Malware Analysis Report

2025-08-05 10:48

Sample ID 241017-arw6davfqj
Target pct_trial_installer_20241016.17291248214345b9952.exe
SHA256 ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710
Tags
discovery bootkit execution persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ceb8acbdf48ee006b368fd5fa86aba3a9e8afee375afcc08940422949368b710

Threat Level: Likely malicious

The file pct_trial_installer_20241016.17291248214345b9952.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery bootkit execution persistence privilege_escalation spyware stealer

Command and Scripting Interpreter: PowerShell

Writes to the Master Boot Record (MBR)

Downloads MZ/PE file

Enumerates connected drives

Modifies WinLogon

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Drops file in Windows directory

Drops file in Program Files directory

Checks installed software on the system

Loads dropped DLL

Reads user/profile data of web browsers

System Time Discovery

Program crash

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Scheduled Task/Job: Scheduled Task

Runs .reg file with regedit

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-17 00:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-10-17 00:27

Reported

2024-10-17 00:30

Platform

win7-20241010-es

Max time kernel

119s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe"

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-17 00:27

Reported

2024-10-17 00:30

Platform

win7-20240903-es

Max time kernel

76s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
File opened (read-only) \??\f: C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF C:\Windows\system32\DrvInst.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-A18GC.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-BMMKT.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\proBkg\is-641MI.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-T5KBT.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-KIG7A.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\remote\left\is-KUOFJ.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-38TOO.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-1CSK3.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-97S3M.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\ico_restore\is-6TCOS.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Portuguese\is-9061F.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-P79MQ.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Desktop\is-DKJJA.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\Private\is-2GEG7.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-FDHBA.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7IKP9.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Base\is-TQF0K.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-IRNIG.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-VU9QO.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-IO5S8.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-LCONC.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\bearer\is-KP6Q6.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-file-l2-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-OPQL7.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-DS622.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\is-6KRF1.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-AGRMT.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-7CIVG.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-8I430.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-VFO4L.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-UAHGS.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VAN33.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-BPT6D.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Controls\Styles\Desktop\is-DG62H.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfig.ini.qghXyu C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-OISHF.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\tree_loading\is-OU55S.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-console-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\api-ms-win-core-heap-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-R4UEL.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-BGNJH.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\QtQuick\Extras\Private\is-VIK52.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-IMKMR.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-1OT1F.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\ico_radar_gif\is-2F27B.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-221JN.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MTP4K.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\EuDownloader\aliyun\api-ms-win-core-processenvironment-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-SQ34J.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-296B4.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-MKOTO.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\is-LFSSC.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File opened for modification C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\loading _gif\is-UT1EC.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-BK4LK.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-SE74J.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\is-1M2OB.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Arabic\is-3DH0T.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-Q6OVA.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-HRCLI.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-FE4BE.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\old pc\is-7IA1E.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-KRB7V.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
File created C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-28IV1.tmp C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\volsnap.PNF C:\Windows\system32\DrvInst.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\TBFVSS64.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
N/A N/A C:\Windows\SysWOW64\RegSvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\RegSvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\RegSvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\RegSvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com\Total = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\PCTrans.exe = "11000" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\update.easeus.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD8F83D1-8C1E-11EF-8DDD-5E2C95561916} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\easeus.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\update.easeus.com\ = "41" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\63C768CF\LanguageList = 650073002d0045005300000065007300000065006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PCTShellExMenu.DLL C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ = "IPTCShellEx" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_Classes\Local Settings C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\DefaultIcon\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\res\\Common\\pct_logo.ico,0" C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command\ = "\"C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\PCTrans.exe\" Code=ImagRestore ImagePath=\"%1\" RestoreSource=ImageFile" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers\PTCShellEx C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\ShellEx\ContextMenuHandlers C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64 C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\ = "PTCShellEx Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ = "IContextMenuImpl" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\ = "ImageSh 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{35194CD4-99A2-4A38-A343-C9D64A482B07}\ = "PCTShellExMenu" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx\CLSID\ = "{27A09497-072C-41CF-BC04-E47345721AFD}" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\ShellFolder\Attributes = "2684354560" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID\ = "{00DE9951-7B45-4756-98DC-C025EE3E11A1}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\ImageSh.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.PCT C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib\ = "{B0A5F209-51D9-4AD8-8E0A-C27BA301497E}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCTShellExMenu.PTCShellEx.1 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\TypeLib\ = "{0C00549A-5A29-487D-B6F7-CC5046CD4C39}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\0\win64\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64\\PCTShellExMenu64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\command\ = "explorer /idlist,%I,%L" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4386DFF4-9CE5-4FB3-9D77-F3036B94F4FE}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\EaseUS\\EaseUS Todo PCTrans\\bin\\x64" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PCT.file\Shell\Open\ = "Open(&O)" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Shell\Open\command C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{27A09497-072C-41CF-BC04-E47345721AFD}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0C00549A-5A29-487D-B6F7-CC5046CD4C39}\1.0 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00DE9951-7B45-4756-98DC-C025EE3E11A1}\Implemented Categories C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{460C4F69-914A-4EFE-981E-C8FBB3D8634B} C:\Windows\system32\regsvr32.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2900 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2900 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2900 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2900 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 1952 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 1952 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 1952 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 1952 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1120 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1600 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1528 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2812 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe
PID 2812 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe
PID 2812 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe
PID 2812 wrote to memory of 1400 N/A C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe
PID 1400 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp
PID 1400 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp
PID 1400 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe

"C:\Users\Admin\AppData\Local\Temp\pct_trial_installer_20241016.17291248214345b9952.exe"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe" EXEDIR=C:\Users\Admin\AppData\Local\Temp ||| EXENAME=pct_trial_installer_20241016.17291248214345b9952.exe ||| DOWNLOAD_VERSION=trial ||| PRODUCT_VERSION=13.0 ||| INSTALL_TYPE=0

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-4177215427-74451935-3209572229-1000"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"1-17291248214345b9952\",\"Timezone\":\"GMT-00:00\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"3\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"Spain\",\"Install_Path\":\"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans\",\"Language\":\"Spanish\",\"Os\":\"Microsoft Windows 7\",\"Pageid\":\"1-17291248214345b9952\",\"Timezone\":\"GMT-00:00\",\"Version\":\"trial\",\"Version_Num\":\"13.17.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Info_Start_Download_Program" Attribute "{\"Downloadfrom\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Pageid\":\"1-17291248214345b9952\",\"Testid\":\"\",\"Version\":\"trial\",\"Versionnumber\":\"13.17.0\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"11.83MB\",\"Cdn\":\"https://d1.easeus.com/pctrans/trial/pct13.17.0_trial.exe\",\"Elapsedtime\":\"6\",\"Errorinfo\":\"0\",\"Result\":\"Success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Installing" Activity "Info_Start_Install_Program"

C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe

/verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-4177215427-74451935-3209572229-1000 /Recommend=1-17291248214345b9952

C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp

"C:\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp" /SL5="$601F8,73762480,188928,C:\Users\Admin\AppData\Local\Temp\pct_trial_easeus.exe" /verysilent /norestart /log /reinstall Installer /DIR="C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans" /LANG=Spanish GUID=S-1-5-21-4177215427-74451935-3209572229-1000 /Recommend=1-17291248214345b9952

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe'

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ControlledFolderAccessAllowedApplications 'C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe'

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe" Register

C:\Windows\SysWOW64\RegSvr32.exe

"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\PCTShellExMenu64.dll"

C:\Windows\SysWOW64\RegSvr32.exe

"RegSvr32.exe" /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\ImageSh.dll"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"

C:\Windows\regedit.exe

regedit /s "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ShellReg.reg"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe" install EaseUS_FileShare_Web

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc once /tn EaseUS_FileShare_Web /tr "\"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\TaskSchedulerWeb.exe\"/skipuac" /sd 10/10/3099 /st 01:10 /rl HIGHEST /f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\SetupUE.exe" /Enable "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291248214345b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291248214345b9952\",\"UE\":\"On\"}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe" PCTrans.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe" /add "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataChannelUI.exe" DataChannelUI.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /Enable

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://es.easeus.com/thankyou/install-todo-pctrans-trial.html?x-url=1-17291248214345b9952

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install_Finish" Activity "Result_Install_Program" Attribute "{\"Country\":\"Spain\",\"Elapsedtime\":\"18\",\"Language\":\"Spanish\",\"Pageid\":\"1-17291248214345b9952\",\"Result\":\"result_success\"}"

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Install_Finish" Activity "Click_Startnow"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Userinfo" "Attribute" "{\"Language\":\"Spanish\",\"Version\":\"PCT_Trial_SETUP_13.17.0_20240912-1-17291248214345b9952\",\"Version_Num\":\"13.17.0\",\"Pageid\":\"1-17291248214345b9952\",\"UE\":\"On\",\"Country\":\"Spain\",\"Timezone\":\"GMT-00:00\",\"OS\":\"Microsoft Windows 7 64-bit Service Pack 1 (6.1.7601.1.256)\",\"BuildNumber\":\"20240912\"}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pctassist.Exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1408 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_Disk" "Attribute" "{\"Diskinfo\":{\"Disk0\":[\"WDC WDS100T2B0A2.5+\", \"255.99GB\", \"GPT\"]}}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\InfoForSetup.exe" /SendInfo "Window" "Install" "Activity" "Info_PartitionInfo" "Attribute" "{\"Partitioninfo\":{\"Partition2\":[\"Windows (C:)\", \"235.71GB\", \"MBR\"],\"Partition3\":[\"F (F:)\", \"20.00GB\", \"MBR\"]}}"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe

"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans/bin/RemoteConfigSync.exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -enum 0 0, "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.ini "C:\Users\Admin\AppData\Local\Temp\euphtupdate.ini" 0 "" 1 2608

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EUinApp.exe" PCTrans.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/pct_Trial.zip "C:\Users\Admin\AppData\Local\Temp\updateconfig.zip" 0 "" 1 2264

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/pctrans_es.ini "C:\Users\Admin\AppData\Local\Temp\\euphtupdate.ini" 0 "" 1 2556

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\EuDownload.exe" https://update.easeus.com/update/pct/innerbuy/new/InnerBuy_Trial.ini "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\InnerBuy\res\InnerBuyConfig.ini" 0 "" 1 2168

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcttool.exe" -aup

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\TBFVSS64.exe

"1" "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\x64\TBFVSS_DLL_SRV_64.dll"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000574" "00000000000004D4"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Google Chrome" "Google Chrome" 1 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030" "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" 0 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219" "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" 517 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660" "{ef6b00ec-13e1-4c25-9064-b2f383cb8412}" 0 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" 0 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219" "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" 4 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704" "{4d8dcf8c-a72a-43e1-9833-c12724db736e}" 0 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161" "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" 517 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161" "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" 4 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660" "{61087a79-ac85-455c-934d-1fa22cc64f36}" 0 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704" "{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}" 0 0 0 "x"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTAppCore.exe

-h 1516 -analyze "Application system dll" "PCTAppCoreSystemDll" 1025 0 0 "x"

C:\Windows\SysWOW64\Explorer.exe

Explorer /select,"F:\PCTransImage\backup.PCT"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Windows\SysWOW64\Notepad.exe

Notepad "F:\PCTransImage\Instrucciones de restauración.txt"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe" Code=ImagRestore ImagePath="F:\PCTransImage\backup.PCT" RestoreSource=ImageFile

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfigSync.exe

"C:/Program Files (x86)/EaseUS/EaseUS Todo PCTrans/bin/RemoteConfigSync.exe"

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\firebasefetch.exe

firebasefetch.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.easeus.com udp
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
GB 13.224.81.5:80 download.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 d1.easeus.com udp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 18.172.88.97:443 d1.easeus.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 18.172.88.97:443 d1.easeus.com tcp
GB 18.172.88.97:443 d1.easeus.com tcp
GB 18.172.88.97:443 d1.easeus.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 es.easeus.com udp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
HK 8.218.236.152:80 track.easeus.com tcp
US 8.8.8.8:53 www.easeus.com udp
US 8.8.8.8:53 firebaseremoteconfig.googleapis.com udp
GB 142.250.180.10:443 firebaseremoteconfig.googleapis.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.6.90:443 www.easeus.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 update.easeus.com udp
US 8.8.8.8:53 update.easeus.com udp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.4:443 update.easeus.com tcp
GB 18.172.88.65:443 update.easeus.com tcp
GB 18.172.88.65:443 update.easeus.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
N/A 224.0.1.2:7868 udp
CZ 65.9.95.4:443 update.easeus.com tcp
N/A 127.0.0.1:55895 tcp
N/A 127.0.0.1:55901 tcp
CZ 65.9.95.4:443 update.easeus.com tcp
CZ 65.9.95.4:443 update.easeus.com tcp
CZ 65.9.95.4:443 update.easeus.com tcp
CZ 65.9.95.4:443 update.easeus.com tcp
CZ 65.9.95.4:443 update.easeus.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
CZ 65.9.95.4:443 update.easeus.com tcp
N/A 127.0.0.1:56076 tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
US 104.18.18.32:443 es.easeus.com tcp
GB 18.172.88.65:443 update.easeus.com tcp
GB 18.172.88.65:443 update.easeus.com tcp
GB 18.172.88.65:443 update.easeus.com tcp
GB 18.172.88.65:443 update.easeus.com tcp
US 104.18.6.90:443 www.easeus.com tcp
US 104.18.6.90:443 www.easeus.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 images.easeus.com udp
CZ 65.9.95.107:443 images.easeus.com tcp
CZ 65.9.95.107:443 images.easeus.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
CZ 65.9.95.107:443 images.easeus.com tcp
CZ 65.9.95.107:443 images.easeus.com tcp
CZ 65.9.95.107:443 images.easeus.com tcp
CZ 65.9.95.107:443 images.easeus.com tcp
CZ 65.9.95.107:443 images.easeus.com tcp
CZ 65.9.95.107:443 images.easeus.com tcp
N/A 127.0.0.1:56313 tcp
N/A 127.0.0.1:56361 tcp
N/A 127.0.0.1:56441 tcp
N/A 127.0.0.1:56467 tcp
HK 8.218.236.152:80 track.easeus.com tcp
N/A 127.0.0.1:56587 tcp
N/A 127.0.0.1:56629 tcp
N/A 127.0.0.1:56668 tcp
N/A 127.0.0.1:56895 tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.9:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.18:80 crl.microsoft.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.8:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 142.250.180.10:443 firebaseremoteconfig.googleapis.com tcp
US 104.18.6.90:443 www.easeus.com tcp
GB 142.250.180.10:443 firebaseremoteconfig.googleapis.com tcp

Files

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EDownloader.exe

MD5 b5791976db6be716f520c660de443e8e
SHA1 2a68065e1bce3540bbf506597639ea737d3817f2
SHA256 863c1c6cfbc0e16ea72b7bae915806c77b1fce1366ca9eb00c7a87038066db60
SHA512 8cc2c5703f02e0773ede600a16583776f4ec3fef9540eab1c5fb924fc8ecb1b84f4394c2dc9fa749f12cec45292495710b97f196015a0dafd3e571fba98c5b08

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\LanguageTransfor.ini

MD5 6470c77fbd30ca7245a77617f5575760
SHA1 5772f6c8ec51663a19420fc2c04009777511d4de
SHA256 ea177f6163205189df8409f21b934d46241f444993eb46c2dadd1e85b4bd142c
SHA512 6ffe419f191f7e88038624b0a53d5fe21d078e758059c769b7ed26e260862d815f246f8e2e3f4e2879bd3a654dbbde8ea6c5bedebf813015f66fe30cd85d4222

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\InitConfigure.ini

MD5 70171fe7fe218d663ad300b644223b9d
SHA1 4c1360ec499763e9d07e900d9eedb0464603e218
SHA256 c70893994b68127e7213e37a81f81f37c3b6efd4ffe75c6dc84c9326531acd0e
SHA512 473fea98b22927d6b9811b0a797030fb6e956b4b7ce8426410a63faad8d63cbc02a9673381e4a17b75c1cfebf4fae0a054351bd46f30421b8d8813d1f4a4ca18

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\Spanish.ini

MD5 fd447c74f961170d34ce08957e6f76b4
SHA1 7783195cf35af1b35aec94f4f07d9a32ac787dde
SHA256 cdab320582a5c66b67393385f59ee813fc4ae9efdbcc8329ba8e2d3018ad0bc3
SHA512 3645d52cb0ff3a641dcfddd39c9868cac1b49485d089ccba705fe046a1dd267ac017e4a6606eeaa257e585c3328db26f85207b52cd8e5e4cfbcd2303a9471906

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

MD5 63c4d4021b71947a29db6c5e99678d4a
SHA1 4d24026a82d98240221077dd72f3cc169c0597e5
SHA256 33c5f40b242955b96710a9e54a109b083d014e9d061ce5ac2875aba20c0acab7
SHA512 5cf5c481126fdb422614251dc4ed4052e36fc779226c5a233637f40f55d774d130b66342df47479e368b64f65b2a3eda6f62140e9413eb8540723043ac0f693b

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll

MD5 24c01bc1560fa2b6b72a201eeea4cbed
SHA1 d66a91bd8faa929d6a5c46d5cfca2b3e5d24edb8
SHA256 5875f5a1c9eb4c4c238c77104c946b6ecb9234609851edcf758d24bf3cdcb4c2
SHA512 3a34db05cb5de1cb9c1fb0aabbaadfb5746f51d84d92ad9a52a343a4ebf78c688cdc6156647baa09343107c922ceb2f53e76d152bc5f6f761b6b1ba6c7cc7b7a

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\skin.zip

MD5 161dccd75d78d1a141a54c60c1911f95
SHA1 6d12dea87f474b9e3c329b5fa8c58e7848fb3b89
SHA256 434c9936d6271c04ace67b39ff16cc74fbde2e007f5bc49092a2fbae91a13b3f
SHA512 5445042a550f25c3cf4876c448b50833951b3b8a9aadc9f522647461cdd2887616dd52a77802d591f3b039b0f8147290c2f76a95efb01d77dbd0c3406e3afa15

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 88cd746bcebcb97015e76047dc71b9d3
SHA1 4f5327fdb5b6789d44dd63b4b0d107ee83be825c
SHA256 56ffc96fcfeea041bb4a52caf1392e6be65974841773f2ce138044882ecf8656
SHA512 0d553f2c20635174f4e98fee638af6462b558823b93e98e2412fb93a0ee34b5d7248944c0e58a1648d5d9db5322a9f3483e26349adeee639b63ab866fdc2a6ee

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\downloader.ico

MD5 7bd4c0fec91d5635665186f1d2dfa7c7
SHA1 8d6b4e7fcee1334bbe88a8a08e0b8c2334a081c1
SHA256 15dff50e862ab2c97f1fd35f1a2ec55e325bdc67616d1168176a35633db0cb03
SHA512 fd38bdb639bf413a544d402bbdfe1669402b50ee14ce54faaeeb011973aaefbd5b00462c71332c147d98a9efb818d2a05343543e9766dc8150ebd29bc18183fb

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 dfe683f3e527e708e62113db3cbfd0a1
SHA1 df30c4aa70f352ca30239d2d86315d382e3a4108
SHA256 a018e4dba388a4fb139ba112f678fea68a634cc8583d5bddde14b3984d85d7a5
SHA512 f07d50e24d73eadbe8b58eae4222a21dcb95ee3cfadebf3930eeeabc779e4fe7c969831949829143bfd127f2fdbf362b110b9b482e59879b11474efb47af1ede

\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe

MD5 674413dbbc708d32d53b386254eedb54
SHA1 281ef9b78e8a80dac4b4efe9d8d76ee4eeedc79c
SHA256 72371235cb364ab3891597f40a3f50bd64660a808979bd28bcf1c0e7154aa949
SHA512 34cd6e982c98d7d4cb763c9bbb20942a507fabc189f3fedd30433d2b79739189a3efbe81f4db465f9e401e3f01939bc8148b178679a0780fe1b000259fd947fe

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 6993b7a5da3a81aa32fba2b1e4cd257a
SHA1 301cc8d411b9aeb4c3129ec145e50f9294d2254d
SHA256 3a0134daf4bbafcee26bc72ba1cad88de41774405b5716b674e5a1657b42ae91
SHA512 5f6f34a48d160edd0b035a70fbeb45dc5f1e535201332b3b8e81de3d3c2db8694cf5d687495fd28cba55c26c273f2c60a5490404d4ab08e3e12c1d74453a8927

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7a14dbb4dabc52e35e28d3d4ba5f124e
SHA1 098baacedd592787d92f73b2043d3be4cf421671
SHA256 280db987c1e9548dc74db2e701adfb3ecc9f275a0b56fdf8000b7a878fff05b1
SHA512 f0f995ade7abb8de1bca97e72de973acaab5b81d612b24e9afaaf8f9cbf589e558677acbb77ff05d1c443acacf94cb089c7eff14ab4edd65193fe3a7b94fb9c5

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\EasyLog.log

MD5 015e0cf1de9ec6a4540fc4f1d8c8b547
SHA1 faecadfb1336796db4f203e4f00a62226b2ff2ae
SHA256 38d443d126bfeee57ab46453343285df8c728172fd9c3a78910f8823284bf658
SHA512 b9d7f9ae71adb53797737e0098b9bd2e651a196185188522cd3751d409e78a8ae836353d2ae6521aa2f6595177505b7962b217ec40be9465dacd1339eefdb977

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 6610a47a1b3024c7064e607e4ac3c003
SHA1 dab56a1561e9e0f48cba118e59d9c40a574789c4
SHA256 5fd133194002575cb04eaa9afb21393ecbad69271c353ad519b0bc96d2d53c06
SHA512 eb1a4fbd703621d7933dbc0f12a8367672dcb64e7985e98ad5069c9cf8203064c804a5cbe2698954e2b199f74f733617e608316aa35fe9dd7dc01ee8f90c65f4

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 6cdcf926117d2ac6935603d9e30f8a1d
SHA1 11299f93fbc59808eb2c64263144b71e0c3cdb04
SHA256 dfa82d2f6b08bd530fb316a848d8d6b77518dcb25458789046e250116052e409
SHA512 53b0990cd76cf75f811d236e1edd749eee8803070b3851572de8d2b19bc790f10a021616dd2d356b16ec9e06badd50d0eeb25b90c3702bba07885df8ce3bfa68

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 a1f55b0cf9333d0efda21df9309c370c
SHA1 22dfdf4979b6a4e2b283ad57f20a660c09572cd6
SHA256 b0b4b96289ce3d2cf1396081cee3c43f27a012d8012a5f22b0fc575fe13ec1ee
SHA512 7580f68f8edc62c1721d21e995e69f1ffbb6bd4818639ea9a86038c1460668a48ddd5e1f5356f772157b5e0f47966698397af89a32740533cb4a2d35590ca148

memory/1400-217-0x0000000000400000-0x0000000000438000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-9PU8O.tmp\pct_trial_easeus.tmp

MD5 cfab0bf664ca7e21dd9e2471bd92d41a
SHA1 af005dc1f482e8a1ef5ec486ddc820267ab9ba28
SHA256 9e315817772688ffde48f2d27962a55f708242cbe96ac36f147e30485c6b9e50
SHA512 58b62496aaee55f86ba4ad547ce270135e1f66b2501ad118fa7c43e579340145811139bea2f71373fecdbed2b10fa97beae6522e84abf4080d2db95c8bb411b6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\is-ANMFK.tmp

MD5 ea9eaeed036748315cf2955ff7761c39
SHA1 c477863567edf7cb812154572fdddd8c8649dd32
SHA256 265742883ff410f9f0d503fae5c73e2835ff17b6eecad9603c087ccdce65fddb
SHA512 09838422061f84e42296dfd1ed087b78d14d9c38dadec4b4f396a4cf2acb2c59a8f5b79258a999c979d5d273382897356399c1f4687277410549c67a3c7b8913

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\res\Common\new pc\is-FQGGJ.tmp

MD5 365289953286d1d1684634643a053f49
SHA1 165c65d3f826f9569525817112bd734e1185eda5
SHA256 9f73067dc2b822776fef384bf396693a1ce1f953b5ba5e9650681c1e2d324ee4
SHA512 7725d55eae106c97255509dd1dd01e5066e306cf1cecd3ae4580c4b8e3c4c66ad1cad1ab6d10b2f185200e30163ad38e2be73dca9c564735f634f4498d91cd6f

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 b0a165fea35aae7711786b410c8ad03b
SHA1 182f50cefc9122ca143a59ea996e9d9e6027ef98
SHA256 e5ad94455d7b5a9c7439cfa0a2357cbba2ba87b1c70b6dc912a5c871508e9e7b
SHA512 4462da6b7b3dbc3e702b3b480047d1c677bc2736b250ecc86a529e837569330040ab5d4e8b4b4fb74dae2723ee0e0b9c9a66cc1c60c71b56910bef0ee9a0797f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-N8B1V.tmp

MD5 8f786a81373b4e8d43b680227b502f9f
SHA1 30023effa63b4b48a2968b81611fbb752ead56eb
SHA256 d5b81ac00fe51cdebc33166cf9b04ae1ad544fb70b2d1421d60e71343cd04ba5
SHA512 ec571044d73c53616a1f64f80e28c80837a94ab3b64a41ef6fbd3fb6f8441c82c97437dacdf8257f882953f4f4f8940d7a2ff45a92feb1f857d6e02df59b026c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\is-UIKMK.tmp

MD5 c54011f7f97a68ebad07cb5860595d9d
SHA1 fcb34d827cfddc32c4f6d0109514f437cd167189
SHA256 edd375f4f562fd51ea7eb96b0bfa95975eb42f79d054951714fab07c91578b4c
SHA512 b9dd824bc700fe1d074e6d51b999e6813dac4cd1791472ccbb739f83d4e7455f0b97b6678d6ea0f62c4214b315a87f3d22df5a5270462e962780f11bee65cb5a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-U5FK2.tmp

MD5 cdb5483ad30acb81e6fc38bac0e70d10
SHA1 ff287227d69f29709bf27dad762fa674086561c9
SHA256 5a49452c9c49fd7fc2ae564fb7d8d42befb016c10c38ac280e351bb3f5319882
SHA512 58e559bceb1cc9942923d20afc49801d255675dddec5adc87aef71430eeed5ad9daf9b96247cc505c6b7df7f22f484c1f5244e1ea300ac8162fedf669dac2683

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-27UIJ.tmp

MD5 fc729316b9f0d0d2a753d83458f19d27
SHA1 a71732c2c1f46a52e7af3dbecdefdcfe522f69f2
SHA256 8f2f9ca6110f2cd6b4861e1ebbca5476792872c1b5b611d5fe48dc6cb8bcf39e
SHA512 c99bb5521915aac6ff618a9629e7f61198712634d5b9dc733bafe9ba53fbfd9f506db1dba7a7c38bccf7f95e6cdbc617add2bba7e99e249d55ae33da0160c696

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7AUPL.tmp

MD5 cf67be58984e3fa5068d8db07da19ba6
SHA1 78214e50ce271ac6d7da66fc221e69fedd405498
SHA256 d1a462bd64ba14491f8f671766c6a5030b4d2b4a71fb9186073a6c88081d3eed
SHA512 c7508569ed126feb7b636194d213717618a1dbfbd40065683b3299936490ed5e0d6fc61261dfad6006fe73e5eff2981b043fad253ca8ff0493ce5554c40ec4e5

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2G32G.tmp

MD5 5ec9bc4e91a825a767bf709726924a8e
SHA1 6d5bc48d7fa24d499013f15e7dc31d7aaad3a01c
SHA256 0ff28d2793d021e10979d8338a76cc76c4846907b28cf6113b018245b715e281
SHA512 dc3f8fee4b0cdb4fe07171da956f90f73d04564197267ece6e1fbadd566b36483f304376ba0e1aad6b13e14d3466c0a95a9d54d65d86e1772a2f801c2b7e4284

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-72Q0I.tmp

MD5 c69ff0e678478eb4a6818806664d9196
SHA1 2f28315260951357e1812997c2c623ddbbe911cd
SHA256 0823c22330d319f5181b9051aa0778d007d47bd173099271277849157b3859ee
SHA512 90d3b5e2b9a8b73bc6c4d10fcece8d91f120ab69d9bcdcb39cb9c1dfeeb0a6003fb1756264cf55e7df5a033718e7fac9580203b0ec363d8af79b5f02b821023d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-4KUSR.tmp

MD5 faba95629feaa0dcb735958390fc9cf4
SHA1 c9a0a870d9eb8ff183efb7ac3fdfb5af5c47a885
SHA256 78bc6bc9ecc7901fb56bc1929324b8c9ec0e999dee17ec9de49e817f0c5bea41
SHA512 7449612867f8692bc7a98b182d2a9921485804dc82b65eab131ae6dd110e11eb73b70f71a58a026bec752d506a4412b9b60983d140a763976d857c16ad05c30f

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-GDTKP.tmp

MD5 88a5e9c0b52751459e8faf28d91f1ead
SHA1 130c628b6d67056d685d8493e267accf18a19d7a
SHA256 08d85a27079ecf282c26b7d34dfa0b5672385f9858e5ca3d2a239ac782aa2895
SHA512 cee77a6552ba8b42256513f8267aea3d6d97a93b56e655ddfc476fac6df2585b3ac5a82d4c9326a68e6a1d1952dbf4213763def715316d829a84fa97e8916d08

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-3GUV9.tmp

MD5 c2f386ff90d53b056a69d87b39fd61df
SHA1 b1a4a52b64952ccf8b1253927d7001855c6a6007
SHA256 2848a604e42c9fb0770a598c138c213989f7000facb9f745aa5f5910b4aaa951
SHA512 e1bde389bd733e496d495d966a866b450992402305732aead32ea0ef479c624810ed22d09db3ac3e799fe91bae6b2a6eb6451ff834dbaf1c8369e03617b14ad9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-5KUK3.tmp

MD5 b6db5e55b8b57f7f44423902fcdf94f6
SHA1 caa96d72a94c0c70f538a79b039332ad0599d041
SHA256 702207640938d9f8e135fe2ac783ff3bd1ae8f1c777ed55da2f38b7baadcc1a2
SHA512 b042cb6983a41a032fcae8e59a95dac4db05bbf6f7dade097a1f904d5097ad1f6c5e6e02f92138d554c9b329880f0fcfd8674ffe8f766b4a0a50cc73b45ea873

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-6N82V.tmp

MD5 74c04bdb7672e6f1688cc9b53651d5fa
SHA1 47f2614432bcab4708d6f3f5c88fbb1cc2139a24
SHA256 554951e9c282df960bf750ee5a6f1f03738fc2d5395a28d2261b780f5fe7a63e
SHA512 a77ddc3cb2520c86d0047f5d7290c40b6d0ccece3740166d2c8e9889d56ab21c9e8263be899ac45c49023940bd8a7cc29a61a5fec79b9ff201279f192290823b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-7OUDM.tmp

MD5 9fd27f5dd094d50b97d30d623dbcdc15
SHA1 fa1ca00fd22eafa1268553558e8350ffc7ce0f43
SHA256 1e2d1c289834ed3ff05394a675af58a1f3a03cb46bf118b1cd3df163a63e2149
SHA512 49eab357e4964bda2400634174778ccf101ffc40abf9a5585d432330428e3bb93d17bea2d433e396780266d74949de43a4541d3655afc68079998eb05a794c2a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-NT6CN.tmp

MD5 a1cdf6df3953ec3d3a05892f3a7dfbce
SHA1 17b47e4f6f1848f134859828c329c61c0c9c06db
SHA256 67c799d9a989097b3442e19ab23466d8aec24c4695a5aabaa64067b595126adf
SHA512 48da47b03723ba7bbf589f734d5d6bae7c39202ab363b53d5901c08749bceff21bb13c63163778e674774e70306586d6dd9069f8924e5dc65acfdcad7bb42e9c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2J5TM.tmp

MD5 ebaeb1736871f5af6750d880f9c8f56b
SHA1 9a1dfed0ff7543d3551e93d21da50d72c1fb0dc1
SHA256 271547a0096cdfd8789c23d94c89ea2f4ac4f39d4121035090b18dcd3b972f83
SHA512 c5b7409dc5bac68e7a7b5ec6eb82093628eced6b55b31ea4b3a93629657d25521ba4efc5401259b60cd7b881be55cbcd82b7ac39cdf998bf25260cdd4e63954d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-EO2CF.tmp

MD5 31e5c0c38f52ea021193ad8293aaba81
SHA1 cdd50ba8623a32dddefef9a59c57abc43e1975c2
SHA256 45f8e0006ae2e67b57cc708eddca308cd06224f4d90178feb325c868645ae207
SHA512 ed4625eaa5d78c1b5706bb389b0fdc602f5e52ea5ca3dc05004b5e1e15a0cd32221c0c47790ba4578521aa2279e8ce52b6bd403a0fccfe2bf23e2680057656c8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-2FQE0.tmp

MD5 6d24507b4982a1a5098dd9406575b4ba
SHA1 098e6c8a048d63099a53409db30c27b6b8096c5c
SHA256 63aeb6596fbf25ff06b1986e7f04b8d0f5e66ae5c63b8de07f1b9125a0ddadb4
SHA512 1c42d0ef2a21398632cae99368adc633e6420874308d1e37cd5b34189c4b4fd8b6cdb999bbaff049217433c216140037f80705d81a8edb580389f72f9893a945

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VEK74.tmp

MD5 9ae7f39df92f6bbd6890d0844e0a146b
SHA1 08aa2a725eaafbe0c571c7b1ab59d07b5ff15e05
SHA256 13bfcfc9be30e298e0a6fb4d20fe681ac83eb4aa58d1737bddd7e47f60ab1aa0
SHA512 92f7aa38577f0f11bbae86132a395520a09f3779199859053e2786ea88d44cad4155d23f22be38b1d2d121f3177d971c435b6f4054608604b73b85989fde92aa

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-RR2TJ.tmp

MD5 8994aa12bbed3333440284af7f3f8101
SHA1 305d9566c8065c7399f53718f71781e4528f3612
SHA256 eda273213ff8e14de4df17535c278d31a52173a808533852078a9d6a45b79213
SHA512 f55fada44a94936f88a0c233508ae3b41539d55f9e649c0349cc97bb9fc7dbaecb745bac9c310640186657456a4529fb24e43e85b20ae64daee4adabad2e6a9b

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-CJDQT.tmp

MD5 bf6a5d8a44424e802683cac1d07a67b2
SHA1 43d4ab5516842327ed6972f5b24e6a32088bce96
SHA256 f88ec5d69fc516568cf725742a7f5e72a8fb016a9aa5159997c021c3dcf85981
SHA512 af9e0a4fc629faa3cac39a73420c1b0cf31d6f598865e90c71d06f9a42913081db6a438e18c4ca75c36f47fa6904ca144efeab76f025de85a2136b4b77840c3a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-6VL38.tmp

MD5 c8ad97b5f4d802791bf78a967b046014
SHA1 06a912988df6941ebcd64f343b30f7875e996d8b
SHA256 b610794b5384be1d3af85d23b756945b9d53460563b8a8c31901b65512c0d567
SHA512 29630d68b33723da1a91c67937c0fdb7a3e3ff69f5268d8ff81783a2cdeb0201198f2dae1cb8e4e1ecba47dc85acfaa24146139c8de73f5e3108b553a23d00b8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-POUFT.tmp

MD5 72fe91b7c8ad5250cdc6fcc60e08a3e4
SHA1 ad8ebfa645165b02ea1ee045d9472cb8c1b827b2
SHA256 cfc90a9c02091b88fdc4ffe08c2bff87fd5604ebedc084c6dcede8d0bbf529bd
SHA512 8978d61bd38e0dc303b66b72da1db49835cec305d31e5b7c8659713d7557081b116e913f7e942d67df90771eb2defbf3cc84c1e57f7ee81332821d91f44601c9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-U2USJ.tmp

MD5 c492ccf00c6dff644788e8903961f576
SHA1 451257913871c027f6724f38c48d7292dea1c284
SHA256 375bbf456beb2eda2153686d806e3bdc25a11b8d06b2ae7b3de2460bd6e963e0
SHA512 e3ba0c3d429bad9d8e5b0712506c3106de3343572170b8e80565adb325a5054b88204b3364de31fd2d4ca36b77937d4d29ff3072dbe0e1f56ee359bcbcf14a58

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-19DAR.tmp

MD5 b95e3d14475c7b4d8a551e789a73eef2
SHA1 66791a121f26309e18b19b31ce5509d5d80819e6
SHA256 fc0c94822dbf0c3087fd4bfb84d7181a00bbc9f8de4cbfe1387ba1d83a7fb09c
SHA512 1b9070e391a44a6cb2f01bdc713e1155a5ccfa82a9361d5b8302e7b9582f3a21cbfe156f9199a571029da26149a1757d9a8c009ae80ad79a7c08eb712310e6cb

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-737B5.tmp

MD5 ce26d003ae276a17c7227627a297f9dd
SHA1 cc642f27ec79b73bc67305c64fc7cb2b329e5754
SHA256 3054d03b401a44ad5ff02773106c201f80d2f78bc439c9cc74ae5dee63484387
SHA512 99c1e2a65d18ff25e45e0986e9a2f747c100ae71ee246076ded4dd5dd7e6f1dd1211b4b644e6dee4a054b1187f1519fae21c2d1f2b7ba3765f4ed1e0a68a6119

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-AV8Q4.tmp

MD5 8f7c6a5e3b791bf7c4d50bca0845adf5
SHA1 b11f0389da44c432390b90746c11e7e3da1f64ec
SHA256 2a3124e0ac67700c286c075c6423c3369759ff89faf3f7775650145ffb39ee3a
SHA512 ca6eb88e929e31efa0655e9930388396c85f370c24f6d72fc8f0dde217723983684ec52aad29e964363f7408b2c4e0e90c4eb630f802b6c6bb41dbd58fb53882

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-VKGHR.tmp

MD5 a598046ebdf1516c21023d986ab43cd2
SHA1 603ce125e3fb1872dbaebaa9d1a3d0d80a16b567
SHA256 cf185c621901ddbfd76ed5341b2143e77980520467dfbe705e99260b84587644
SHA512 dd170baa1ecf2ccaf8c68a0bf4bce851e8b859df7ac4cb09a7953c9aececb61b63485679dc0c5f89b1ab4e87175788aa9706fa91ba353b8e337b41d8b07303f2

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-UQ4MC.tmp

MD5 a999e53405052dc4c842633ba30f60eb
SHA1 1fb32a47a26b56ea280617a71c4a40d2f7017919
SHA256 8a042b9acd1b26762a0105b840eb97ccebf9549df5cdf1135662ef5da0d1cbb6
SHA512 4bcb23fdb1f596f25f01452e18b6f1a545215ae63f0008f6cc5408b2ea861d0769a113112b72f7e0d8075ef303a87e8cb1b5af499bf2b671d3225aed4f2b59da

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\Config\Compatibility\is-N5DCL.tmp

MD5 bc16115a339c0bdf5a5affaaa568253c
SHA1 5f36fa7bb74760efc9265d1a52dee6ef5a17be7b
SHA256 47184b3696abcfa5313c6c9ecb439f12393ff107f2c230bf0576814bc6e02241
SHA512 c7f39dac4d5fd9c5d02454abbfe94a84607b69ba1d26b27881039ef3c25362e16bc09fcbbad4d3ff7b13492c77a22152e0d5fb4432d934d387ea2893c50919d6

memory/1400-6404-0x0000000000400000-0x0000000000438000-memory.dmp

memory/2192-6405-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-RRQQG.tmp

MD5 495c9c664b5be8bdaad7fd00feb04355
SHA1 2bb1f2aa889f68f744a8dda82cfc51df721363e0
SHA256 398c5cdb402c290ed4ccbe4e11a4947d02883877dd35b8eb731355c737e1c823
SHA512 c8f31da3e9b22ab13f2b0b1e1229efe7d58ef9bc0e30ea6b228f062eb04617c63daed9f01d43dfdb780645067be13e37b75b636bd6e0b90190e043619db177bc

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\UserRate\res\is-91RQH.tmp

MD5 4eb62964a6ce446f5e842fd637baaa70
SHA1 a376149281f022a60cd2aeefb15578cfdaa05a77
SHA256 1a43e690a41ebc32848cbe71bfb957eee1684a1ec59965b1ee7900211233e4df
SHA512 68e9361d2d7af65ad0cb5eaeef09776e77cf80ebaee1170ed7d3a37006ec7ff98f5a8c4b510bde69b98418fef09c31bda348f71fa7675fd9193938e36789f57f

\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe

MD5 7d8a83ddb4991af9aa4e65616d38a9bf
SHA1 13e9b549dc4fe810dc4293438e4f09ddae5ffa88
SHA256 4264f6d9454e997226427ef7a4eaafa6d58d72c124bbe3ff71831eb421e5d72a
SHA512 92d368cd162e39e1aec41faffb94f45ba9842bc97cae44d6c433867cea126791efc6d5de298aef4754c0405d8b854f13776bb1664e51febee479a8564f010a8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 0a6b750b37fa13b2e52ddbe251fe0fea
SHA1 3ab473187c74690383c3a498fc519106a38c2f5c
SHA256 284ca5c72b1cdcf958ef0f9d83551be26e2f3a21bfa1436cd4cf6890749b580f
SHA512 50df90eeffe0bdd93b1db89ae68efd59b52dc63cd56dfa10e615a19778a7d6d2c2ad642770ff9820d7babecffadc95ebd10c37063bb1f47a9a0fbca9b20a9d6b

\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ComDllRegister.exe

MD5 81cb46917e30dd7831e5210fa3a8a163
SHA1 cff7dd034e6528dce3c7b21f612a3a215db5806c
SHA256 ae17fbafa1cdca80dc0f414159cecabadeb69ef9c4d69ac58412fa430e716de9
SHA512 70c1b8ed3a45fd7afa2eb6c3be33be5ba6d527c99afac82168db213483109af4a385e2d4f3fb8bb1c8a83a0b51f3d3910808cdfb725231bf3068d7eebdb7a48a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\MSVCP140.dll

MD5 996d01ad6a71761f29a98ec9e9f30007
SHA1 85aae459210739b2d24f24cfa1a42ccfe6478514
SHA256 c8e7456f4ac9aa65ef3ad61a6daf30efec9737344d173b2d6d2c16e752052a55
SHA512 6b145328a61bae1ab8be7ca9aa07e04eb06924cd2d24a8513b6415dfe112440016e21ce24ba69d8cc0fcadf9de5276b7b7961b9c0a91af4e03a0009521c41013

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\ucrtbase.DLL

MD5 5a2b41a8c62c38d026c2567b88bf6ffc
SHA1 9af1d9501b17af78596cfc83657531873e740929
SHA256 9793b5f7890034ea345726fc9df07b79f518e1aebef2ab8b3d409f67465cefa9
SHA512 a0457dc507b4e7e5250a30a53ded9b0de1787f6f73e3586c1fdb62f1cbe924c4ca9599a3ba69c72887e610adb15d7b2cff18fc54033afc3aacfc74157ac43c27

\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 c29a67702f252ee33bae5d90046b3d43
SHA1 3866b65335806f6ea172c0f031e5a9d582c5e926
SHA256 55ade67a6e64caa2b624187f875ee562ffac8eac5a2d49d06d935c09812e2cf5
SHA512 b3b1c5715bbf47671ec837a20fb6853b1124a8bb29585a48a0d32af02bcd8f6368158f8bb74e0bf79a36e73003ef4f40860bbf87b509a1d323dadba46e7cc4a4

\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\vcruntime140.dll

MD5 9248c36666a2fec5e2a8913d6edabf80
SHA1 b7bd53b97974d5f4ff3a3935a104fc85367c105b
SHA256 c8e6089e6efe9573af55cf011c4e41b21235b2531f6c395faad53f410f22acaa
SHA512 eb7c878f3d4ebfb175579cdbfde8d589c71d2dcfbc02455caf132b5ea6964835cbce52f9479c0f6e4e58624629d4e13091a97477c914bc71d2ea4cfc9da404e8

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\FireWallAssist.exe

MD5 fdd2b614d0e52919749df5ae11176485
SHA1 f5ad021bcab11e51c49c81a90962130af8adeed9
SHA256 45593a96fc320f49123d9b8f813ad796f62345638dbdc8b58ac227a444978715
SHA512 e5682554503197369b4ae80382991606671374b1e96abf8221de776213de552fda0f74eb673a8546d05ad8468306702d79f3cc39731fedcdeac28cf709c2154c

memory/1400-6608-0x0000000000400000-0x0000000000438000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 4eac836153cfd5a9023d5f2f3c6955aa
SHA1 7e8a8def34e21bec71c8904570e224b837cc6504
SHA256 9395ae73d40b752830280b9535dc27da726d5d5329feeb6879a2f595dd106880
SHA512 dcd67dc7e5b50de6de545afe2ab208973846ed9e4e00dfb36a92dcdf8a4247b45a5ca9c18e21084d1bdacdab5585852a3d273b4dcfdaf0b469850ec57411b4aa

memory/2192-6607-0x0000000000400000-0x000000000053D000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 9577b93485a47e8128961f8b816a9ab1
SHA1 0800ede13561faf56f8058a9d2ad874ebdddf980
SHA256 d1bb47e8f488c8cc5c9ac333c94a3317dc4a1664f24210c47c6a060f038d4c9b
SHA512 c626aa3306a644ab53b618c9a7a7503bf12a07224e3cb3201229ad949f7d733fe502b098a08f7b7d9d4bb3bbe8b5412520218c94f53724cc2092160a3bc4cbcc

C:\Users\Admin\AppData\Local\Temp\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 71783fc9640966af3fd349c06020a5b6
SHA1 79c3e43c964836bc4507d43725b36fd1ef431906
SHA256 058117c3f4bb3b6363b0d6be3f39f15f19bcba15fd118bd1cee7c866b74bcb65
SHA512 53c17f2cca83c0b9ff18e464ad6db7a63456320fa8e6fc56c5df351f20a1d82ccb033adb983e9a0d495861ac7eb4056bc765cdad920f2ae4d89e640cca1e0cc6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 a3c82c7ac848549647f97029a58aed10
SHA1 76bcb9f481c80eb5b4b1433f70c320a0d772a563
SHA256 8637ab27c6f2aa715b4dfcfd7001f914ee3b6a4bfcd5034a6add751da2c374ba
SHA512 d676e872530a0b173cd9b164a394d078ad319910d3045d8d5ba159a911a60942cc7397e4f76e5225a4281ecbea24bf01799866ef4a3eb645a1280db1c216c0b7

memory/1516-6668-0x0000000000460000-0x000000000046A000-memory.dmp

memory/1516-6667-0x0000000000460000-0x000000000046A000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 87adb8714520be93471d24101db1e580
SHA1 0dff497efd8b44adfeb134603a25c43f184c3f8c
SHA256 9311de88dd437ff571be8cc4320f43e0eb04a43b5dd9720b1d3e81aa15690d6e
SHA512 bffce65710fee9c69496d89c0ea73735392da7d8caab43c86cab8863c14c5a128cf32c4656b491fce7217f25c61834352e4865aaf6d109c5e19a7203a18c036b

C:\Users\Admin\AppData\Local\Temp\Cab35B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3FC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 692131f6c5f048c347e66759601d3305
SHA1 4ea3dcafc8e2884b997fb7fb9138f84cc3e72876
SHA256 7c569a13d666cce31e9e504fd4bebf14cd58fffbb3766922287d195507cd2a90
SHA512 b0cbe8f29282acfd6062c976dbd4d771e93cb03b8ed4d69802a77ac3affb56068e8aa919107c2f03d7d599ea5d8874e1b93a4486a01e659a4463d2d21e64beab

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 0443ff005d53f9cca90c91f4466ebe33
SHA1 ebb73bcdbd3a1a12bc19768ad0088e9bc3ae49d8
SHA256 4a5b56f81fb65e9c726b946ec516966fb3e1cf610828e1dae3af3ff948af65d4
SHA512 2d53b3aa7fd389c67f256ca8b749c8a7a389f417d52037e7d0829d8f9a1801fa5c60d677e8c71f636fd4f206127518dc259c4d04d88e71c93d55082db680f3f6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 622e73d9280152c19e4a3e071411103e
SHA1 0cde1b9fad35af37ee5d8e37684f7368bb4edfdc
SHA256 85a18874c0681aa0063dfed3f879aee0d0e2622664a3080f56e860f46ccec89c
SHA512 d27b5d0ceb8c69975e4ecba75f776750fc0bca2176d343a0d72633a94b685e81b95d23de9b80bddd13fcf839f7450e9ca9ae8e590c629a92aa22c92cb2841dc9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 f6f4a1b4f375b5c21f2372fadd7aafad
SHA1 e1a3aaa829011a065374145e90ece94c8b5c7fae
SHA256 97f056c8107b38f9e060ad127170c98c57b48210139cd7ff6f6c690c1c6c1fb1
SHA512 2359a9b35829b794dad89c76a44a1844cfd254d279295c5a452157e946cde32bad0c765ca6dba467ef291f14d5e88dee34975b07b72f750c6c372b419cb3e562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36b49afc8083ae8315978bba05e65e9c
SHA1 206724c978ece68110a0e9e0ec93e3dddf5c0edd
SHA256 769c5ec1116312811be07bab23a296f81e568ba4e26e8de3b8b670b5e6829ab8
SHA512 1c3fbc4f15698c4fe845d7550310f496f6f0af903a79afb252973f2b1c9cb8ae462c7e2f4d54bf9209f7590e286bd747869a6ec9fe661e82bc0b975501e780e9

C:\ProgramData\SystemAcCrux\dfb35f2701c538eeac.bin

MD5 13b9d6e983529423b3a456278c617891
SHA1 9d8357be7f0611692e110f06032e9842a308578a
SHA256 75904285aa08f139ceb43e2c653e35ae774572bac1bebf2b9547aafface260fa
SHA512 69302b37aa1c3a182e4b2e508d34c8ad27233c9e8178c8c42a1a44fb71a624b2573c64f337882a16953a6c04e794c1e406726c6d99d46c774f6ed71ec9017319

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 0cb8a0d742cdcf45fbe44437b9703fcc
SHA1 433671592ea696193fd6c4a7514edb2e26f5cfaf
SHA256 473d13665a16c43f34dd29e12f8d20b5c368587a5abf95a6b204d837cfe5fd68
SHA512 75304379f039462df4376f2e4edb4594b68f358b86e31a6de021bfffd37d1064a3f17847bf2ea2147fe57e5b4f73407ffec4859ff24b3bb09ed08b9d0688d6f6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_retain.ini

MD5 6b78ff9d8457040d7fda9312968fc28f
SHA1 ba4be27db3ad50a2042e8bed0d3a96ad69e491f9
SHA256 bdc25e69c6e430d8a93fe1299c5c4c6cb8b537c29b1cce41bae65ff19b51ab4e
SHA512 7be751a2ad7db78be6888f9f8c4dac3ba98c408cf53d444713c680d3dc8ad07083d201bdf20d1a9c70dc0791aa331b237cafd84d78c12aeb2b7ef6eb0d556e40

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 c743249b171df5c210242ae5606f2a63
SHA1 41f3b22e31cfa719e8ebd2c099e01ddf37e28894
SHA256 e4de45a4eaf42d0bd589043de2e632ceee5646ee181e8f5858830c69661ba6e7
SHA512 2f9cf8b39792395c53401ad3aadc54e6a0793ce02fc9be5b90754d2e146498fd99a4dc826638eb3923e1e67a41213bea22b9de6939d191891a60db2ffc7e3d7e

C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\F566F209285542D4B4929A7BAD21BDE7.jpg

MD5 6a114fffd529730579a7bd53b3ccce79
SHA1 c7c8487849425580b5a4d49d9a765929451ca0ba
SHA256 6715012d3972c3a78a5ebad2d63a78ac4d940a48814b9de03cd0c75f39d87341
SHA512 8ab6dcd37c18d28ba337f62b1ae03adaa06ee73e5d570db0a76cf7870a029e0faaf3d4824dd3f659c56de94605e410d0a1ef2fe9f49de6955b04398c6def2944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 586099fda0a208fe2b6961444dd122d9
SHA1 c7021d51b8be9a2fce2ebc34ca90df960822f43c
SHA256 bc3c51cab8f7d8b104d3b68ceefe859be6ef1b9d9bbfb3fba065d4fcbc29c4d7
SHA512 33577a1e7d8b86c247bf3e97baa33844fb26064314e1f095ffd04951c2746e4cc07732e75d7d6ea6f260a743a761ec03ed417a40bc604842b637796fcd3700aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb76f8f28135f2bbdae90f881105dbf3
SHA1 102843dcbaa4b9ee0fc80b5849ed7967bc077b8a
SHA256 a96559b8c57169bac9018e92aab203de80af9519d3c47a27f2de0ce7fd2213ef
SHA512 a4d42fd456aa842490a6b51d138e9c945e52ccecf425030ec38d17d93445e7ebdaecf6c9b5fc719737afa973c646123e6752e8fa3ad19ae4bc2778d2e5e28075

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81a0b96562a43414f714d0ce43dcc37b
SHA1 e925e7c68fd69656613a3603b3ff144d994b6eca
SHA256 12c8140db4fcc9d3bdc51401608054f5f53d9fc851a685b69146b0d8b38a1fac
SHA512 41c32be620f0cc7694872fed366e509098b42990cf3b75561e314e1af32ee363a45bc372f0064c1a9121c7a3c13693406bc7b58b04850b027e917228ab3a7859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 b6fe4ecc60f89ecff1afed709e940f02
SHA1 a8e915ddcb754b1d70620105605c3bc9b74a6fd0
SHA256 fb6131a007c50057526cd2e1ff14b4f1dcd5f33f2219d76a618e5cd7644aa13b
SHA512 accb57b8d27ecb6ba53b97c929da8c481098e11f555c12594755ced639b99232f7c53c1f6e48262d493888ee88ed7d5a9a2afc377fcdf85f68de23efd58a72ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bd76ed5216689a19613a10e5003f890
SHA1 acc85986af936888681c1507324b9f718926ee4e
SHA256 0b272be6b1a130f07386b38701afb76a611921c2746f9fb6e4ecc85769374a05
SHA512 4175f42eee47d1ba52167f22187d76f3e98d468198f2c404deabc1d86f6859467760af7cecaed21df7836bd6a90fc30e2a8c595a440b0d7c6245516665b77ce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c730280b95a0c154f3d53a8211992e10
SHA1 3d14dc08bac4fef9ceeddbaef75731d656570fb0
SHA256 a2a794ca2c468c04fd8b8c2b8e0f9c768b21ea472fe2daba1704ef1e0d5ea199
SHA512 25b097197fd5f27848908c89eb0f8690cf471cadbf90713288da5e1598e128aa137e4a3c3fad9d837406d58c6f74d929999afbe029712008656cdc855c11f076

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a82f130dfe90e3d2d5e86a30cb8c67a7
SHA1 99b00cce44cd13d42ceba523a4bfecee2d84dd8a
SHA256 a0962987083050438b38d47a5382c421df93c79d0b0c357f94e86146645ca3d3
SHA512 944a2fd768e5909f3e67ea8b7082af9a946445f7dac30dcccafb84957b7702a5aad96c71fd8a17ca9c455948d782eef7c11222bfb5b7fcc3fa0f2a866c62af39

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 534e447788a5b3030cd96ea6e88fe25b
SHA1 04ecc5b87be49322a6a3d187f9feaa8c6495ba7a
SHA256 774c0fb0ae8f2bf6408f7160e381a6e10b5c736265c8166d9c68c10b04157f71
SHA512 691ce6889a76526de02213dac85f4b4f7b7394aaf6349ad3b4b6018d8403eaab14bb3fdf02589042f4f00717b8704f2145d60dabccfc30a0dcc5f472dced1c92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d52074eb4f2d2f25d0abfeb7529addd
SHA1 98ed68e72d0c1e5023cf89fedf193976ef451fc9
SHA256 b73f2a44e0c133a52d997fbd3cf384f6b1df1882bb21996530114996d6c4ca70
SHA512 62ff237aa61c37b0e65c1e432978bd0ce823ce4c18853602d027b77bcd3e56a10b9690ea1137fc29ca41ed3d925b951c00f989dbab8b6b199e355c4cbb813c1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fb832ab0caac99fa16c14f5cebe6ffe
SHA1 0b0aa740cf03c50f5b1dcf60e56491317f3b29cf
SHA256 4635e496027caaf365816d4c3967e2cc6a2afb94dbf459a0d441fced5557964c
SHA512 2310049f794726471e0f4081772db8f494d6876e942441475f14d0868a0863007329bd866d2a7010d104e241b6f2c405baa573094680b90ddcebf398db501f71

C:\Users\Admin\AppData\Local\Temp\~DF2FB87A8F2AF82DBA.TMP

MD5 27e0fed147e9186eb50577ce0bbc547d
SHA1 5df62955580aad9e36be2078e72ae6f09a6f1318
SHA256 8e28bf9a18f9e469c6806580bb03fe771399d750cb9c059b6a2edd0001edf25e
SHA512 8317013a49d272b6bd2519c716cd4c36520dcebe83278e55aefafeb419d23238cd97b10898292768e81c85ce2efd2c91a06f6e26245e8a0d52d2d0e6a7cfc690

memory/1516-7629-0x0000000000460000-0x000000000046A000-memory.dmp

memory/1516-7630-0x0000000000460000-0x000000000046A000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 75813fea62f42133589f289d45d39e2b
SHA1 cab212d482a6d197296ff13b67d2395d7ada9ec4
SHA256 b30dd6f08f1cf7c27e458054167202a1d14fcf4476c866d8f8c89aa1ffd6a466
SHA512 2bf1c504ecff221630ab3f87e6cc408c8c574d80d9d7625509fa55663dc6c59ab2216d6558033301824194a40606e295315c07e5937e732910c7ef5945efd517

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 aefcd12a859e91e71523c419135f67c9
SHA1 da0c3aee6873fb14f53d06d4b48c3591c5a9412a
SHA256 d907505d75df0a07b4884b977c1ca6daa6d80f9c2d5a724cd48ef303dded2cf8
SHA512 9d95974f5e3195e9251a491836a4c8f0e5e4ec63eed4ba38eeb8fd52933130c38f05f0c5889c2bb8abd0a80367b8507b066c3ad56ec732321749615a5b3ec767

C:\Users\Admin\AppData\Local\Temp\PCT_ACCOUNTPIC\60D177A192A148BD8D27010F560E13CA.jpg

MD5 343fa15c150a516b20cc9f787cfd530e
SHA1 369e8ac39d762e531d961c58b8c5dc84d19ba989
SHA256 d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524
SHA512 7726bd196cfee176f3d2002e30d353f991ffeafda90bac23d0b44c84c104aa263b0c78f390dd85833635667a3ca3863d2e8cd806dad5751f7984b2d34cafdc57

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 f1129c9b518e4f76378b211ad3cc2dc5
SHA1 cc2ca9a8277b9dc35f491f7cee1e9b38c35a2be1
SHA256 8c4ab3df660ec4aa4018ace315e9c8a5c5bc7b9558ebb9b8f111f4cf2b14642c
SHA512 77f568588774cdca0da0ec32663866b67321829858b4e6ae4a79dd66e20a80a037ee46705647aedb1e444b99b9833610fa70f50e0b52e2b2734f57e6b430ce26

memory/1516-7704-0x00000000059B0000-0x00000000059B2000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 3ba37f1730589aa79d53a286e2cd9bf2
SHA1 a0161f076180b7b0e236ece7f0735492d4cc2364
SHA256 a928d05a5ec510043c2fb0c3e13cf7c4af1a8bc827c4f3def1b05e4a36f74ac9
SHA512 2fdcccbe6d1a3ad0dbe29fd8f2d00a8dd554f409b03767ccb59845cf6bf2c5beff82958977bac511ca49a94af99319e9b331be706093ae609defa5311240d5b5

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_temp.ini

MD5 e1956ba05bcec37e57497ca5bb13fe69
SHA1 140ef26c93f1d58297c4079430103e10cb069cad
SHA256 c12655a70b8ca94cd21d6e0f1c55b1b91fcdbc351f9642aee9dc7b5dfe857f7c
SHA512 51cfc5d9014a70774d8b9760f26fbd0debceff087d09ac31a6643b9758210baa951dd22ebf52704f2eb455ce4eb45683afce05fd14ff15f292121d2d641ecfa7

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\pcta.bin

MD5 5ad78df38798d6a83be0a7439579c0a0
SHA1 99df4123c5e0ef625dbe61d776ce31ba6aab8e81
SHA256 fd385b367d688876a0fe30ef2e32a2f12a53d708eae744baa2c69ad40906c7d2
SHA512 662222b9f6229578759124ed81f51d7fef7465a1ae84b7661035f9be14f711468d1e767fc90cd7a70db6b9ee966c349a94153f941009a7df5d3754d0183c857c

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 fcb0b8f570023acce14d914b85e2ffdf
SHA1 bdf6c66744f8075496943d6f9a9d6a021a05a5ca
SHA256 02ebce59eac57e99688353ac62d3faac6e2cc6d060e1774b81d5d6009af804fc
SHA512 58a11170e1d769e5a6a9d267b933a5b3a26544d5c8068c24f4af14d88d44b70ff1d6b3d03e9c8ff14cecd85c2b3571e5129b3b247d694c584ce5ea4247755039

C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\volsnap.PNF

MD5 5e961b1e105c3b3e61e882a553bf5355
SHA1 a5410576b80da1982c64fd9bb81b85f6bc7cd12d
SHA256 1b68210cf77bbf95273c182120e0e38bc6750b361a5c2725319afb753dcfc0d1
SHA512 943d43bb77968c9d1df98076ec4a344c01596b2ae7771ce37dd10389ff96eadca91412106f404da5b54fb345d6e0e845259c8cec4537ff4d23c46a5a4e8d756a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 c64887962c8503fb1092ccc7dd52c647
SHA1 4e3054178595376016136ccf14066e5082cc2bc6
SHA256 2cd0a37217f303e1710a9a8a2c2f96918842cc5d4dfa08a48c27032432388874
SHA512 3b023d37a627231c1011bc1cae8940d59a66039d68c06b68f65f8b0ca5681f90f410e995cfc20df88f853ef79ee165e6bebe5107511b4d6caf1cb7a22dfa26f1

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 e0eda5b25b0316508f32ca8b3bbf1657
SHA1 79742fda4d21b3f393ec5bc9e929175de6205b1f
SHA256 844dd691f18c3e82167c536a28ebc77f9db8ab2d98ad480ba27341f70a0feb9c
SHA512 71c9af37411904b63195dcdfecae62701efc006efe4d9bf562204538be803f1d6700da5d1719ce65916384d9f699a884f71a1907cf8c01ec9018daa9a9c69e03

C:\Users\Admin\AppData\Local\Temp\PC-TRANS\5BB67F58245ADD45B63572499AADFEC8

MD5 a54f0041a9e15b050f25c463f1db7449
SHA1 d9be6524a5f5047db5866813acf3277892a7a30a
SHA256 ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e
SHA512 ea71bb243b0b2db729b9eb88e3c55a3f490fbff23457825051224a1fe6e6d3f480590cfa3a4a6b12c622d6ac366feb03cd17004ed004cb3f0d52731626946679

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 0dff8cc1dc5bb22687810c0354fad553
SHA1 5e937d822a608fe65c52c519b379112fd786ff03
SHA256 b31d3f39bebf7fb2cdbf1863a107aa85fd60d242b7ee03d3422603befa1021f5
SHA512 c20895b696fdf72017573fd8efb2d6c823880fde6c4741506553e64bca025e01eb6a62c9f2630e467abf34306676d3c554f093b5cb7f555577a79604b52b461d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 dff6ec41297eef135697d870f88f8274
SHA1 0222bcb3318573fdb0d6de9a409d1f60fe2c11be
SHA256 a97125624c7be167ad823f5ce6eb21a2c21fa880e846deac36ad91c4a06df0da
SHA512 0bb9b42a4f8f4823395940f254c8da036cd69e90211bb53074df7c426a2ab0c63b2b5649458349c7965d65344853f7bd3ab6ea35a325e4503598825a6804c54b

C:\Users\Admin\AppData\Local\Temp\todoPCTrans_PCTAppCore.log

MD5 eb2bddf82fb74c3c3cf432133d8ea259
SHA1 5f5f2783bb94051be5d3d81a21f9bc1eca7bb0a8
SHA256 d59056e46d9b12ae46ffc1404fcb79935dd879a950c9284463cfdfbe20bc934d
SHA512 641cc7e828f8dde01ed59a055d7bd18722dbde714b32ed09165e76fa41d7ab145febccb09104e234d00dc5026bb0ac38a061343918c96f8a26ac53b619f437e5

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 922dc4ad74a16ecbd4c5fbc13411b1f9
SHA1 bd8191d606c489a6d26fc85f2ab9959f1e60f6be
SHA256 fee561bb6cfe576e2bb32b3cfde29648c34ebf4e06164351897de0314634f2bb
SHA512 14e99d441358443a1c3aa70cc4fe8199fb2c84b86c53b028dfd663ccf49ae743fd86ce2f4c1346b6265d573bdf30b31931044d98d2285f39994b6caf8f4e8dd2

C:\Users\Admin\AppData\Local\Temp\PC-TRANS\AD6DEB2197A7214697F64502358AABF7

MD5 1821bcb04549613e1de729d389cee763
SHA1 18f28a2de35c8d17f92321d29234ad3df0fbc2f3
SHA256 4417570b9a5d5985e9c516f69bc8852c382262f4b406fd389bfa1936cbedd74c
SHA512 2d6ea1132deb585b177c41ec9f0b7ff0608dc8f883a9ceff5a7effede4862dbf84e2dffdcb183fb870759b22400e798090571269a1d20a5486a2ac46417edf19

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 5b3b3ee1d2b4f34f31c34d6c7f66a7bc
SHA1 7532831f9675689f90bc10224e4ace5e2a11e7d1
SHA256 7a986d7286a9feb55bcb2e7839e73acd7d6fc699c07cdfe30dcab53c37d55acb
SHA512 2753168d43fd2abb0e6d6b57e6441b2550518e72dd49ee5a8eb1a15965d1487a7efffbbc5991355e6296d0a818e1e726e57e5bebc36a4d770713c6ecaff21067

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 893ba51e16f81e8640c717b431547c6d
SHA1 af77fca414a3998ac86d739af42b90a504772b7e
SHA256 7babafe6df4a4ec4b5c012072ffca1c367b9a8af9999260d718edc55eac83e26
SHA512 6403c9ea158670044707ddb2455bc1fa15f77011104dfdbb58eaab65ffdc19c10d347ab9a69e7c4b921b0db634048df46da4ba1d2d9b2badb662be3ef198f354

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 b7021e519d9d2e98941ba0a5fec30e5e
SHA1 18dc38165fa00fa7ef49258a0f69f1d46a0cad32
SHA256 b20dacfd681e186f7ec007b191a87d84682392dac88d496a4ee22289ea186ebe
SHA512 b07c51d240947602619bd534c0e8aeb39159d40a8282fcf89d60186d426b885567db16fe429c56da0e3f765f587afc06c88fe9cc7f5a6b59fd8727130e0cf9be

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 2b54807cf0505c28516dcc97eefcaba6
SHA1 035afc860672c2af7864c02f0d47147350529f20
SHA256 8e2a92124ce5028c374ffedee2599e451a6cdc22d0ea9a23244421190e672074
SHA512 720a57498cf26e89314178e41277cb42fa65af619c786d8fcba2015d25396c9debff1ab120328852e5cf3e9de31af7aaf91bd10e141d5219ec89c938db1bd3a6

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 57d333c15c311fd47ad9bfc24c6cbc32
SHA1 bf29aaed9ac668b9e0036f836d28967f76bed074
SHA256 b854df5e34d614a03b39a6487c84fc71d51e92f427d3641cb2dda93d085d3bd0
SHA512 362b4156be4b6e7e7373a211ebb5e9bc7c5ad4bec0c214a50c1156085cb6639437f6684f968066bb6db5b2a97feed84f33d26cb7025b314ae2d33ff682532850

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 f89eb840d2f5abc8da795365da160bd0
SHA1 77d4f07183e3c7e4705ef229689a7d0cef48d30b
SHA256 4f181f0db94a1ab497eaf5e78cd19c07b2ab0aab003317784eaac84d44699d18
SHA512 710934481dfb91e7dee7edaa9a98f9bae12083cc6ef2cceb950d601cbf4889651c49b9ff6d3c9c8469116e3f11353e8a70e46dc79630aad4f45160272cdfa4d9

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 fc6902cbab7d2d1be6e1d0e61096e9bb
SHA1 52feea7ae5c9d4a75ab0129c940ae7ddc9edfe08
SHA256 7c3a47f38fa6dab096ad8dc2d488ce4c3f89c027d11bc09d71d38c91f7f43502
SHA512 367c65683a9a55a0caa754e259d0583cc89044d7b9f47d06dd19963bfe6293ead11631bf21f28532b365720fbbb7a0a441f37c1abfd116f239e86713e0c8af33

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 d587eaffcbf7ba6ae542be8798abaeb1
SHA1 a98d64ff3cef559a7dccbb90a082ad5b60f92215
SHA256 6693eddab8ccaaae3cf1ce26b6a37f7e4716df0cc62cb8cdf8e0a94ec9efa76a
SHA512 69c43ba4d22ea1aad857285cd0b1a36acb5cc392c6561460492f7d0e12e005120f85f98a5990dc6b3343ea2d09e7d1e54ea6dbcbf6730beeb083098fbe493579

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 8f396ab8ca2999644df17ae8f85b7144
SHA1 99982eaf04debb07367a267a6cfaf19d6dbb0353
SHA256 db6de2291acb84587dce120f500ee0bcd70fcc15c3a7fa615effd5ea3380a2bc
SHA512 c917f5c8eebf9ea2d51f904fdced55bcd154b7225fec1e6793a298aeee5a099f9ac7eefcdc746e9f55392271c5ba6171d9f312db7dcb1559db92eb25b48a90b0

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 c1dc23a81be44f72963190a3ae6ddbd0
SHA1 673372c6776c108f3fbc97103ed5ca89defd67ea
SHA256 f98df3353dedf4a3e7a0d83f13269b365f3a643ecb13543b163137c83306125d
SHA512 b548401ff3b9c77ee8cd69fc6a3e299621fce3d1fae1737b63c2631c11dcf3fdf90f38e028206c7921d8d9de4b195cc373fd03170d8484c0db1a4658799b1c58

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 4927924670480108d3c73adf09d50617
SHA1 4dd6d76c46bf090dda8d4afe39a739911f9bbb81
SHA256 46e2ceecb613b10d9dfcd4106f88dea8390c239a86a966ab41482b6593417e41
SHA512 842e5b6c3f844960ce10202eab1a41a0b721c547ba25c87bc2c6b5b6ec6a71037bc4d99f1073c1e39af0dbd7c389bee5c4ad3739d336139a4ea98f37b14dfd5d

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 678cba9679b3ed3c3309cce0920b48fd
SHA1 dbdf3ea045f27f27d3d1bf241ef5613dc22ab905
SHA256 49c08c333bcbdb095f828eb77d7d2b739898d161b0afd3bb0a00b61c6977d118
SHA512 c1742245d649b9256fb3a1c3a23aa81503e702cbe2fb273e69fd7afa2da88ff0e3140ecb3cde23bb9b9589704589cfef2064d32b0754fc89d428576ffaaaf02a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\run_temp.ini

MD5 0042c67d2761c4d9fa3964a25a538ed7
SHA1 aca01f9dcb224efd4f7fe9e1e9b38459f949cbfb
SHA256 a00adfea82d466d7fcf454f74f1042a9a2d219a65996983b00e8174eb01bd57a
SHA512 2fba7f8e254df2f4a3ac056e07e6c923734da696b230d0e88a3491dcdd7706fd82eb518d8f13e8a32df32899a85d63ea1fa01ca715bc500c79dfc07e2213ef13

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 e1f94b6a1ce07a49bc08850ef1376a39
SHA1 e31813e224b784a5fc7157d4eebb911243734fa1
SHA256 bc135d7b3fb94c7d61dbcda96c9893960dd1dd2f963827248eafe6b455fb53b4
SHA512 a585d9703f6c776d124811f8160f0463d07ac32d323bb7552b916d954708848675ffa2e1eccba9355a9b043ef525f30c1a3ea556a701ee463ef06427ed8f8355

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 918f0d69e71f77f4355a9050eeebfdff
SHA1 81535737d1cd8d8d1835d921a68aa0dbe7d5dad1
SHA256 2f783fe96b8d6cccbdd0f74bd4c8e46ca6c8054a6459876c00ba67d869be6a16
SHA512 de43cc45d135c92d543d7b18023510f4e826a4df0def2ab896bfa05b7fbeeb0144fd311ec1f8b08e7a3b9164a9b3cdc2cf0d465257af0e25b335d7fd388a50a7

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 400c875b73a250223b71c801b6b343a0
SHA1 8e77d42baa56fb6b50db2f9c1a25e812fb189792
SHA256 29d1034dfca2c10a013112403830e250891264ce3c6b2513f5fc4b8c5eb761d0
SHA512 0dd5a75e9a669494c9a758c366622798b7a04bae148ec137dfdc601ed9a561dec6d43229da6a88d76d73b5dd0aeca1de8df64619f4d2e388449bb2425e62535a

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\DataFile.ini

MD5 48fab33c9239366629eaed6a0438b597
SHA1 6a5efa7acf0fd0e7720b0ab499d775f3deaa2038
SHA256 669148696cac45df8e5f1055ebd0fe218e4b62c85e2717c095cd6a89f09cdf67
SHA512 5fde8fdd8551f953e8f320f35db1eaa7e9137b810a8a62eaaf7e8d3f4c66a372138d835d9493c7f565ff97dbe5d52ab915ceeb3f0e0caa7d7cf57973be05b374

memory/4060-13968-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

memory/4064-13982-0x0000000000390000-0x000000000039A000-memory.dmp

memory/4064-13981-0x0000000000390000-0x000000000039A000-memory.dmp

C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\RemoteConfig.ini

MD5 7235eb20e67df63fe9ae2bc9267e1a3a
SHA1 9ace06927c25c40758c58a7f28bcf6362174fa16
SHA256 a09dc4013d13e0e703e05aab18a7ae0356384113d6157a360c8a05c64edde75d
SHA512 ce6581eb8bdad53c4cd94b2f3f32966bbc33636155da46470228e1dc2932730ddc09bbfa6d033f341fae280be17c692b23835560c412a7090fbf8e738c2dc1f8

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-17 00:27

Reported

2024-10-17 00:30

Platform

win7-20240708-es

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 2716 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2716 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2716 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2716 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2716 wrote to memory of 2836 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 740 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe
PID 2800 wrote to memory of 1028 N/A C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EDownloader.exe"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/Uid "S-1-5-21-3551809350-4263495960-1443967649-1000"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"Spain\",\"Pageid\":\"\",\"Timezone\":\"GMT-00:00\"}"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.Exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"2\",\"Errorinfo\":\"4\",\"Result\":\"Failed\"}"

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\InfoForSetup.exe

/SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Elapsedtime\":\"2\",\"Errorinfo\":\"1004\",\"Result\":\"result_fail\"}"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.easeus.com udp
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp
GB 13.224.81.92:80 download.easeus.com tcp
US 8.8.8.8:53 easeusinfo.us-east-1.log.aliyuncs.com udp
GB 13.224.81.92:80 download.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
GB 13.224.81.92:80 download.easeus.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp
US 47.252.97.212:80 easeusinfo.us-east-1.log.aliyuncs.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 efc5dd69c76c9242e80a64e30c1a6838
SHA1 60a58825144816fb17a0a85471f039f7ea4a64a9
SHA256 7d80ccd284bd0ec7f1039618493d6d46db84212657932c1360867b24fe36cd6f
SHA512 19393e135fb18ad26848edfd38caeb386abc51c35ff5ce3a171a995a983ba0b975e30c4df77e0dc9a88f0298594eaa51dc468a4d93457ded993693236ddcbe27

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 e6fd601a122a2fa0c48518cd10774c56
SHA1 8f6e544caa34bc693a193c4d665ab79179aa6b57
SHA256 37bca74ce883f5ad6422de2358586b77db8c54ee331d19b27c3486e80ae821e6
SHA512 3127cdaf6097f2ceaac88800ecf5e2ca590296a8f6e356fcee62ef451d94f808ecb0453b8cad5160bc99ca0efd7128ce3024f71957006b27cd5bac07f99cf1ec

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EasyLog.log

MD5 eaaf1fa99f898d89e7bd488479d17b1f
SHA1 ae5f0f4162cf6975a64d96a8b18dcbadd38ab634
SHA256 ae7d468aa05506d726b9f6873c7049c4cf900e039e0d9dfd87d5681f2c66a07d
SHA512 0f74b030e8c3bc5fb1a1aff6a00064dd609062f99f916e063f50aae600a9ec0987094e0035c957581b722e640065d08b2c3de033f5a96b2e019e401f608b318d

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EasyLog.log

MD5 7b92d69fd825c846b43f667310134478
SHA1 8400ba8933c3ebed6e7ab910282d18ed4db92f34
SHA256 f849c7b42ce79d72e0a6b8a111867496953824d0553d78e0453fc9e0788f0ebc
SHA512 461e538f9704d0a87c260ec3452175a9905d8da393727229284d04f0db0f9428bb020e3dc0650f2215b570d2b9b7970c8c1fb449b401813bc63d04481e93cace

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\EasyLog.log

MD5 7971b4687475c3a9c631fa723caa4bd8
SHA1 800bd7c8e42350a26011341b215d61423e471044
SHA256 d1b211bbbb8ca24bb325a88b4b5918c7a9f5758abf19330d7da60bb2b53a47cc
SHA512 b6b8f7590322e2da3a8f0a495e6b5618465a20f890c04a45cc1926e72c11485f075eaec033ce76f46e6fe613552379fa2304ee2c3f9d95f323875f9f74e0dc85

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 787b065a119199e4aee915d1a8df8ac0
SHA1 c23c49adbc48739c6a02114a08fb1d1764f4dcac
SHA256 df115fe9dfb578d4f40023a7f582ba27ed4b27a5e07cf334f29de8686fe4e371
SHA512 700ac749551302e4ed33d7a9ae35e8239a4b9f4e22f50002ffac71e1a5b447751049402d2d8217f40298e634b90dee59d472c4927f52099599b1e3c3ad95c42e

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 d65ea776d7b53ff405effdbf53c786f7
SHA1 d88d612224af3278530794b6900197eeefef3e47
SHA256 b7a006c4c8cfa20a0549c0c38a571a0e3b4228e13c22ec2bcbe976aeb2f87c69
SHA512 ce5a98407ea9a401eeb228a4f469aeac87cb357494388d0cc36591513c2de49f6716463993460f0c93e55d4a0f982e65aa2931d9c564eeba380bc31b87387daa

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 79185712ba973c6c7f7fda9a63671f02
SHA1 e02a2b0897371e8e0c48093bfc082b6a22b66412
SHA256 5962b9851ac525c5b4eb31c4b0bd2ee6962644b8592d098a3cae125996f8115f
SHA512 66b3c8b950f134c112526237191385fd77b70b0ede1924b9ca4c57ac0dfc748dadc73e90ecb43e7911c838b7482e5d76ca5d6b99012bd3c7fe29891ceaa8e2c6

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-17 00:27

Reported

2024-10-17 00:30

Platform

win7-20240708-es

Max time kernel

122s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrap.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 264

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-10-17 00:27

Reported

2024-10-17 00:30

Platform

win7-20240903-es

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe

"C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunWrapExe.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 track.easeus.com udp
HK 8.218.236.152:80 track.easeus.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\AliyunConfig.ini

MD5 6daf4bb7b19c258cf31f9385cb48d9fa
SHA1 592085ce4fd2624d08d20bda09ccb558d73f0074
SHA256 466393d0ac21105fb3f39e42eeaa8ed0e09ed54d602d4341393927dfc0326519
SHA512 9066b56998bcf784d3c62d9f0fac6e343936d61a94ff0277fb8b30ea1b5eb2880b3683c78e9b6646986d1fc290145ce724ea8731ebb4606c8466acb601051ef5

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\tempInfo.web

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Temp\$TEMP\downloader_easeus\13.0\4trial\aliyun\DataFile.ini

MD5 7f411750d07619f38537e7fd612b8b44
SHA1 cda241a1ce5141288582c8f0ac4850992b427bdc
SHA256 ae89726af2bd0c0218fbf63af20d4464f44dced5156364d817b6e73afc8e9f87
SHA512 35dad46325060004a66e01e10af6a3ebfd94b6751347b6ec64840c4ec03d81480fc324494ea39dded03bf2f1a1ce352b15ab518d14214c15567af17fb32f16b8