efb818d2a05343543e9766dc8150ebd29bc18183fb |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | dfe683f3e527e708e62113db3cbfd0a1 |
| SHA1 | df30c4aa70f352ca30239d2d86315d382e3a4108 |
| SHA256 | a018e4dba388a4fb139ba112f678fea68a634cc8583d5bddde14b3984d85d7a5 |
| SHA512 | f07d50e24d73eadbe8b58eae4222a21dcb95ee3cfadebf3930eeeabc779e4fe7c969831949829143bfd127f2fdbf362b110b9b482e59879b11474efb47af1ede |
\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe
| MD5 | 674413dbbc708d32d53b386254eedb54 |
| SHA1 | 281ef9b78e8a80dac4b4efe9d8d76ee4eeedc79c |
| SHA256 | 72371235cb364ab3891597f40a3f50bd64660a808979bd28bcf1c0e7154aa949 |
| SHA512 | 34cd6e982c98d7d4cb763c9bbb20942a507fabc189f3fedd30433d2b79739189a3efbe81f4db465f9e401e3f01939bc8148b178679a0780fe1b000259fd947fe |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\tempInfo.web
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 7f411750d07619f38537e7fd612b8b44 |
| SHA1 | cda241a1ce5141288582c8f0ac4850992b427bdc |
| SHA256 | ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87 |
| SHA512 | 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 6993b7a5da3a81aa32fba2b1e4cd257a |
| SHA1 | 301cc8d411b9aeb4c3129ec145e50f9294d2254d |
| SHA256 | 3a0134daf4bbafcee26bc72ba1cad88de41774405b5716b674e5a1657b42ae91 |
| SHA512 | 5f6f34a48d160edd0b035a70fbeb45dc5f1e535201332b3b8e81de3d3c2db8694cf5d687495fd28cba55c26c273f2c60a5490404d4ab08e3e12c1d74453a8927 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 7a14dbb4dabc52e35e28d3d4ba5f124e |
| SHA1 | 098baacedd592787d92f73b2043d3be4cf421671 |
| SHA256 | 280db987c1e9548dc74db2e701adfb3ecc9f275a0b56fdf8000b7a878fff05b1 |
| SHA512 | f0f995ade7abb8de1bca97e72de973acaab5b81d612b24e9afaaf8f9cbf589e558677acbb77ff05d1c443acacf94cb089c7eff14ab4edd65193fe3a7b94fb9c5 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EasyLog.log
| MD5 | 015e0cf1de9ec6a4540fc4f1d8c8b547 |
| SHA1 | faecadfb1336796db4f203e4f00a62226b2ff2ae |
| SHA256 | 38d443d126bfeee57ab46453343285df8c728172fd9c3a78910f8823284bf658 |
| SHA512 | b9d7f9ae71adb53797737e0098b9bd2e651a196185188522cd3751d409e78a8ae836353d2ae6521aa2f6595177505b7962b217ec40be9465dacd1339eefdb977 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 6610a47a1b3024c7064e607e4ac3c003 |
| SHA1 | dab56a1561e9e0f48cba118e59d9c40a574789c4 |
| SHA256 | 5fd133194002575cb04eaa9afb21393ecbad69271c353ad519b0bc96d2d53c06 |
| SHA512 | eb1a4fbd703621d7933dbc0f12a8367672dcb64e7985e98ad5069c9cf8203064c804a5cbe2698954e2b199f74f733617e608316aa35fe9dd7dc01ee8f90c65f4 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 6cdcf926117d2ac6935603d9e30f8a1d |
| SHA1 | 11299f93fbc59808eb2c64263144b71e0c3cdb04 |
| SHA256 | dfa82d2f6b08bd530fb316a848d8d6b77518dcb25458789046e250116052e409 |
| SHA512 | 53b0990cd76cf75f811d236e1edd749eee8803070b3851572de8d2b19bc790f10a021616dd2d356b16ec9e06badd50d0eeb25b90c3702bba07885df8ce3bfa68 |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | a1f55b0cf9333d0efda21df9309c370c |
| SHA1 | 22dfdf4979b6a4e2b283ad57f20a660c09572cd6 |
| SHA256 | b0b4b96289ce3d2cf1396081cee3c43f27a012d8012a5f22b0fc575fe13ec1ee |
| SHA512 | 7580f68f8edc62c1721d21e995e69f1ffbb6bd4818639ea9a86038c1460668a48ddd5e1f5356f772157b5e0f47966698397af89a32740533cb4a2d35590ca148 |
memory/1400-217-0x0000000000400000-0x0000000000438000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp
| MD5 | cfab0bf664ca7e21dd9e2471bd92d41a |
| SHA1 | af005dc1f482e8a1ef5ec486ddc820267ab9ba28 |
| SHA256 | 9e315817772688ffde48f2d27962a55f708242cbe96ac36f147e30485c6b9e50 |
| SHA512 | 58b62496aaee55f86ba4ad547ce270135e1f66b2501ad118fa7c43e579340145811139bea2f71373fecdbed2b10fa97beae6522e84abf4080d2db95c8bb411b6 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-ANMFK.tmp
| MD5 | ea9eaeed036748315cf2955ff7761c39 |
| SHA1 | c477863567edf7cb812154572fdddd8c8649dd32 |
| SHA256 | 265742883ff410f9f0d503fae5c73e2835ff17b6eecad9603c087ccdce65fddb |
| SHA512 | 09838422061f84e42296dfd1ed087b78d14d9c38dadec4b4f396a4cf2acb2c59a8f5b79258a999c979d5d273382897356399c1f4687277410549c67a3c7b8913 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-FQGGJ.tmp
| MD5 | 365289953286d1d1684634643a053f49 |
| SHA1 | 165c65d3f826f9569525817112bd734e1185eda5 |
| SHA256 | 9f73067dc2b822776fef384bf396693a1ce1f953b5ba5e9650681c1e2d324ee4 |
| SHA512 | 7725d55eae106c97255509dd1dd01e5066e306cf1cecd3ae4580c4b8e3c4c66ad1cad1ab6d10b2f185200e30163ad38e2be73dca9c564735f634f4498d91cd6f |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | b0a165fea35aae7711786b410c8ad03b |
| SHA1 | 182f50cefc9122ca143a59ea996e9d9e6027ef98 |
| SHA256 | e5ad94455d7b5a9c7439cfa0a2357cbba2ba87b1c70b6dc912a5c871508e9e7b |
| SHA512 | 4462da6b7b3dbc3e702b3b480047d1c677bc2736b250ecc86a529e837569330040ab5d4e8b4b4fb74dae2723ee0e0b9c9a66cc1c60c71b56910bef0ee9a0797f |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-N8B1V.tmp
| MD5 | 8f786a81373b4e8d43b680227b502f9f |
| SHA1 | 30023effa63b4b48a2968b81611fbb752ead56eb |
| SHA256 | d5b81ac00fe51cdebc33166cf9b04ae1ad544fb70b2d1421d60e71343cd04ba5 |
| SHA512 | ec571044d73c53616a1f64f80e28c80837a94ab3b64a41ef6fbd3fb6f8441c82c97437dacdf8257f882953f4f4f8940d7a2ff45a92feb1f857d6e02df59b026c |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-UIKMK.tmp
| MD5 | c54011f7f97a68ebad07cb5860595d9d |
| SHA1 | fcb34d827cfddc32c4f6d0109514f437cd167189 |
| SHA256 | edd375f4f562fd51ea7eb96b0bfa95975eb42f79d054951714fab07c91578b4c |
| SHA512 | b9dd824bc700fe1d074e6d51b999e6813dac4cd1791472ccbb739f83d4e7455f0b97b6678d6ea0f62c4214b315a87f3d22df5a5270462e962780f11bee65cb5a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-U5FK2.tmp
| MD5 | cdb5483ad30acb81e6fc38bac0e70d10 |
| SHA1 | ff287227d69f29709bf27dad762fa674086561c9 |
| SHA256 | 5a49452c9c49fd7fc2ae564fb7d8d42befb016c10c38ac280e351bb3f5319882 |
| SHA512 | 58e559bceb1cc9942923d20afc49801d255675dddec5adc87aef71430eeed5ad9daf9b96247cc505c6b7df7f22f484c1f5244e1ea300ac8162fedf669dac2683 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-27UIJ.tmp
| MD5 | fc729316b9f0d0d2a753d83458f19d27 |
| SHA1 | a71732c2c1f46a52e7af3dbecdefdcfe522f69f2 |
| SHA256 | 8f2f9ca6110f2cd6b4861e1ebbca5476792872c1b5b611d5fe48dc6cb8bcf39e |
| SHA512 | c99bb5521915aac6ff618a9629e7f61198712634d5b9dc733bafe9ba53fbfd9f506db1dba7a7c38bccf7f95e6cdbc617add2bba7e99e249d55ae33da0160c696 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7AUPL.tmp
| MD5 | cf67be58984e3fa5068d8db07da19ba6 |
| SHA1 | 78214e50ce271ac6d7da66fc221e69fedd405498 |
| SHA256 | d1a462bd64ba14491f8f671766c6a5030b4d2b4a71fb9186073a6c88081d3eed |
| SHA512 | c7508569ed126feb7b636194d213717618a1dbfbd40065683b3299936490ed5e0d6fc61261dfad6006fe73e5eff2981b043fad253ca8ff0493ce5554c40ec4e5 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2G32G.tmp
| MD5 | 5ec9bc4e91a825a767bf709726924a8e |
| SHA1 | 6d5bc48d7fa24d499013f15e7dc31d7aaad3a01c |
| SHA256 | 0ff28d2793d021e10979d8338a76cc76c4846907b28cf6113b018245b715e281 |
| SHA512 | dc3f8fee4b0cdb4fe07171da956f90f73d04564197267ece6e1fbadd566b36483f304376ba0e1aad6b13e14d3466c0a95a9d54d65d86e1772a2f801c2b7e4284 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-72Q0I.tmp
| MD5 | c69ff0e678478eb4a6818806664d9196 |
| SHA1 | 2f28315260951357e1812997c2c623ddbbe911cd |
| SHA256 | 0823c22330d319f5181b9051aa0778d007d47bd173099271277849157b3859ee |
| SHA512 | 90d3b5e2b9a8b73bc6c4d10fcece8d91f120ab69d9bcdcb39cb9c1dfeeb0a6003fb1756264cf55e7df5a033718e7fac9580203b0ec363d8af79b5f02b821023d |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-4KUSR.tmp
| MD5 | faba95629feaa0dcb735958390fc9cf4 |
| SHA1 | c9a0a870d9eb8ff183efb7ac3fdfb5af5c47a885 |
| SHA256 | 78bc6bc9ecc7901fb56bc1929324b8c9ec0e999dee17ec9de49e817f0c5bea41 |
| SHA512 | 7449612867f8692bc7a98b182d2a9921485804dc82b65eab131ae6dd110e11eb73b70f71a58a026bec752d506a4412b9b60983d140a763976d857c16ad05c30f |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-GDTKP.tmp
| MD5 | 88a5e9c0b52751459e8faf28d91f1ead |
| SHA1 | 130c628b6d67056d685d8493e267accf18a19d7a |
| SHA256 | 08d85a27079ecf282c26b7d34dfa0b5672385f9858e5ca3d2a239ac782aa2895 |
| SHA512 | cee77a6552ba8b42256513f8267aea3d6d97a93b56e655ddfc476fac6df2585b3ac5a82d4c9326a68e6a1d1952dbf4213763def715316d829a84fa97e8916d08 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-3GUV9.tmp
| MD5 | c2f386ff90d53b056a69d87b39fd61df |
| SHA1 | b1a4a52b64952ccf8b1253927d7001855c6a6007 |
| SHA256 | 2848a604e42c9fb0770a598c138c213989f7000facb9f745aa5f5910b4aaa951 |
| SHA512 | e1bde389bd733e496d495d966a866b450992402305732aead32ea0ef479c624810ed22d09db3ac3e799fe91bae6b2a6eb6451ff834dbaf1c8369e03617b14ad9 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-5KUK3.tmp
| MD5 | b6db5e55b8b57f7f44423902fcdf94f6 |
| SHA1 | caa96d72a94c0c70f538a79b039332ad0599d041 |
| SHA256 | 702207640938d9f8e135fe2ac783ff3bd1ae8f1c777ed55da2f38b7baadcc1a2 |
| SHA512 | b042cb6983a41a032fcae8e59a95dac4db05bbf6f7dade097a1f904d5097ad1f6c5e6e02f92138d554c9b329880f0fcfd8674ffe8f766b4a0a50cc73b45ea873 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-6N82V.tmp
| MD5 | 74c04bdb7672e6f1688cc9b53651d5fa |
| SHA1 | 47f2614432bcab4708d6f3f5c88fbb1cc2139a24 |
| SHA256 | 554951e9c282df960bf750ee5a6f1f03738fc2d5395a28d2261b780f5fe7a63e |
| SHA512 | a77ddc3cb2520c86d0047f5d7290c40b6d0ccece3740166d2c8e9889d56ab21c9e8263be899ac45c49023940bd8a7cc29a61a5fec79b9ff201279f192290823b |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7OUDM.tmp
| MD5 | 9fd27f5dd094d50b97d30d623dbcdc15 |
| SHA1 | fa1ca00fd22eafa1268553558e8350ffc7ce0f43 |
| SHA256 | 1e2d1c289834ed3ff05394a675af58a1f3a03cb46bf118b1cd3df163a63e2149 |
| SHA512 | 49eab357e4964bda2400634174778ccf101ffc40abf9a5585d432330428e3bb93d17bea2d433e396780266d74949de43a4541d3655afc68079998eb05a794c2a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-NT6CN.tmp
| MD5 | a1cdf6df3953ec3d3a05892f3a7dfbce |
| SHA1 | 17b47e4f6f1848f134859828c329c61c0c9c06db |
| SHA256 | 67c799d9a989097b3442e19ab23466d8aec24c4695a5aabaa64067b595126adf |
| SHA512 | 48da47b03723ba7bbf589f734d5d6bae7c39202ab363b53d5901c08749bceff21bb13c63163778e674774e70306586d6dd9069f8924e5dc65acfdcad7bb42e9c |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2J5TM.tmp
| MD5 | ebaeb1736871f5af6750d880f9c8f56b |
| SHA1 | 9a1dfed0ff7543d3551e93d21da50d72c1fb0dc1 |
| SHA256 | 271547a0096cdfd8789c23d94c89ea2f4ac4f39d4121035090b18dcd3b972f83 |
| SHA512 | c5b7409dc5bac68e7a7b5ec6eb82093628eced6b55b31ea4b3a93629657d25521ba4efc5401259b60cd7b881be55cbcd82b7ac39cdf998bf25260cdd4e63954d |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-EO2CF.tmp
| MD5 | 31e5c0c38f52ea021193ad8293aaba81 |
| SHA1 | cdd50ba8623a32dddefef9a59c57abc43e1975c2 |
| SHA256 | 45f8e0006ae2e67b57cc708eddca308cd06224f4d90178feb325c868645ae207 |
| SHA512 | ed4625eaa5d78c1b5706bb389b0fdc602f5e52ea5ca3dc05004b5e1e15a0cd32221c0c47790ba4578521aa2279e8ce52b6bd403a0fccfe2bf23e2680057656c8 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2FQE0.tmp
| MD5 | 6d24507b4982a1a5098dd9406575b4ba |
| SHA1 | 098e6c8a048d63099a53409db30c27b6b8096c5c |
| SHA256 | 63aeb6596fbf25ff06b1986e7f04b8d0f5e66ae5c63b8de07f1b9125a0ddadb4 |
| SHA512 | 1c42d0ef2a21398632cae99368adc633e6420874308d1e37cd5b34189c4b4fd8b6cdb999bbaff049217433c216140037f80705d81a8edb580389f72f9893a945 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VEK74.tmp
| MD5 | 9ae7f39df92f6bbd6890d0844e0a146b |
| SHA1 | 08aa2a725eaafbe0c571c7b1ab59d07b5ff15e05 |
| SHA256 | 13bfcfc9be30e298e0a6fb4d20fe681ac83eb4aa58d1737bddd7e47f60ab1aa0 |
| SHA512 | 92f7aa38577f0f11bbae86132a395520a09f3779199859053e2786ea88d44cad4155d23f22be38b1d2d121f3177d971c435b6f4054608604b73b85989fde92aa |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-RR2TJ.tmp
| MD5 | 8994aa12bbed3333440284af7f3f8101 |
| SHA1 | 305d9566c8065c7399f53718f71781e4528f3612 |
| SHA256 | eda273213ff8e14de4df17535c278d31a52173a808533852078a9d6a45b79213 |
| SHA512 | f55fada44a94936f88a0c233508ae3b41539d55f9e649c0349cc97bb9fc7dbaecb745bac9c310640186657456a4529fb24e43e85b20ae64daee4adabad2e6a9b |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-CJDQT.tmp
| MD5 | bf6a5d8a44424e802683cac1d07a67b2 |
| SHA1 | 43d4ab5516842327ed6972f5b24e6a32088bce96 |
| SHA256 | f88ec5d69fc516568cf725742a7f5e72a8fb016a9aa5159997c021c3dcf85981 |
| SHA512 | af9e0a4fc629faa3cac39a73420c1b0cf31d6f598865e90c71d06f9a42913081db6a438e18c4ca75c36f47fa6904ca144efeab76f025de85a2136b4b77840c3a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-6VL38.tmp
| MD5 | c8ad97b5f4d802791bf78a967b046014 |
| SHA1 | 06a912988df6941ebcd64f343b30f7875e996d8b |
| SHA256 | b610794b5384be1d3af85d23b756945b9d53460563b8a8c31901b65512c0d567 |
| SHA512 | 29630d68b33723da1a91c67937c0fdb7a3e3ff69f5268d8ff81783a2cdeb0201198f2dae1cb8e4e1ecba47dc85acfaa24146139c8de73f5e3108b553a23d00b8 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-POUFT.tmp
| MD5 | 72fe91b7c8ad5250cdc6fcc60e08a3e4 |
| SHA1 | ad8ebfa645165b02ea1ee045d9472cb8c1b827b2 |
| SHA256 | cfc90a9c02091b88fdc4ffe08c2bff87fd5604ebedc084c6dcede8d0bbf529bd |
| SHA512 | 8978d61bd38e0dc303b66b72da1db49835cec305d31e5b7c8659713d7557081b116e913f7e942d67df90771eb2defbf3cc84c1e57f7ee81332821d91f44601c9 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-U2USJ.tmp
| MD5 | c492ccf00c6dff644788e8903961f576 |
| SHA1 | 451257913871c027f6724f38c48d7292dea1c284 |
| SHA256 | 375bbf456beb2eda2153686d806e3bdc25a11b8d06b2ae7b3de2460bd6e963e0 |
| SHA512 | e3ba0c3d429bad9d8e5b0712506c3106de3343572170b8e80565adb325a5054b88204b3364de31fd2d4ca36b77937d4d29ff3072dbe0e1f56ee359bcbcf14a58 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-19DAR.tmp
| MD5 | b95e3d14475c7b4d8a551e789a73eef2 |
| SHA1 | 66791a121f26309e18b19b31ce5509d5d80819e6 |
| SHA256 | fc0c94822dbf0c3087fd4bfb84d7181a00bbc9f8de4cbfe1387ba1d83a7fb09c |
| SHA512 | 1b9070e391a44a6cb2f01bdc713e1155a5ccfa82a9361d5b8302e7b9582f3a21cbfe156f9199a571029da26149a1757d9a8c009ae80ad79a7c08eb712310e6cb |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-737B5.tmp
| MD5 | ce26d003ae276a17c7227627a297f9dd |
| SHA1 | cc642f27ec79b73bc67305c64fc7cb2b329e5754 |
| SHA256 | 3054d03b401a44ad5ff02773106c201f80d2f78bc439c9cc74ae5dee63484387 |
| SHA512 | 99c1e2a65d18ff25e45e0986e9a2f747c100ae71ee246076ded4dd5dd7e6f1dd1211b4b644e6dee4a054b1187f1519fae21c2d1f2b7ba3765f4ed1e0a68a6119 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-AV8Q4.tmp
| MD5 | 8f7c6a5e3b791bf7c4d50bca0845adf5 |
| SHA1 | b11f0389da44c432390b90746c11e7e3da1f64ec |
| SHA256 | 2a3124e0ac67700c286c075c6423c3369759ff89faf3f7775650145ffb39ee3a |
| SHA512 | ca6eb88e929e31efa0655e9930388396c85f370c24f6d72fc8f0dde217723983684ec52aad29e964363f7408b2c4e0e90c4eb630f802b6c6bb41dbd58fb53882 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VKGHR.tmp
| MD5 | a598046ebdf1516c21023d986ab43cd2 |
| SHA1 | 603ce125e3fb1872dbaebaa9d1a3d0d80a16b567 |
| SHA256 | cf185c621901ddbfd76ed5341b2143e77980520467dfbe705e99260b84587644 |
| SHA512 | dd170baa1ecf2ccaf8c68a0bf4bce851e8b859df7ac4cb09a7953c9aececb61b63485679dc0c5f89b1ab4e87175788aa9706fa91ba353b8e337b41d8b07303f2 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-UQ4MC.tmp
| MD5 | a999e53405052dc4c842633ba30f60eb |
| SHA1 | 1fb32a47a26b56ea280617a71c4a40d2f7017919 |
| SHA256 | 8a042b9acd1b26762a0105b840eb97ccebf9549df5cdf1135662ef5da0d1cbb6 |
| SHA512 | 4bcb23fdb1f596f25f01452e18b6f1a545215ae63f0008f6cc5408b2ea861d0769a113112b72f7e0d8075ef303a87e8cb1b5af499bf2b671d3225aed4f2b59da |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-N5DCL.tmp
| MD5 | bc16115a339c0bdf5a5affaaa568253c |
| SHA1 | 5f36fa7bb74760efc9265d1a52dee6ef5a17be7b |
| SHA256 | 47184b3696abcfa5313c6c9ecb439f12393ff107f2c230bf0576814bc6e02241 |
| SHA512 | c7f39dac4d5fd9c5d02454abbfe94a84607b69ba1d26b27881039ef3c25362e16bc09fcbbad4d3ff7b13492c77a22152e0d5fb4432d934d387ea2893c50919d6 |
memory/1400-6404-0x0000000000400000-0x0000000000438000-memory.dmp
memory/2192-6405-0x0000000000400000-0x000000000053D000-memory.dmp
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-RRQQG.tmp
| MD5 | 495c9c664b5be8bdaad7fd00feb04355 |
| SHA1 | 2bb1f2aa889f68f744a8dda82cfc51df721363e0 |
| SHA256 | 398c5cdb402c290ed4ccbe4e11a4947d02883877dd35b8eb731355c737e1c823 |
| SHA512 | c8f31da3e9b22ab13f2b0b1e1229efe7d58ef9bc0e30ea6b228f062eb04617c63daed9f01d43dfdb780645067be13e37b75b636bd6e0b90190e043619db177bc |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-91RQH.tmp
| MD5 | 4eb62964a6ce446f5e842fd637baaa70 |
| SHA1 | a376149281f022a60cd2aeefb15578cfdaa05a77 |
| SHA256 | 1a43e690a41ebc32848cbe71bfb957eee1684a1ec59965b1ee7900211233e4df |
| SHA512 | 68e9361d2d7af65ad0cb5eaeef09776e77cf80ebaee1170ed7d3a37006ec7ff98f5a8c4b510bde69b98418fef09c31bda348f71fa7675fd9193938e36789f57f |
\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe
| MD5 | 7d8a83ddb4991af9aa4e65616d38a9bf |
| SHA1 | 13e9b549dc4fe810dc4293438e4f09ddae5ffa88 |
| SHA256 | 4264f6d9454e997226427ef7a4eaafa6d58d72c124bbe3ff71831eb421e5d72a |
| SHA512 | 92d368cd162e39e1aec41faffb94f45ba9842bc97cae44d6c433867cea126791efc6d5de298aef4754c0405d8b854f13776bb1664e51febee479a8564f010a8a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 0a6b750b37fa13b2e52ddbe251fe0fea |
| SHA1 | 3ab473187c74690383c3a498fc519106a38c2f5c |
| SHA256 | 284ca5c72b1cdcf958ef0f9d83551be26e2f3a21bfa1436cd4cf6890749b580f |
| SHA512 | 50df90eeffe0bdd93b1db89ae68efd59b52dc63cd56dfa10e615a19778a7d6d2c2ad642770ff9820d7babecffadc95ebd10c37063bb1f47a9a0fbca9b20a9d6b |
\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe
| MD5 | 81cb46917e30dd7831e5210fa3a8a163 |
| SHA1 | cff7dd034e6528dce3c7b21f612a3a215db5806c |
| SHA256 | ae17fbafa1cdca80dc0f414159cecabadeb69ef9c4d69ac58412fa430e716de9 |
| SHA512 | 70c1b8ed3a45fd7afa2eb6c3be33be5ba6d527c99afac82168db213483109af4a385e2d4f3fb8bb1c8a83a0b51f3d3910808cdfb725231bf3068d7eebdb7a48a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\MSVCP140.dll
| MD5 | 996d01ad6a71761f29a98ec9e9f30007 |
| SHA1 | 85aae459210739b2d24f24cfa1a42ccfe6478514 |
| SHA256 | c8e7456f4ac9aa65ef3ad61a6daf30efec9737344d173b2d6d2c16e752052a55 |
| SHA512 | 6b145328a61bae1ab8be7ca9aa07e04eb06924cd2d24a8513b6415dfe112440016e21ce24ba69d8cc0fcadf9de5276b7b7961b9c0a91af4e03a0009521c41013 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ucrtbase.DLL
| MD5 | 5a2b41a8c62c38d026c2567b88bf6ffc |
| SHA1 | 9af1d9501b17af78596cfc83657531873e740929 |
| SHA256 | 9793b5f7890034ea345726fc9df07b79f518e1aebef2ab8b3d409f67465cefa9 |
| SHA512 | a0457dc507b4e7e5250a30a53ded9b0de1787f6f73e3586c1fdb62f1cbe924c4ca9599a3ba69c72887e610adb15d7b2cff18fc54033afc3aacfc74157ac43c27 |
\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | c29a67702f252ee33bae5d90046b3d43 |
| SHA1 | 3866b65335806f6ea172c0f031e5a9d582c5e926 |
| SHA256 | 55ade67a6e64caa2b624187f875ee562ffac8eac5a2d49d06d935c09812e2cf5 |
| SHA512 | b3b1c5715bbf47671ec837a20fb6853b1124a8bb29585a48a0d32af02bcd8f6368158f8bb74e0bf79a36e73003ef4f40860bbf87b509a1d323dadba46e7cc4a4 |
\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\vcruntime140.dll
| MD5 | 9248c36666a2fec5e2a8913d6edabf80 |
| SHA1 | b7bd53b97974d5f4ff3a3935a104fc85367c105b |
| SHA256 | c8e6089e6efe9573af55cf011c4e41b21235b2531f6c395faad53f410f22acaa |
| SHA512 | eb7c878f3d4ebfb175579cdbfde8d589c71d2dcfbc02455caf132b5ea6964835cbce52f9479c0f6e4e58624629d4e13091a97477c914bc71d2ea4cfc9da404e8 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe
| MD5 | fdd2b614d0e52919749df5ae11176485 |
| SHA1 | f5ad021bcab11e51c49c81a90962130af8adeed9 |
| SHA256 | 45593a96fc320f49123d9b8f813ad796f62345638dbdc8b58ac227a444978715 |
| SHA512 | e5682554503197369b4ae80382991606671374b1e96abf8221de776213de552fda0f74eb673a8546d05ad8468306702d79f3cc39731fedcdeac28cf709c2154c |
memory/1400-6608-0x0000000000400000-0x0000000000438000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 4eac836153cfd5a9023d5f2f3c6955aa |
| SHA1 | 7e8a8def34e21bec71c8904570e224b837cc6504 |
| SHA256 | 9395ae73d40b752830280b9535dc27da726d5d5329feeb6879a2f595dd106880 |
| SHA512 | dcd67dc7e5b50de6de545afe2ab208973846ed9e4e00dfb36a92dcdf8a4247b45a5ca9c18e21084d1bdacdab5585852a3d273b4dcfdaf0b469850ec57411b4aa |
memory/2192-6607-0x0000000000400000-0x000000000053D000-memory.dmp
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 9577b93485a47e8128961f8b816a9ab1 |
| SHA1 | 0800ede13561faf56f8058a9d2ad874ebdddf980 |
| SHA256 | d1bb47e8f488c8cc5c9ac333c94a3317dc4a1664f24210c47c6a060f038d4c9b |
| SHA512 | c626aa3306a644ab53b618c9a7a7503bf12a07224e3cb3201229ad949f7d733fe502b098a08f7b7d9d4bb3bbe8b5412520218c94f53724cc2092160a3bc4cbcc |
C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 71783fc9640966af3fd349c06020a5b6 |
| SHA1 | 79c3e43c964836bc4507d43725b36fd1ef431906 |
| SHA256 | 058117c3f4bb3b6363b0d6be3f39f15f19bcba15fd118bd1cee7c866b74bcb65 |
| SHA512 | 53c17f2cca83c0b9ff18e464ad6db7a63456320fa8e6fc56c5df351f20a1d82ccb033adb983e9a0d495861ac7eb4056bc765cdad920f2ae4d89e640cca1e0cc6 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | a3c82c7ac848549647f97029a58aed10 |
| SHA1 | 76bcb9f481c80eb5b4b1433f70c320a0d772a563 |
| SHA256 | 8637ab27c6f2aa715b4dfcfd7001f914ee3b6a4bfcd5034a6add751da2c374ba |
| SHA512 | d676e872530a0b173cd9b164a394d078ad319910d3045d8d5ba159a911a60942cc7397e4f76e5225a4281ecbea24bf01799866ef4a3eb645a1280db1c216c0b7 |
memory/1516-6668-0x0000000000460000-0x000000000046A000-memory.dmp
memory/1516-6667-0x0000000000460000-0x000000000046A000-memory.dmp
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 87adb8714520be93471d24101db1e580 |
| SHA1 | 0dff497efd8b44adfeb134603a25c43f184c3f8c |
| SHA256 | 9311de88dd437ff571be8cc4320f43e0eb04a43b5dd9720b1d3e81aa15690d6e |
| SHA512 | bffce65710fee9c69496d89c0ea73735392da7d8caab43c86cab8863c14c5a128cf32c4656b491fce7217f25c61834352e4865aaf6d109c5e19a7203a18c036b |
C:\Users\Admin\AppData\Local\Temp\Cab35B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3FC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 692131f6c5f048c347e66759601d3305 |
| SHA1 | 4ea3dcafc8e2884b997fb7fb9138f84cc3e72876 |
| SHA256 | 7c569a13d666cce31e9e504fd4bebf14cd58fffbb3766922287d195507cd2a90 |
| SHA512 | b0cbe8f29282acfd6062c976dbd4d771e93cb03b8ed4d69802a77ac3affb56068e8aa919107c2f03d7d599ea5d8874e1b93a4486a01e659a4463d2d21e64beab |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 0443ff005d53f9cca90c91f4466ebe33 |
| SHA1 | ebb73bcdbd3a1a12bc19768ad0088e9bc3ae49d8 |
| SHA256 | 4a5b56f81fb65e9c726b946ec516966fb3e1cf610828e1dae3af3ff948af65d4 |
| SHA512 | 2d53b3aa7fd389c67f256ca8b749c8a7a389f417d52037e7d0829d8f9a1801fa5c60d677e8c71f636fd4f206127518dc259c4d04d88e71c93d55082db680f3f6 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 622e73d9280152c19e4a3e071411103e |
| SHA1 | 0cde1b9fad35af37ee5d8e37684f7368bb4edfdc |
| SHA256 | 85a18874c0681aa0063dfed3f879aee0d0e2622664a3080f56e860f46ccec89c |
| SHA512 | d27b5d0ceb8c69975e4ecba75f776750fc0bca2176d343a0d72633a94b685e81b95d23de9b80bddd13fcf839f7450e9ca9ae8e590c629a92aa22c92cb2841dc9 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | f6f4a1b4f375b5c21f2372fadd7aafad |
| SHA1 | e1a3aaa829011a065374145e90ece94c8b5c7fae |
| SHA256 | 97f056c8107b38f9e060ad127170c98c57b48210139cd7ff6f6c690c1c6c1fb1 |
| SHA512 | 2359a9b35829b794dad89c76a44a1844cfd254d279295c5a452157e946cde32bad0c765ca6dba467ef291f14d5e88dee34975b07b72f750c6c372b419cb3e562 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36b49afc8083ae8315978bba05e65e9c |
| SHA1 | 206724c978ece68110a0e9e0ec93e3dddf5c0edd |
| SHA256 | 769c5ec1116312811be07bab23a296f81e568ba4e26e8de3b8b670b5e6829ab8 |
| SHA512 | 1c3fbc4f15698c4fe845d7550310f496f6f0af903a79afb252973f2b1c9cb8ae462c7e2f4d54bf9209f7590e286bd747869a6ec9fe661e82bc0b975501e780e9 |
C:\ProgramData\SystemAcCrux\dfb35f2701c538eeac.bin
| MD5 | 13b9d6e983529423b3a456278c617891 |
| SHA1 | 9d8357be7f0611692e110f06032e9842a308578a |
| SHA256 | 75904285aa08f139ceb43e2c653e35ae774572bac1bebf2b9547aafface260fa |
| SHA512 | 69302b37aa1c3a182e4b2e508d34c8ad27233c9e8178c8c42a1a44fb71a624b2573c64f337882a16953a6c04e794c1e406726c6d99d46c774f6ed71ec9017319 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 0cb8a0d742cdcf45fbe44437b9703fcc |
| SHA1 | 433671592ea696193fd6c4a7514edb2e26f5cfaf |
| SHA256 | 473d13665a16c43f34dd29e12f8d20b5c368587a5abf95a6b204d837cfe5fd68 |
| SHA512 | 75304379f039462df4376f2e4edb4594b68f358b86e31a6de021bfffd37d1064a3f17847bf2ea2147fe57e5b4f73407ffec4859ff24b3bb09ed08b9d0688d6f6 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_retain.ini
| MD5 | 6b78ff9d8457040d7fda9312968fc28f |
| SHA1 | ba4be27db3ad50a2042e8bed0d3a96ad69e491f9 |
| SHA256 | bdc25e69c6e430d8a93fe1299c5c4c6cb8b537c29b1cce41bae65ff19b51ab4e |
| SHA512 | 7be751a2ad7db78be6888f9f8c4dac3ba98c408cf53d444713c680d3dc8ad07083d201bdf20d1a9c70dc0791aa331b237cafd84d78c12aeb2b7ef6eb0d556e40 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | c743249b171df5c210242ae5606f2a63 |
| SHA1 | 41f3b22e31cfa719e8ebd2c099e01ddf37e28894 |
| SHA256 | e4de45a4eaf42d0bd589043de2e632ceee5646ee181e8f5858830c69661ba6e7 |
| SHA512 | 2f9cf8b39792395c53401ad3aadc54e6a0793ce02fc9be5b90754d2e146498fd99a4dc826638eb3923e1e67a41213bea22b9de6939d191891a60db2ffc7e3d7e |
C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\F566F209285542D4B4929A7BAD21BDE7.jpg
| MD5 | 6a114fffd529730579a7bd53b3ccce79 |
| SHA1 | c7c8487849425580b5a4d49d9a765929451ca0ba |
| SHA256 | 6715012d3972c3a78a5ebad2d63a78ac4d940a48814b9de03cd0c75f39d87341 |
| SHA512 | 8ab6dcd37c18d28ba337f62b1ae03adaa06ee73e5d570db0a76cf7870a029e0faaf3d4824dd3f659c56de94605e410d0a1ef2fe9f49de6955b04398c6def2944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 586099fda0a208fe2b6961444dd122d9 |
| SHA1 | c7021d51b8be9a2fce2ebc34ca90df960822f43c |
| SHA256 | bc3c51cab8f7d8b104d3b68ceefe859be6ef1b9d9bbfb3fba065d4fcbc29c4d7 |
| SHA512 | 33577a1e7d8b86c247bf3e97baa33844fb26064314e1f095ffd04951c2746e4cc07732e75d7d6ea6f260a743a761ec03ed417a40bc604842b637796fcd3700aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb76f8f28135f2bbdae90f881105dbf3 |
| SHA1 | 102843dcbaa4b9ee0fc80b5849ed7967bc077b8a |
| SHA256 | a96559b8c57169bac9018e92aab203de80af9519d3c47a27f2de0ce7fd2213ef |
| SHA512 | a4d42fd456aa842490a6b51d138e9c945e52ccecf425030ec38d17d93445e7ebdaecf6c9b5fc719737afa973c646123e6752e8fa3ad19ae4bc2778d2e5e28075 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81a0b96562a43414f714d0ce43dcc37b |
| SHA1 | e925e7c68fd69656613a3603b3ff144d994b6eca |
| SHA256 | 12c8140db4fcc9d3bdc51401608054f5f53d9fc851a685b69146b0d8b38a1fac |
| SHA512 | 41c32be620f0cc7694872fed366e509098b42990cf3b75561e314e1af32ee363a45bc372f0064c1a9121c7a3c13693406bc7b58b04850b027e917228ab3a7859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | b6fe4ecc60f89ecff1afed709e940f02 |
| SHA1 | a8e915ddcb754b1d70620105605c3bc9b74a6fd0 |
| SHA256 | fb6131a007c50057526cd2e1ff14b4f1dcd5f33f2219d76a618e5cd7644aa13b |
| SHA512 | accb57b8d27ecb6ba53b97c929da8c481098e11f555c12594755ced639b99232f7c53c1f6e48262d493888ee88ed7d5a9a2afc377fcdf85f68de23efd58a72ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bd76ed5216689a19613a10e5003f890 |
| SHA1 | acc85986af936888681c1507324b9f718926ee4e |
| SHA256 | 0b272be6b1a130f07386b38701afb76a611921c2746f9fb6e4ecc85769374a05 |
| SHA512 | 4175f42eee47d1ba52167f22187d76f3e98d468198f2c404deabc1d86f6859467760af7cecaed21df7836bd6a90fc30e2a8c595a440b0d7c6245516665b77ce1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c730280b95a0c154f3d53a8211992e10 |
| SHA1 | 3d14dc08bac4fef9ceeddbaef75731d656570fb0 |
| SHA256 | a2a794ca2c468c04fd8b8c2b8e0f9c768b21ea472fe2daba1704ef1e0d5ea199 |
| SHA512 | 25b097197fd5f27848908c89eb0f8690cf471cadbf90713288da5e1598e128aa137e4a3c3fad9d837406d58c6f74d929999afbe029712008656cdc855c11f076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a82f130dfe90e3d2d5e86a30cb8c67a7 |
| SHA1 | 99b00cce44cd13d42ceba523a4bfecee2d84dd8a |
| SHA256 | a0962987083050438b38d47a5382c421df93c79d0b0c357f94e86146645ca3d3 |
| SHA512 | 944a2fd768e5909f3e67ea8b7082af9a946445f7dac30dcccafb84957b7702a5aad96c71fd8a17ca9c455948d782eef7c11222bfb5b7fcc3fa0f2a866c62af39 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 534e447788a5b3030cd96ea6e88fe25b |
| SHA1 | 04ecc5b87be49322a6a3d187f9feaa8c6495ba7a |
| SHA256 | 774c0fb0ae8f2bf6408f7160e381a6e10b5c736265c8166d9c68c10b04157f71 |
| SHA512 | 691ce6889a76526de02213dac85f4b4f7b7394aaf6349ad3b4b6018d8403eaab14bb3fdf02589042f4f00717b8704f2145d60dabccfc30a0dcc5f472dced1c92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d52074eb4f2d2f25d0abfeb7529addd |
| SHA1 | 98ed68e72d0c1e5023cf89fedf193976ef451fc9 |
| SHA256 | b73f2a44e0c133a52d997fbd3cf384f6b1df1882bb21996530114996d6c4ca70 |
| SHA512 | 62ff237aa61c37b0e65c1e432978bd0ce823ce4c18853602d027b77bcd3e56a10b9690ea1137fc29ca41ed3d925b951c00f989dbab8b6b199e355c4cbb813c1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fb832ab0caac99fa16c14f5cebe6ffe |
| SHA1 | 0b0aa740cf03c50f5b1dcf60e56491317f3b29cf |
| SHA256 | 4635e496027caaf365816d4c3967e2cc6a2afb94dbf459a0d441fced5557964c |
| SHA512 | 2310049f794726471e0f4081772db8f494d6876e942441475f14d0868a0863007329bd866d2a7010d104e241b6f2c405baa573094680b90ddcebf398db501f71 |
C:\Users\Admin\AppData\Local\Temp\~DF2FB87A8F2AF82DBA.TMP
| MD5 | 27e0fed147e9186eb50577ce0bbc547d |
| SHA1 | 5df62955580aad9e36be2078e72ae6f09a6f1318 |
| SHA256 | 8e28bf9a18f9e469c6806580bb03fe771399d750cb9c059b6a2edd0001edf25e |
| SHA512 | 8317013a49d272b6bd2519c716cd4c36520dcebe83278e55aefafeb419d23238cd97b10898292768e81c85ce2efd2c91a06f6e26245e8a0d52d2d0e6a7cfc690 |
memory/1516-7629-0x0000000000460000-0x000000000046A000-memory.dmp
memory/1516-7630-0x0000000000460000-0x000000000046A000-memory.dmp
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 75813fea62f42133589f289d45d39e2b |
| SHA1 | cab212d482a6d197296ff13b67d2395d7ada9ec4 |
| SHA256 | b30dd6f08f1cf7c27e458054167202a1d14fcf4476c866d8f8c89aa1ffd6a466 |
| SHA512 | 2bf1c504ecff221630ab3f87e6cc408c8c574d80d9d7625509fa55663dc6c59ab2216d6558033301824194a40606e295315c07e5937e732910c7ef5945efd517 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | aefcd12a859e91e71523c419135f67c9 |
| SHA1 | da0c3aee6873fb14f53d06d4b48c3591c5a9412a |
| SHA256 | d907505d75df0a07b4884b977c1ca6daa6d80f9c2d5a724cd48ef303dded2cf8 |
| SHA512 | 9d95974f5e3195e9251a491836a4c8f0e5e4ec63eed4ba38eeb8fd52933130c38f05f0c5889c2bb8abd0a80367b8507b066c3ad56ec732321749615a5b3ec767 |
C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\60D177A192A148BD8D27010F560E13CA.jpg
| MD5 | 343fa15c150a516b20cc9f787cfd530e |
| SHA1 | 369e8ac39d762e531d961c58b8c5dc84d19ba989 |
| SHA256 | d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524 |
| SHA512 | 7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | f1129c9b518e4f76378b211ad3cc2dc5 |
| SHA1 | cc2ca9a8277b9dc35f491f7cee1e9b38c35a2be1 |
| SHA256 | 8c4ab3df660ec4aa4018ace315e9c8a5c5bc7b9558ebb9b8f111f4cf2b14642c |
| SHA512 | 77f568588774cdca0da0ec32663866b67321829858b4e6ae4a79dd66e20a80a037ee46705647aedb1e444b99b9833610fa70f50e0b52e2b2734f57e6b430ce26 |
memory/1516-7704-0x00000000059B0000-0x00000000059B2000-memory.dmp
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 3ba37f1730589aa79d53a286e2cd9bf2 |
| SHA1 | a0161f076180b7b0e236ece7f0735492d4cc2364 |
| SHA256 | a928d05a5ec510043c2fb0c3e13cf7c4af1a8bc827c4f3def1b05e4a36f74ac9 |
| SHA512 | 2fdcccbe6d1a3ad0dbe29fd8f2d00a8dd554f409b03767ccb59845cf6bf2c5beff82958977bac511ca49a94af99319e9b331be706093ae609defa5311240d5b5 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_temp.ini
| MD5 | e1956ba05bcec37e57497ca5bb13fe69 |
| SHA1 | 140ef26c93f1d58297c4079430103e10cb069cad |
| SHA256 | c12655a70b8ca94cd21d6e0f1c55b1b91fcdbc351f9642aee9dc7b5dfe857f7c |
| SHA512 | 51cfc5d9014a70774d8b9760f26fbd0debceff087d09ac31a6643b9758210baa951dd22ebf52704f2eb455ce4eb45683afce05fd14ff15f292121d2d641ecfa7 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcta.bin
| MD5 | 5ad78df38798d6a83be0a7439579c0a0 |
| SHA1 | 99df4123c5e0ef625dbe61d776ce31ba6aab8e81 |
| SHA256 | fd385b367d688876a0fe30ef2e32a2f12a53d708eae744baa2c69ad40906c7d2 |
| SHA512 | 662222b9f6229578759124ed81f51d7fef7465a1ae84b7661035f9be14f711468d1e767fc90cd7a70db6b9ee966c349a94153f941009a7df5d3754d0183c857c |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | fcb0b8f570023acce14d914b85e2ffdf |
| SHA1 | bdf6c66744f8075496943d6f9a9d6a021a05a5ca |
| SHA256 | 02ebce59eac57e99688353ac62d3faac6e2cc6d060e1774b81d5d6009af804fc |
| SHA512 | 58a11170e1d769e5a6a9d267b933a5b3a26544d5c8068c24f4af14d88d44b70ff1d6b3d03e9c8ff14cecd85c2b3571e5129b3b247d694c584ce5ea4247755039 |
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF
| MD5 | 5e961b1e105c3b3e61e882a553bf5355 |
| SHA1 | a5410576b80da1982c64fd9bb81b85f6bc7cd12d |
| SHA256 | 1b68210cf77bbf95273c182120e0e38bc6750b361a5c2725319afb753dcfc0d1 |
| SHA512 | 943d43bb77968c9d1df98076ec4a344c01596b2ae7771ce37dd10389ff96eadca91412106f404da5b54fb345d6e0e845259c8cec4537ff4d23c46a5a4e8d756a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | c64887962c8503fb1092ccc7dd52c647 |
| SHA1 | 4e3054178595376016136ccf14066e5082cc2bc6 |
| SHA256 | 2cd0a37217f303e1710a9a8a2c2f96918842cc5d4dfa08a48c27032432388874 |
| SHA512 | 3b023d37a627231c1011bc1cae8940d59a66039d68c06b68f65f8b0ca5681f90f410e995cfc20df88f853ef79ee165e6bebe5107511b4d6caf1cb7a22dfa26f1 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | e0eda5b25b0316508f32ca8b3bbf1657 |
| SHA1 | 79742fda4d21b3f393ec5bc9e929175de6205b1f |
| SHA256 | 844dd691f18c3e82167c536a28ebc77f9db8ab2d98ad480ba27341f70a0feb9c |
| SHA512 | 71c9af37411904b63195dcdfecae62701efc006efe4d9bf562204538be803f1d6700da5d1719ce65916384d9f699a884f71a1907cf8c01ec9018daa9a9c69e03 |
C:\Users\Admin\AppData\Local\Temp\PC-TRANS\5BB67F58245ADD45B63572499AADFEC8
| MD5 | a54f0041a9e15b050f25c463f1db7449 |
| SHA1 | d9be6524a5f5047db5866813acf3277892a7a30a |
| SHA256 | ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e |
| SHA512 | ea71bb243b0b2db729b9eb88e3c55a3f490fbff23457825051224a1fe6e6d3f480590cfa3a4a6b12c622d6ac366feb03cd17004ed004cb3f0d52731626946679 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 0dff8cc1dc5bb22687810c0354fad553 |
| SHA1 | 5e937d822a608fe65c52c519b379112fd786ff03 |
| SHA256 | b31d3f39bebf7fb2cdbf1863a107aa85fd60d242b7ee03d3422603befa1021f5 |
| SHA512 | c20895b696fdf72017573fd8efb2d6c823880fde6c4741506553e64bca025e01eb6a62c9f2630e467abf34306676d3c554f093b5cb7f555577a79604b52b461d |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | dff6ec41297eef135697d870f88f8274 |
| SHA1 | 0222bcb3318573fdb0d6de9a409d1f60fe2c11be |
| SHA256 | a97125624c7be167ad823f5ce6eb21a2c21fa880e846deac36ad91c4a06df0da |
| SHA512 | 0bb9b42a4f8f4823395940f254c8da036cd69e90211bb53074df7c426a2ab0c63b2b5649458349c7965d65344853f7bd3ab6ea35a325e4503598825a6804c54b |
C:\Users\Admin\AppData\Local\Temp\todoPCTrans_PCTAppCore.log
| MD5 | eb2bddf82fb74c3c3cf432133d8ea259 |
| SHA1 | 5f5f2783bb94051be5d3d81a21f9bc1eca7bb0a8 |
| SHA256 | d59056e46d9b12ae46ffc1404fcb79935dd879a950c9284463cfdfbe20bc934d |
| SHA512 | 641cc7e828f8dde01ed59a055d7bd18722dbde714b32ed09165e76fa41d7ab145febccb09104e234d00dc5026bb0ac38a061343918c96f8a26ac53b619f437e5 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 922dc4ad74a16ecbd4c5fbc13411b1f9 |
| SHA1 | bd8191d606c489a6d26fc85f2ab9959f1e60f6be |
| SHA256 | fee561bb6cfe576e2bb32b3cfde29648c34ebf4e06164351897de0314634f2bb |
| SHA512 | 14e99d441358443a1c3aa70cc4fe8199fb2c84b86c53b028dfd663ccf49ae743fd86ce2f4c1346b6265d573bdf30b31931044d98d2285f39994b6caf8f4e8dd2 |
C:\Users\Admin\AppData\Local\Temp\PC-TRANS\AD6DEB2197A7214697F64502358AABF7
| MD5 | 1821bcb04549613e1de729d389cee763 |
| SHA1 | 18f28a2de35c8d17f92321d29234ad3df0fbc2f3 |
| SHA256 | 4417570b9a5d5985e9c516f69bc8852c382262f4b406fd389bfa1936cbedd74c |
| SHA512 | 2d6ea1132deb585b177c41ec9f0b7ff0608dc8f883a9ceff5a7effede4862dbf84e2dffdcb183fb870759b22400e798090571269a1d20a5486a2ac46417edf19 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 5b3b3ee1d2b4f34f31c34d6c7f66a7bc |
| SHA1 | 7532831f9675689f90bc10224e4ace5e2a11e7d1 |
| SHA256 | 7a986d7286a9feb55bcb2e7839e73acd7d6fc699c07cdfe30dcab53c37d55acb |
| SHA512 | 2753168d43fd2abb0e6d6b57e6441b2550518e72dd49ee5a8eb1a15965d1487a7efffbbc5991355e6296d0a818e1e726e57e5bebc36a4d770713c6ecaff21067 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 893ba51e16f81e8640c717b431547c6d |
| SHA1 | af77fca414a3998ac86d739af42b90a504772b7e |
| SHA256 | 7babafe6df4a4ec4b5c012072ffca1c367b9a8af9999260d718edc55eac83e26 |
| SHA512 | 6403c9ea158670044707ddb2455bc1fa15f77011104dfdbb58eaab65ffdc19c10d347ab9a69e7c4b921b0db634048df46da4ba1d2d9b2badb662be3ef198f354 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | b7021e519d9d2e98941ba0a5fec30e5e |
| SHA1 | 18dc38165fa00fa7ef49258a0f69f1d46a0cad32 |
| SHA256 | b20dacfd681e186f7ec007b191a87d84682392dac88d496a4ee22289ea186ebe |
| SHA512 | b07c51d240947602619bd534c0e8aeb39159d40a8282fcf89d60186d426b885567db16fe429c56da0e3f765f587afc06c88fe9cc7f5a6b59fd8727130e0cf9be |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 2b54807cf0505c28516dcc97eefcaba6 |
| SHA1 | 035afc860672c2af7864c02f0d47147350529f20 |
| SHA256 | 8e2a92124ce5028c374ffedee2599e451a6cdc22d0ea9a23244421190e672074 |
| SHA512 | 720a57498cf26e89314178e41277cb42fa65af619c786d8fcba2015d25396c9debff1ab120328852e5cf3e9de31af7aaf91bd10e141d5219ec89c938db1bd3a6 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 57d333c15c311fd47ad9bfc24c6cbc32 |
| SHA1 | bf29aaed9ac668b9e0036f836d28967f76bed074 |
| SHA256 | b854df5e34d614a03b39a6487c84fc71d51e92f427d3641cb2dda93d085d3bd0 |
| SHA512 | 362b4156be4b6e7e7373a211ebb5e9bc7c5ad4bec0c214a50c1156085cb6639437f6684f968066bb6db5b2a97feed84f33d26cb7025b314ae2d33ff682532850 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | f89eb840d2f5abc8da795365da160bd0 |
| SHA1 | 77d4f07183e3c7e4705ef229689a7d0cef48d30b |
| SHA256 | 4f181f0db94a1ab497eaf5e78cd19c07b2ab0aab003317784eaac84d44699d18 |
| SHA512 | 710934481dfb91e7dee7edaa9a98f9bae12083cc6ef2cceb950d601cbf4889651c49b9ff6d3c9c8469116e3f11353e8a70e46dc79630aad4f45160272cdfa4d9 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | fc6902cbab7d2d1be6e1d0e61096e9bb |
| SHA1 | 52feea7ae5c9d4a75ab0129c940ae7ddc9edfe08 |
| SHA256 | 7c3a47f38fa6dab096ad8dc2d488ce4c3f89c027d11bc09d71d38c91f7f43502 |
| SHA512 | 367c65683a9a55a0caa754e259d0583cc89044d7b9f47d06dd19963bfe6293ead11631bf21f28532b365720fbbb7a0a441f37c1abfd116f239e86713e0c8af33 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | d587eaffcbf7ba6ae542be8798abaeb1 |
| SHA1 | a98d64ff3cef559a7dccbb90a082ad5b60f92215 |
| SHA256 | 6693eddab8ccaaae3cf1ce26b6a37f7e4716df0cc62cb8cdf8e0a94ec9efa76a |
| SHA512 | 69c43ba4d22ea1aad857285cd0b1a36acb5cc392c6561460492f7d0e12e005120f85f98a5990dc6b3343ea2d09e7d1e54ea6dbcbf6730beeb083098fbe493579 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 8f396ab8ca2999644df17ae8f85b7144 |
| SHA1 | 99982eaf04debb07367a267a6cfaf19d6dbb0353 |
| SHA256 | db6de2291acb84587dce120f500ee0bcd70fcc15c3a7fa615effd5ea3380a2bc |
| SHA512 | c917f5c8eebf9ea2d51f904fdced55bcd154b7225fec1e6793a298aeee5a099f9ac7eefcdc746e9f55392271c5ba6171d9f312db7dcb1559db92eb25b48a90b0 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | c1dc23a81be44f72963190a3ae6ddbd0 |
| SHA1 | 673372c6776c108f3fbc97103ed5ca89defd67ea |
| SHA256 | f98df3353dedf4a3e7a0d83f13269b365f3a643ecb13543b163137c83306125d |
| SHA512 | b548401ff3b9c77ee8cd69fc6a3e299621fce3d1fae1737b63c2631c11dcf3fdf90f38e028206c7921d8d9de4b195cc373fd03170d8484c0db1a4658799b1c58 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 4927924670480108d3c73adf09d50617 |
| SHA1 | 4dd6d76c46bf090dda8d4afe39a739911f9bbb81 |
| SHA256 | 46e2ceecb613b10d9dfcd4106f88dea8390c239a86a966ab41482b6593417e41 |
| SHA512 | 842e5b6c3f844960ce10202eab1a41a0b721c547ba25c87bc2c6b5b6ec6a71037bc4d99f1073c1e39af0dbd7c389bee5c4ad3739d336139a4ea98f37b14dfd5d |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 678cba9679b3ed3c3309cce0920b48fd |
| SHA1 | dbdf3ea045f27f27d3d1bf241ef5613dc22ab905 |
| SHA256 | 49c08c333bcbdb095f828eb77d7d2b739898d161b0afd3bb0a00b61c6977d118 |
| SHA512 | c1742245d649b9256fb3a1c3a23aa81503e702cbe2fb273e69fd7afa2da88ff0e3140ecb3cde23bb9b9589704589cfef2064d32b0754fc89d428576ffaaaf02a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_temp.ini
| MD5 | 0042c67d2761c4d9fa3964a25a538ed7 |
| SHA1 | aca01f9dcb224efd4f7fe9e1e9b38459f949cbfb |
| SHA256 | a00adfea82d466d7fcf454f74f1042a9a2d219a65996983b00e8174eb01bd57a |
| SHA512 | 2fba7f8e254df2f4a3ac056e07e6c923734da696b230d0e88a3491dcdd7706fd82eb518d8f13e8a32df32899a85d63ea1fa01ca715bc500c79dfc07e2213ef13 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | e1f94b6a1ce07a49bc08850ef1376a39 |
| SHA1 | e31813e224b784a5fc7157d4eebb911243734fa1 |
| SHA256 | bc135d7b3fb94c7d61dbcda96c9893960dd1dd2f963827248eafe6b455fb53b4 |
| SHA512 | a585d9703f6c776d124811f8160f0463d07ac32d323bb7552b916d954708848675ffa2e1eccba9355a9b043ef525f30c1a3ea556a701ee463ef06427ed8f8355 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 918f0d69e71f77f4355a9050eeebfdff |
| SHA1 | 81535737d1cd8d8d1835d921a68aa0dbe7d5dad1 |
| SHA256 | 2f783fe96b8d6cccbdd0f74bd4c8e46ca6c8054a6459876c00ba67d869be6a16 |
| SHA512 | de43cc45d135c92d543d7b18023510f4e826a4df0def2ab896bfa05b7fbeeb0144fd311ec1f8b08e7a3b9164a9b3cdc2cf0d465257af0e25b335d7fd388a50a7 |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 400c875b73a250223b71c801b6b343a0 |
| SHA1 | 8e77d42baa56fb6b50db2f9c1a25e812fb189792 |
| SHA256 | 29d1034dfca2c10a013112403830e250891264ce3c6b2513f5fc4b8c5eb761d0 |
| SHA512 | 0dd5a75e9a669494c9a758c366622798b7a04bae148ec137dfdc601ed9a561dec6d43229da6a88d76d73b5dd0aeca1de8df64619f4d2e388449bb2425e62535a |
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini
| MD5 | 48fab33c9239366629eaed6a0438b597 |
| SHA1 | 6a5efa7acf0fd0e7720b0ab499d775f3deaa2038 |
| SHA256 | 669148696cac45df8e5f1055ebd0fe218e4b62c85e2717c095cd6a89f09cdf67 |
| SHA512 | 5fde8fdd8551f953e8f320f35db1eaa7e9137b810a8a62eaaf7e8d3f4c66a372138d835d9493c7f565ff97dbe5d52ab915ceeb3f0e0caa7d7cf57973be05b374 |
memory/4060-13968-0x0000000003EB0000-0x0000000003EC0000-memory.dmp
memory/4064-13982-0x0000000000390000-0x000000000039A000-memory.dmp
memory/4064-13981-0x0000000000390000-0x000000000039A000-memory.dmp
C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfig.ini
| MD5 | 7235eb20e67df63fe9ae2bc9267e1a3a |
| SHA1 | 9ace06927c25c40758c58a7f28bcf6362174fa16 |
| SHA256 | a09dc4013d13e0e703e05aab18a7ae0356384113d6157a360c8a05c64edde75d |
| SHA512 | ce6581eb8bdad53c4cd94b2f3f32966bbc33636155da46470228e1dc2932730ddc09bbfa6d033f341fae280be17c692b23835560c412a7090fbf8e738c2dc1f8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-17 00:27
Reported
2024-10-17 00:30
Platform
win7-20240708-es
Max time kernel
122s
Max time network
123s
Command Line
Signatures
System Location Discovery: System Language Discovery
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe"
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/Uid "S-1-5-21-3551809350-4263495960-1443967649-1000"
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"\",\"Timezone\":\"GMT-00:00\"}"
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Elapsedtime\":\"2\",\"Errorinfo\":\"1004\",\"Result\":\"result_fail\"}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.easeus.com | udp |
| US | 8.8.8.8:53 | track.easeus.com | udp |
| HK | 8.218.236.152:80 | track.easeus.com | tcp |
| GB | 13.224.81.92:80 | download.easeus.com | tcp |
| US | 8.8.8.8:53 | easeusinfo.us-east-1.log.aliyuncs.com | udp |
| GB | 13.224.81.92:80 | download.easeus.com | tcp |
| US | 47.252.97.212:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| GB | 13.224.81.92:80 | download.easeus.com | tcp |
| US | 47.252.97.212:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
| US | 47.252.97.212:80 | easeusinfo.us-east-1.log.aliyuncs.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | efc5dd69c76c9242e80a64e30c1a6838 |
| SHA1 | 60a58825144816fb17a0a85471f039f7ea4a64a9 |
| SHA256 | 7d80ccd284bd0ec7f1039618493d6d46db84212657932c1360867b24fe36cd6f |
| SHA512 | 19393e135fb18ad26848edfd38caeb386abc51c35ff5ce3a171a995a983ba0b975e30c4df77e0dc9a88f0298594eaa51dc468a4d93457ded993693236ddcbe27 |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini
| MD5 | e6fd601a122a2fa0c48518cd10774c56 |
| SHA1 | 8f6e544caa34bc693a193c4d665ab79179aa6b57 |
| SHA256 | 37bca74ce883f5ad6422de2358586b77db8c54ee331d19b27c3486e80ae821e6 |
| SHA512 | 3127cdaf6097f2ceaac88800ecf5e2ca590296a8f6e356fcee62ef451d94f808ecb0453b8cad5160bc99ca0efd7128ce3024f71957006b27cd5bac07f99cf1ec |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\tempInfo.web
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EasyLog.log
| MD5 | eaaf1fa99f898d89e7bd488479d17b1f |
| SHA1 | ae5f0f4162cf6975a64d96a8b18dcbadd38ab634 |
| SHA256 | ae7d468aa05506d726b9f6873c7049c4cf900e039e0d9dfd87d5681f2c66a07d |
| SHA512 | 0f74b030e8c3bc5fb1a1aff6a00064dd609062f99f916e063f50aae600a9ec0987094e0035c957581b722e640065d08b2c3de033f5a96b2e019e401f608b318d |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 7f411750d07619f38537e7fd612b8b44 |
| SHA1 | cda241a1ce5141288582c8f0ac4850992b427bdc |
| SHA256 | ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87 |
| SHA512 | 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8 |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EasyLog.log
| MD5 | 7b92d69fd825c846b43f667310134478 |
| SHA1 | 8400ba8933c3ebed6e7ab910282d18ed4db92f34 |
| SHA256 | f849c7b42ce79d72e0a6b8a111867496953824d0553d78e0453fc9e0788f0ebc |
| SHA512 | 461e538f9704d0a87c260ec3452175a9905d8da393727229284d04f0db0f9428bb020e3dc0650f2215b570d2b9b7970c8c1fb449b401813bc63d04481e93cace |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EasyLog.log
| MD5 | 7971b4687475c3a9c631fa723caa4bd8 |
| SHA1 | 800bd7c8e42350a26011341b215d61423e471044 |
| SHA256 | d1b211bbbb8ca24bb325a88b4b5918c7a9f5758abf19330d7da60bb2b53a47cc |
| SHA512 | b6b8f7590322e2da3a8f0a495e6b5618465a20f890c04a45cc1926e72c11485f075eaec033ce76f46e6fe613552379fa2304ee2c3f9d95f323875f9f74e0dc85 |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 787b065a119199e4aee915d1a8df8ac0 |
| SHA1 | c23c49adbc48739c6a02114a08fb1d1764f4dcac |
| SHA256 | df115fe9dfb578d4f40023a7f582ba27ed4b27a5e07cf334f29de8686fe4e371 |
| SHA512 | 700ac749551302e4ed33d7a9ae35e8239a4b9f4e22f50002ffac71e1a5b447751049402d2d8217f40298e634b90dee59d472c4927f52099599b1e3c3ad95c42e |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | d65ea776d7b53ff405effdbf53c786f7 |
| SHA1 | d88d612224af3278530794b6900197eeefef3e47 |
| SHA256 | b7a006c4c8cfa20a0549c0c38a571a0e3b4228e13c22ec2bcbe976aeb2f87c69 |
| SHA512 | ce5a98407ea9a401eeb228a4f469aeac87cb357494388d0cc36591513c2de49f6716463993460f0c93e55d4a0f982e65aa2931d9c564eeba380bc31b87387daa |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 79185712ba973c6c7f7fda9a63671f02 |
| SHA1 | e02a2b0897371e8e0c48093bfc082b6a22b66412 |
| SHA256 | 5962b9851ac525c5b4eb31c4b0bd2ee6962644b8592d098a3cae125996f8115f |
| SHA512 | 66b3c8b950f134c112526237191385fd77b70b0ede1924b9ca4c57ac0dfc748dadc73e90ecb43e7911c838b7482e5d76ca5d6b99012bd3c7fe29891ceaa8e2c6 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-10-17 00:27
Reported
2024-10-17 00:30
Platform
win7-20240708-es
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 264
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-10-17 00:27
Reported
2024-10-17 00:30
Platform
win7-20240903-es
Max time kernel
118s
Max time network
119s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | track.easeus.com | udp |
| HK | 8.218.236.152:80 | track.easeus.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini
| MD5 | 6daf4bb7b19c258cf31f9385cb48d9fa |
| SHA1 | 592085ce4fd2624d08d20bda09ccb558d73f0074 |
| SHA256 | 466393d0ac21105fb3f39e42eeaa8ed0e09ed54d602d4341393927dfc0326519 |
| SHA512 | 9066b56998bcf784d3c62d9f0fac6e343936d61a94ff0277fb8b30ea1b5eb2880b3683c78e9b6646986d1fc290145ce724ea8731ebb4606c8466acb601051ef5 |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\tempInfo.web
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini
| MD5 | 7f411750d07619f38537e7fd612b8b44 |
| SHA1 | cda241a1ce5141288582c8f0ac4850992b427bdc |
| SHA256 | ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87 |
| SHA512 | 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8 |