Malware Analysis Report

2025-08-10 19:58

Sample ID 250630-w2ff9s1xhy
Target https://url2.3u.com/MNBBfyaa
Tags
defense_evasion discovery persistence privilege_escalation spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://url2.3u.com/MNBBfyaa was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation spyware stealer upx

Modifies firewall policy service

Downloads MZ/PE file

Reads user/profile data of web browsers

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Checks BIOS information in registry

Modifies file permissions

Enumerates connected drives

Drops desktop.ini file(s)

Adds Run key to start application

Checks installed software on the system

Blocklisted process makes network request

Drops file in System32 directory

UPX packed file

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies registry class

Suspicious use of SendNotifyMessage

Checks processor information in registry

Checks SCSI registry key(s)

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-30 18:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-30 18:24

Reported

2025-06-30 18:32

Platform

win10v2004-20250619-en

Max time kernel

458s

Max time network

454s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.3u.com/MNBBfyaa

Signatures

Modifies firewall policy service

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules C:\Program Files\Bonjour\mDNSResponder.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules C:\Program Files\Bonjour\mDNSResponder.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\iTunes\iTunes.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files\3uToolsV3\3uTools.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files\iTunes\iTunes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000\Control Panel\International\Geo\Nation C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\updater.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A F:\3uToolsV3\Other\iTunes(12.12.9.4).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP490.TMP\SetupAdmin.exe N/A
N/A N/A C:\Program Files\Bonjour\mDNSResponder.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesHelper.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesHelper.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesVisualizerHost.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
N/A N/A C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
N/A N/A C:\Program Files\Bonjour\mDNSResponder.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper = "\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Bonjour\desktop.ini C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Bonjour\desktop.ini C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\iTunes\iTunes.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files\iTunes\iTunes.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\jdns_sd.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\SET7305.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\AppleUSB.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\SET7318.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleKmdfFilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\AppleKIS.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\dns-sd.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\SET7316.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\AppleUsb.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\dnssd.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\dns-sd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\SET58A7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSMInterface.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\SET7317.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUSB.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsb.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\AppleKISInterface.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\SETA3D8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\AppleKIS.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\SET7315.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\SETA3D7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\AppleKIS.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\SET58B9.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\dnssd.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\SET58B7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\AppleKmdfFilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsbFilter.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\jdns_sd.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ae647e7a-8252-594b-b96a-6ee1da1ffb58}\SET6A9A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ae647e7a-8252-594b-b96a-6ee1da1ffb58}\AppleRSM.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f}\SET7315.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleLowerFilter.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\dns-sd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\dnssdX.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\SETA3D9.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ae647e7a-8252-594b-b96a-6ee1da1ffb58}\SET6A9C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e939cbb8-0c6c-0b45-bc19-f428dbc1158f} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\SET58B8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ae647e7a-8252-594b-b96a-6ee1da1ffb58}\SET6A89.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\SETA3FA.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKISInterface.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\dns-sd.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{77eef5ec-3279-8e48-9090-6a077604c9b8}\SETA3FA.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\dnssdX.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\dnssdX.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\dnssdX.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{56fe5647-79a6-1746-9195-089833eb5c78}\SET58A7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ae647e7a-8252-594b-b96a-6ee1da1ffb58}\SET6A89.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ae647e7a-8252-594b-b96a-6ee1da1ffb58}\SET6A9C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.sys C:\Windows\system32\DrvInst.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ca.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Models\TimelineRecord.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\ru.lproj\iPod touch License.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\fr.lproj\PrintingTemplates\11.Insert.TextOnlyBW.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\th.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\ProbeSetDetailsSection.js C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\WebView2Loader.dll C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\Common Files\Apple\Mobile Device Support\icudt62.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\BootstrapScriptTreeElement.css C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\uk.lproj\iTunesExtraGridView.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\PrintingTemplates\04.Playlist.Custom.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\da.lproj\PrintingTemplates\14.Insert.LargePlaylistBW.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pl.lproj\StoreBlankBuyButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\en_AU.lproj\ViewLineItemRatingE_dark.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\id.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\th.lproj\genresLoc.plist C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ca.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pl.lproj\License.rtf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\translations\qtbase_es.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\hu.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\MediaTimelineOverviewGraph.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\CoreFoundation.resources\ko.lproj\Error.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\AVFoundationCF.resources\cs.lproj\AVCFMediaSelectionOption.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\tr.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\3uToolsV3\locales\tools_tr.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ko.lproj\Error.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.Resources\uk.lproj\SoftwareUpdateLocalized.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\FindBanner.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\en_AU.lproj\ViewLineItemiTunesExtras.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\Foundation.resources\en.lproj\EncodingNames.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\CoreFoundation.resources\es.lproj\Error.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\en_AU.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\translations\qtwebengine_en.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.Resources\vi.lproj\SoftwareUpdateLocalized.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\tr.lproj\StorePreOrderButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\zh_CN.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\hi.lproj\iPad License.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Models\PropertyDescriptor.js C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\uk.lproj\Error.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\3uToolsV3\translations\qtbase_fr.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\sk.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pl.lproj\StoreViewButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\MediaAccessibility.resources\it.lproj\ProfileNames.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Images\EventPlay.svg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\ja.lproj\ViewLineItemSubscribe.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\Apple\Mobile Device Support\CFNetwork.resources\en_GB.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\Apple\Mobile Device Support\CFNetwork.resources\he.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\fi.lproj\TextStyles.plist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pt.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.resources\Info.plist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\hi.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\uk.lproj\ViewLineItemRatingE.png C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\translations\qtwebengine_locales\hi.pak C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\es.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Models\RecordingFrame.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\ar.lproj\PrintingTemplates\08.Insert.Mosaic.xml C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.IE.client.resources\English.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5148_157293051\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files\3uToolsV3\cache\ToolBoxSetting.json C:\Program Files\3uToolsV3\3uTools.exe N/A
File created C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.Resources\hu.lproj\SoftwareUpdateLocalized.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pl.lproj\PrintingTemplates\11.Insert.TextOnlyBW.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Protocol\InspectorBackend.js C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vccorlib140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a18ba.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFCFE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3905.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a18b4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\RichText.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9184.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{76420BC2-0A88-4483-BDB1-0DD97DFF3163} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a18bc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA954.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE893.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE8D3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI92C4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1D9B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI41C6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI91D8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB26.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a18ba.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2F4B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53E3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE65.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAB68.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC34.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B3C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICC86.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\Installer.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C27.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a18b0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a18b5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI12BD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\RichText.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4BE1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI40EA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2D42.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{B292D163-23D2-4523-A699-1ABEC1875609}\Installer.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3E38.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI92B3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\iTunes.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a1a36.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI436D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI2E7D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vccorlib140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA19B.tmp C:\Windows\system32\msiexec.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP490.TMP\SetupAdmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\3uToolsV3\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Program Files\3uToolsV3\3uTools.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\iTunes\iTunes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\iTunes\iTunes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Environment C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Apple Inc.\ASL\filenames C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Apple Inc. C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\ C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.italss\ = "URL:iTunes Audio Live Stream Secure" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{788D599D-FE85-4142-9B47-2498C5C6D0CF}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D7FE99-7868-4CC7-AD9E-ACFD70D09566}\TypeLib\ = "{9E93C96F-CF0D-43F6-8BA8-B807A3370712}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.aiff\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDRecord.1 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\ProgID\ = "Bonjour.DNSSDRecord.1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2692A9D5-61DF-46D5-A5A1-A6CCA921D578}\ProgID\ = "SoftwareUpdate.ASUController.1" C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9DD6680B-3EDC-40DB-A771-E6FE4832E34A}\TypeLib\Version = "1.d" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\itms\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\VersionIndependentProgID\ = "Bonjour.DNSSDService" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7F7E1C5D-4D91-48C9-B09E-3E45D502FFA0}\ = "IASUTaskScheduler" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.m4b\PerceivedType = "audio" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.itls C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itls\ = "URL:iTunes Live Stream" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\itunesradio\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9D58BF1-0070-4fcd-B722-A0EE5A3ABCD6}\ = "iTunesAdminInstallTalkBackVoiceKit Class" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000_Classes\PlistEditor.plist\shell\3uTools\command C:\Program Files\3uToolsV3\3uTools.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{53AE1704-491C-4289-94A0-958815675A3D}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{206479C9-FE32-4F9B-A18A-475AC939B479}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.aa\Content Type = "audio/audible" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.itdb C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{B8DF592B-DE05-49f5-BB21-084F548F12A9}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\NumMethods C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\ = "DNSSDRecord Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP490.TMP\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\ProgID\ = "OutlookChangeNotifier.Connect.1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}\Elevation\IconReference = "@C:\\Program Files (x86)\\Apple Software Update\\SoftwareUpdateAdmin.dll,-101" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{422CA428-AACB-496A-8FDD-86758BCFB756}\ = "_IASUControllerEvents" C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.m4a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{CF4D8ACE-1720-4FB9-B0AE-9877249E89B0}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.cda\shell\open\ = "&Open" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.itlp\Content Type = "application/x-itunes-itlp" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.itls C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.italss\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itsradio C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itsradio\shell\open\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /url \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}\TypeLib C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Bonjour.DLL C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppleSoftwareUpdateAdmin.ASUTaskSched.1\CLSID\ = "{BB46F03E-7CD2-489F-8F95-BB950F395FDB}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{755D76F1-6B85-4CE4-8F5F-F88D9743DCD8}\ProxyStubClsid32 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.rmp\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\pcast\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{788D599D-FE85-4142-9B47-2498C5C6D0CF} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1567862796-3850854820-1319363977-1000_Classes\3uViewer.heic\shell\open\ = "打开(&O)" C:\Program Files\3uToolsV3\3uViewer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.itlp\shell\open\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.italss\shell\open C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.itms\OpenWithProgIds\iTunes.itms C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}\Elevation\Enabled = "1" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4v\AppUserModelID = "Apple.iTunes" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.cdda\shell\play C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mp2\OpenWithProgIds\iTunes.mp2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mpeg\ = "iTunes.mpeg" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.wav\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\itlss\ = "URL:iTunes Live Stream Secure" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itls\shell\open\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /url \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ = "DNSSDService Class" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.itdb\ = "iTunes.itdb" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{755D76F1-6B85-4CE4-8F5F-F88D9743DCD8}\ = "IITTrackCollection" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.aa\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.AssocProtocol.itvls\DefaultIcon C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SYSTEM32\takeown.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: 33 N/A F:\3uToolsV3\Other\iTunes(12.12.9.4).exe N/A
Token: SeIncBasePriorityPrivilege N/A F:\3uToolsV3\Other\iTunes(12.12.9.4).exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\updater.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A F:\3uToolsV3\Other\iTunes(12.12.9.4).exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesVisualizerHost.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5148 wrote to memory of 5880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 5880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 2824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 3256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5148 wrote to memory of 6012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.3u.com/MNBBfyaa

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x308,0x7ffb693ef208,0x7ffb693ef214,0x7ffb693ef220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1936,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5604,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6492,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6492,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6648,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6740,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5336,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5012,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6812,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:8

C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe

"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"

C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe

"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6248,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files\3uToolsV3\3uTools.exe

"C:\Program Files\3uToolsV3\3uTools.exe"

C:\Program Files\3uToolsV3\updater.exe

"C:\Program Files\3uToolsV3\updater.exe" /background

C:\Program Files\3uToolsV3\3uViewer.exe

3uViewer.exe /reg 1

C:\Program Files\3uToolsV3\3uViewer.exe

3uViewer.exe /reg 2

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fbc78d81-fb15-3041-88da-340ff7219b3b}\AppleKIS.inf" "9" "4639b046f" "0000000000000148" "WinSta0\Default" "00000000000000E8" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6892,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:8

F:\3uToolsV3\Other\iTunes(12.12.9.4).exe

"F:\3uToolsV3\Other\iTunes(12.12.9.4).exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\IXP490.TMP\iTunes64.msi" INSTALL_SUPPORT_PACKAGES=1

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding C16E0B7B3E2683F2F99BE9A2E08FE786 C

C:\Users\Admin\AppData\Local\Temp\IXP490.TMP\SetupAdmin.exe

"C:\Users\Admin\AppData\Local\Temp\IXP490.TMP\SetupAdmin.exe" /evt E576 /pid 2188 /mon 776 796

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding DB5754DC776E38D69726477154F168F4

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3B4358642776EBB778DB37C420B6DE38

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2D54C7BD48277645F90ACD705AB3B6CF E Global\MSI0000

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"

C:\Program Files\Bonjour\mDNSResponder.exe

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2AFB6550136A970802686F6CDD055EB0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=1444 /prefetch:8

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding C56D117B8642F72BB7CF63F4657683DD

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9DFB8300761028CC1BC9334B2773D94B E Global\MSI0000

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D0F243B1FA266D4DC4EB119E21C336E2

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Apple Software Update\ScriptingObjectModel.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" /RegServer

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CDF5F4D44DE4A64D8A91684AEC59A089 E Global\MSI0000

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 55B087286761379EFC336B2A2557E350

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F528F6303C3AC3DBD1966F3D2AF53B77

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 6D0CB97524E3B67D475025552AC7C266 E Global\MSI0000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 49C404FDFED74F719EAF11F2B7F04B03 E Global\MSI0000

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files\iTunes\iTunesHelper.exe

"C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files\iTunes\iTunesHelper.exe

"C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files\iTunes\iTunes.exe

"C:\Program Files\iTunes\iTunes.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x50c 0x514

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\31189484-672536709193264068 --parentPipe

C:\Program Files\iTunes\iTunesVisualizerHost.exe

"C:\Program Files\iTunes\iTunesVisualizerHost.exe"

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -Embedding

C:\Program Files\3uToolsV3\QtWebEngineProcess.exe

"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --no-sandbox --application-name=3uTools --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files\3uToolsV3\QtWebEngineProcess.exe

"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=1592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6908,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6876 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 08DFF28746996E503E88B3018A577382

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\31189484-36739540085164068 --parentPipe

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding D6AF4E406038939370EE75241D3BD2EB

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 7C0FBA029C0CD1C8D1DF023D8D13F899

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D1CA7AC088E0ED70EE415FF6C5C79692

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Z "C:\Program Files\Bonjour\mdnsNSP.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Z "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B8DA5FCDD07A77B4D1DA4D1C0F88244C E Global\MSI0000

C:\Windows\SYSTEM32\sc.exe

sc start DeviceInstall

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\SYSTEM32\sc.exe

sc start DsmSvc

C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe

"C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe" x "F:\3uToolsV3\Other\iTunes(12.12.9.4).exe" -aoa -o"C:\Users\Admin\AppData\Local\Temp\3uTools\iTunes(12.12.9.4)"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2560,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding EF8FAE77A3DDE4C2F700F63D4BF9F211

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 414B1CDFAC7810BF547A077BE8F2388E

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6832,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:8

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\31189484-324681363104068 --parentPipe

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1B49205B36AF94897E09132BCEDAE2E2 E Global\MSI0000

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding A0A6B3A403D3B558F2637FF9F3AF7C87

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6136EC480B2175726575403B8DF8D22C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AE62E871A819DF38AEF5520C3C27D54D E Global\MSI0000

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"

C:\Program Files\Bonjour\mDNSResponder.exe

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f3cd8916-3926-f940-85c3-bdcc638b2e39}\usbaapl64.inf" "9" "452eabb2f" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f73144df-140b-4d42-bd63-83d744610702}\AppleRSM.inf" "9" "4c7809927" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e33b54c3-25f0-154a-9748-0d8d9a4730c5}\AppleUsb.inf" "9" "4ca0613ab" "000000000000015C" "WinSta0\Default" "0000000000000154" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=ertuba.exe ertuba.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch "https://www.bing.com/search?q=ertuba.exe ertuba.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7016,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7028,i,15112852695820941728,14205983311816007075,262144 --variations-seed-version --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffb693ef208,0x7ffb693ef214,0x7ffb693ef220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2284,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1980,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4412,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=ertuba.exe ertuba.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4900,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4908,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,5046204365260046424,1844397178077837587,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffb693ef208,0x7ffb693ef214,0x7ffb693ef220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2360,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2412,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4484,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\31189485646986119206044068 --parentPipe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4568,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4556,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2812,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4548,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,4798115160278834007,9934904438192300051,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:8

C:\Program Files\3uToolsV3\QtWebEngineProcess.exe

"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4040 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 url2.3u.com udp
US 8.8.8.8:53 url2.3u.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.27.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
GB 38.175.44.18:443 url2.3u.com tcp
GB 38.175.44.18:443 url2.3u.com tcp
US 8.8.8.8:53 dl.3u.com udp
US 8.8.8.8:53 dl.3u.com udp
FR 43.152.186.225:443 dl.3u.com tcp
FR 43.152.186.225:443 dl.3u.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 84.201.209.102:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 tools.3u.com udp
GB 79.133.176.220:443 tools.3u.com tcp
N/A 127.0.0.1:51575 tcp
N/A 127.0.0.1:51594 tcp
GB 79.133.176.220:443 tools.3u.com tcp
N/A 127.0.0.1:51597 tcp
US 8.8.8.8:53 url.3u.com udp
GB 138.113.101.15:443 url.3u.com tcp
US 8.8.8.8:53 app4.i4.cn udp
US 8.8.8.8:53 url.i4.cn udp
CN 47.99.89.159:443 url.i4.cn tcp
CN 120.55.197.60:443 app4.i4.cn tcp
GB 138.113.101.15:443 url.3u.com tcp
US 8.8.8.8:53 url2.3u.com udp
GB 138.113.101.15:443 url.3u.com tcp
GB 79.133.176.220:443 tools.3u.com tcp
GB 138.113.101.15:443 url.3u.com tcp
US 8.8.8.8:53 ios-pclog.3u.com udp
GB 138.113.101.15:443 url.3u.com tcp
GB 79.133.176.220:443 tools.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 38.175.44.15:443 url2.3u.com tcp
US 8.8.8.8:53 dl-image.3u.com udp
US 8.8.8.8:53 d-updater.3u.com udp
US 8.8.8.8:53 d.updater.3u.com udp
FR 43.152.186.225:443 dl-image.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 138.113.101.15:443 url.3u.com tcp
GB 138.113.101.15:443 url.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 168.235.193.215:443 d.updater.3u.com tcp
GB 168.235.193.215:443 d.updater.3u.com tcp
N/A 127.0.0.1:51620 tcp
N/A 127.0.0.1:51622 tcp
US 8.8.8.8:53 www.zzzplay.bio udp
GB 168.235.193.210:80 d.updater.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
GB 168.235.193.215:443 d.updater.3u.com tcp
GB 138.113.101.15:443 url.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:51627 tcp
N/A 127.0.0.1:51635 tcp
N/A 127.0.0.1:51637 tcp
N/A 127.0.0.1:51639 tcp
N/A 127.0.0.1:51641 tcp
N/A 127.0.0.1:51646 tcp
N/A 127.0.0.1:51648 tcp
N/A 127.0.0.1:51652 tcp
N/A 127.0.0.1:51657 tcp
N/A 127.0.0.1:51659 tcp
N/A 127.0.0.1:51661 tcp
N/A 127.0.0.1:51663 tcp
N/A 127.0.0.1:51665 tcp
N/A 127.0.0.1:51669 tcp
N/A 127.0.0.1:51674 tcp
N/A 127.0.0.1:51676 tcp
N/A 127.0.0.1:51679 tcp
N/A 127.0.0.1:51687 tcp
N/A 127.0.0.1:51708 tcp
N/A 127.0.0.1:51711 tcp
N/A 127.0.0.1:51719 tcp
N/A 127.0.0.1:51726 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:51750 tcp
N/A 127.0.0.1:51753 tcp
N/A 127.0.0.1:51757 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.215:443 d.updater.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
US 8.8.8.8:53 www.3u.com udp
GB 174.35.118.63:443 www.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 174.35.118.63:443 www.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 174.35.118.63:443 www.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:51764 tcp
N/A 127.0.0.1:51770 tcp
N/A 127.0.0.1:51777 tcp
N/A 127.0.0.1:51780 tcp
N/A 127.0.0.1:51787 tcp
N/A 127.0.0.1:51792 tcp
N/A 127.0.0.1:51797 tcp
N/A 127.0.0.1:51804 tcp
N/A 127.0.0.1:51807 tcp
N/A 127.0.0.1:51813 tcp
N/A 127.0.0.1:51820 tcp
N/A 127.0.0.1:51824 tcp
N/A 127.0.0.1:51828 tcp
N/A 127.0.0.1:51835 tcp
N/A 127.0.0.1:51840 tcp
N/A 127.0.0.1:51845 tcp
N/A 127.0.0.1:51850 tcp
N/A 127.0.0.1:51855 tcp
N/A 127.0.0.1:51860 tcp
N/A 127.0.0.1:51867 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:51941 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:51966 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:51978 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:51992 tcp
N/A 127.0.0.1:51994 tcp
GB 138.113.101.15:443 www.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:51999 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:52003 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
US 8.8.8.8:53 dl.3u.com udp
FR 43.152.186.225:443 dl.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 138.113.101.15:80 www.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
US 8.8.8.8:53 secure-appldnld.apple.com udp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
US 8.8.8.8:53 yfv6ssx-pc.i4.cn udp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:52009 tcp
N/A 127.0.0.1:52013 tcp
N/A 127.0.0.1:52026 tcp
N/A 127.0.0.1:52033 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:52096 tcp
N/A 127.0.0.1:52099 tcp
N/A 127.0.0.1:52106 tcp
N/A 127.0.0.1:52111 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
CN 121.199.63.222:14929 yfv6ssx-pc.i4.cn tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:52153 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
N/A 127.0.0.1:52174 tcp
N/A 127.0.0.1:52187 tcp
N/A 127.0.0.1:52195 tcp
N/A 127.0.0.1:52219 tcp
N/A 127.0.0.1:52289 tcp
N/A 127.0.0.1:52312 tcp
N/A 127.0.0.1:52328 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
N/A 127.0.0.1:52400 tcp
N/A 127.0.0.1:52405 tcp
N/A 127.0.0.1:52410 tcp
N/A 127.0.0.1:52415 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
CN 121.199.63.222:14929 yfv6ssx-pc.i4.cn tcp
N/A 127.0.0.1:52518 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:51666 udp
N/A 127.0.0.1:5354 tcp
N/A 127.0.0.1:5354 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:65303 udp
US 8.8.8.8:53 ios-pclog.3u.com udp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:57792 tcp
N/A 127.0.0.1:57795 tcp
US 8.8.8.8:53 albert.apple.com udp
US 17.32.214.169:443 albert.apple.com tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:61046 udp
N/A 127.0.0.1:5354 tcp
US 8.8.8.8:53 c12850432.mgr.gcsp.cddbp.net udp
IE 52.16.249.199:80 c12850432.mgr.gcsp.cddbp.net tcp
IE 52.16.249.199:80 c12850432.mgr.gcsp.cddbp.net tcp
US 8.8.8.8:53 c9854976.mgr.gcsp.cddbp.net udp
IE 52.16.249.199:80 c9854976.mgr.gcsp.cddbp.net tcp
US 8.8.8.8:53 init-p01st.push.apple.com udp
GB 2.22.144.37:80 init-p01st.push.apple.com tcp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 crl.apple.com udp
DE 17.253.15.202:80 crl.apple.com tcp
N/A 127.0.0.1:5354 tcp
N/A 127.0.0.1:57892 tcp
N/A 127.0.0.1:57894 tcp
N/A 127.0.0.1:57896 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:57905 tcp
US 8.8.8.8:53 s.mzstatic.com udp
US 8.8.8.8:53 swcatalog.apple.com udp
GB 184.26.80.220:443 swcatalog.apple.com tcp
US 8.8.8.8:53 swdist.apple.com udp
GB 184.26.80.220:443 swdist.apple.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 app-pcres.3u.com udp
GB 138.113.101.15:443 app-pcres.3u.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 138.113.101.15:443 app-pcres.3u.com tcp
GB 138.113.101.15:443 app-pcres.3u.com tcp
GB 138.113.101.15:443 app-pcres.3u.com tcp
GB 138.113.101.15:443 app-pcres.3u.com tcp
GB 138.113.101.15:443 app-pcres.3u.com tcp
N/A 127.0.0.1:58213 tcp
N/A 127.0.0.1:58243 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 dl-image.3u.com udp
US 8.8.8.8:53 is1-ssl.mzstatic.com udp
US 151.101.3.6:443 is1-ssl.mzstatic.com tcp
US 151.101.3.6:443 is1-ssl.mzstatic.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
US 8.8.8.8:53 is3-ssl.mzstatic.com udp
US 8.8.8.8:53 is2-ssl.mzstatic.com udp
US 8.8.8.8:53 is5-ssl.mzstatic.com udp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 app-pcres.3u.com udp
N/A 127.0.0.1:58269 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:58272 tcp
US 8.8.8.8:53 url.3u.com udp
N/A 127.0.0.1:58274 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 163.171.130.132:443 url.3u.com tcp
N/A 127.0.0.1:58278 tcp
US 8.8.8.8:53 dl.3u.com udp
FR 43.152.186.225:443 dl.3u.com tcp
GB 163.171.130.132:80 url.3u.com tcp
N/A 127.0.0.1:58281 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:58445 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:58462 udp
US 8.8.8.8:53 sf.symcd.com udp
GB 2.22.142.222:80 sf.symcd.com tcp
US 8.8.8.8:53 sf.symcb.com udp
GB 2.22.142.222:80 sf.symcb.com tcp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 ios-pclog.3u.com udp
GB 163.171.130.132:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:62386 tcp
GB 163.171.130.132:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:63009 tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.69:443 login.microsoftonline.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
GB 2.18.27.76:443 www.bing.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.76:443 th.bing.com udp
GB 2.18.27.82:443 th.bing.com udp
US 8.8.8.8:53 cdn.sapphire.microsoftapp.net udp
US 8.8.8.8:53 cdn.sapphire.microsoftapp.net udp
US 13.107.246.64:443 cdn.sapphire.microsoftapp.net tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.2:443 login.microsoftonline.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 84.201.209.102:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 ios-pclog.3u.com udp
GB 163.171.130.132:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:63870 tcp
GB 163.171.130.132:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:63885 tcp
N/A 127.0.0.1:63918 tcp
GB 163.171.130.132:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 app-pcres.3u.com udp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
US 8.8.8.8:53 d-ring.3u.com udp
US 8.8.8.8:53 d-paper.3u.com udp
GB 163.171.129.134:443 d-paper.3u.com tcp
GB 163.171.129.134:443 d-paper.3u.com tcp
GB 163.171.129.134:443 d-paper.3u.com tcp
GB 163.171.129.134:443 d-paper.3u.com tcp
GB 163.171.129.134:443 d-paper.3u.com tcp
GB 163.171.129.134:443 d-paper.3u.com tcp
GB 163.171.146.42:443 d-paper.3u.com tcp
GB 163.171.146.42:443 d-paper.3u.com tcp
GB 163.171.146.42:443 d-paper.3u.com tcp
GB 163.171.146.42:443 d-paper.3u.com tcp
GB 163.171.146.42:443 d-paper.3u.com tcp
GB 163.171.146.42:443 d-paper.3u.com tcp
N/A 127.0.0.1:63944 tcp
GB 163.171.130.132:443 d-paper.3u.com tcp
US 8.8.8.8:53 app-pcres.3u.com udp
N/A 127.0.0.1:63948 tcp
GB 163.171.130.132:443 d-paper.3u.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 07366d71fc96955d98051d1d2ba7cabe
SHA1 923a8f8c40bb068daad27f1b8ae99e243c474d1c
SHA256 6c3c6f617c420e34874d49c38a1e4f4ce040ce84fdea22ccd1232248c9340fc0
SHA512 5a704ef6f810395607c4d6161a87e7d11bf738f1b1fb8fc8933d138048a127d2f431c7ade1323accd71bfc0f54f5bc1e71daa4b5b6d46ff0a89a48acd9b6502e

\??\pipe\crashpad_5148_RTRJVCNVBWIYCSQD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 af2e2f9069d6700662fc4f42db923f9b
SHA1 34cfa6edec5d4885a6e3a5a23af378179eb3a982
SHA256 5839491ee2723c853670d5c0d304a0c8ab8ffd530e8c9ae5b45b5fa054b02667
SHA512 84fc0f8ff9aee9e6322d433931eccc233123179f8165f58de0c62dfb63d7891312f8d3799710e6aba4a25f8b5f836b2aa9092a9a9bf4fc2c6bba490615fe44a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 1779e1e20a36c62258d562dd7e68ef2a
SHA1 2fef6ce745bc67dc4e05696c7e1d5c92c06a1a94
SHA256 cb08415f6abbfb6c4c98aa24d0de0433c667c83fca2d789f0cd020372e5c9979
SHA512 a2ee8db8e39217793dd0070c20006ec753f85d8110457320ba9acdecffdf89d343d3cd2eaaeb3ed3bb0d7d71061ab955d2e76d94cb097e75df10532b161ea6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 9ab1d4d788fa7112abadd8ea94a5799a
SHA1 068c1f7a8008b6e9321db8992861444bfe6f3e7f
SHA256 6188879327d79cd87b295a8706fa510c83e89a9caeb4f44ca0859a9a6e415d64
SHA512 10afe534e05fbdfba56a27fa1b29630661d0ebba2fccd762dfbbea8eb08b3feef322cacab988c9e60e88e26366f4998d710945c11efa9de950b21c0035b47417

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70ba9fe0dc15ddfe5a2bd9c05f7f8ba4
SHA1 945b5a2ab807c4e6afd020c88f64233e2ca936c5
SHA256 4efa604bef60cdcbaebf8a53991a30221c6510795592ddd368b394438d0174f9
SHA512 e41bae25a42bb98d8833f43ee348db7c33043d54c19821d38bf8a1b77df7b8931f3591d95e2e17a2af1beb544d128e181cc7ef7abdad20b7730f7899d4c2a68b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab0f1a00-923f-47a3-b432-c08c6ef11fd4.tmp

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cccfbf16d8d23244c70c2dc79928d62e
SHA1 fcef768fe8a59bde87dfd9fb9a69e8694b6bb6fe
SHA256 25deeae0b743e510e301dc8396b15f773141100793a59b56bf17655758004f4f
SHA512 72dbf7e0d87c83c0bf0e588065481a036aa9da2652a220ca5aad5ca1805b603d90beb3eabb8a25d27478545374df2f8572af05f977022806a12dc924b0540aa7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 4850caf2a0f02db4d6a3b567163c594b
SHA1 d2efeb8a6f4ae38936da3de1427efdf38ac2d1c0
SHA256 89528506704a15e614f729dbd1864aa90a79390d308e4b1acaf1a9c3a3c53650
SHA512 c1eab170cf1456d803a395e8aacfa571467858b227b12dc600058d4654884c2cb16bb912281d62682982615995d85635216e9af8ccd1adb106426442394baad3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e0dacf1f4dfb9065ca2411216652d844
SHA1 cb9e5a8929014cc9be02e7b843976c8bff55d040
SHA256 28463acaa3462797b5b8c42c8209fa3954ab5ed19042851aead6faaab1b8331b
SHA512 77052baf2dcfbbd219857781fb426b0c135a020b4197d95b1ef16e17590883ca69088bb1d7897113dd158564d35834008cbab5e82f87f7a32a698c3f822f849e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 e4f09e7b391a3e28fb948686a1f16220
SHA1 9baf223c4f549ce8d7d2ba9772fc07a25dd5f1b5
SHA256 4d112049ca6c0f82d4df11344f69e9eec7325950f9f8fc89850dea82ea8b53f6
SHA512 2f45b1615e30ec665dacb66759500d1606f3efc4d45814b15e3ad57609f594f4916e02549b159fbd029d202c12ec9779623a15af2645b3156c7674ba987204cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f09db186-80da-44b6-a4ce-249a73f0186a.tmp

MD5 ba61e2360f456d5e7780daa26ba53b4c
SHA1 47e39ec023162eff97d635beb5c35b4f426b459e
SHA256 80734a1d7c2565e4e654132c77e9520923bd69e217cf47264884136fe91cc570
SHA512 7c39ff799b775e87b1cfb698f1173a7d9994ce395395722ebb60bb6032ac6da77343f47cd20e2dbb1b21a032dcc94b6db0ec10637d34cb4b6131bc91b61fb5f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 a6e9d5090df12c4c0cca357041190f5b
SHA1 f0bea5ba5bb7182d746245853bdb3e5e43b6591a
SHA256 5a2b98b0b6d59429ed043b02d8127c702a10dd25787e0d7a54e5b66775d24431
SHA512 8bec197f4b49e0a6a478caed6a599e7fbd0739c7753be483166b0fe085758acb6a00c05b2e4b201cce42410e76387817ba0e050f52730ebc129a9c8ad5cf9f06

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_227858588\deny_domains.list

MD5 085a334bdb7c8e27b7d925a596bfc19a
SHA1 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256 f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512 c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_227858588\manifest.json

MD5 e7314184e67b4501f5048c2e5f181d96
SHA1 f741a8a1b8c18c8d4974f937ef589b134dde5419
SHA256 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a
SHA512 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

C:\Program Files\3uToolsV3\files\bonjour\Bonjour64.msi

MD5 86e2b390629665fbc20e06dfbf01a48f
SHA1 d9f4697a6f4eceea24735822cb1df501268ca0b0
SHA256 46e31e284da64d6c2d366352b8a8abcf7db28d3e2a870d8fcf15c4a6fe0a6dd1
SHA512 05ecd3be5779f39db09329dda4dce0e3c49ac5d3950e92833031622b53542dadbe9e2948df35faeb4c41dbc8e01992935087c4a2975c797bd008ae177f7c3fea

C:\Program Files\3uToolsV3\files\OpenStreetMap\search.png

MD5 a73bcc83dc2729d19d9d0e1eb36bbd96
SHA1 9d15df65438cab48d07ebe7e9359258ff1011423
SHA256 29739779fd76b21175d4ea24d7ded3e057233127062d05c164b9ab4df9e11a3f
SHA512 c37de466294c22c9b3ed6587c639a7d53ae6f5cc8d352931035885191a2fd329dae3ff28d1bdeb363c2c12243505584354acc5f88bb8e21da9c2942d03cacf03

C:\Program Files\3uToolsV3\files\tutorial\ios9trustapp\jquery-1.11.1.min.js

MD5 8101d596b2b8fa35fe3a634ea342d7c3
SHA1 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
SHA256 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
SHA512 9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb

C:\Program Files\3uToolsV3\translations\qtmultimedia_en.qm

MD5 bcebcf42735c6849bdecbb77451021dd
SHA1 4884fd9af6890647b7af1aefa57f38cca49ad899
SHA256 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512 f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

C:\Program Files\3uToolsV3\translations\qt_gd.qm

MD5 d512456777500dc13ef834ed528d3704
SHA1 90a32284052c3fe12c18afec9f7ff56735e2e34b
SHA256 c515dd2a2e00765b5f651aae124a55d617b24777138019abc5a7001da7417561
SHA512 babef929ac600c117967b42389623f352d219a466c484ae68ef3c9da9ff61555875ffb0dafc3e5eada6fb43d37f7afe74a6b6c73458a93ffb42819e1068c9a3b

C:\Program Files\3uToolsV3\translations\qt_he.qm

MD5 26b777c6c94c5aa6e61f949aa889bf74
SHA1 f78da73388c86d4d5e90d19bb3bd5f895c027f27
SHA256 4281c421984772665a9d72ab32276cfe1e2a3b0ebe21d4b63c5a4c3ba1f49365
SHA512 8e02ce06f6de77729aefa24410cbd4bfba2d935ef10dcf071da47bb70d9c5e0969f528bdb3db5cab00e3142d7c573fcf66ea5eb4a2bc557229ad082c0eb1dbcc

C:\Program Files\3uToolsV3\3uTools.exe

MD5 d0537f91590c1122e5aaa5e08de565d4
SHA1 d57923e88709be706b87cbdde7b1053b16e75a2a
SHA256 06cac5a360c086197ffa6bd223b3a9cc18949780c11a888e2b6122f4f7e2d689
SHA512 a721ab6adf39f390cb8ba4a0db5dbdebd9891f3b8d0a3d11a31b57c1da768e0d7f4266dcadcfef2d9bcdbe63d35e6fc6136332c4d4d8bf5c36d4e01d5e010fd7

C:\Program Files\3uToolsV3\Uninstall.exe

MD5 196421661e24c59bd11536f3ad9bd243
SHA1 a59eeed11cf849a76e69c52b35c56fbcfbdde074
SHA256 f1b74d97c627f30df80f2615726561b103659a93e5c9c718bb4ed5b96344d7e6
SHA512 7a358d504b74abbae0a7fa502ee85c87ba528ef01679af6a5fb591e75780cc8b1b4fb9afa11374ce7850d3c195f982a754319a015ee5bec4b4f0ba9a17ed095b

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_157293051\manifest.json

MD5 e6cd92ad3b3ab9cb3d325f3c4b7559aa
SHA1 0704d57b52cf55674524a5278ed4f7ba1e19ca0c
SHA256 63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d
SHA512 172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

MD5 846feb52bd6829102a780ec0da74ab04
SHA1 dd98409b49f0cd1f9d0028962d7276860579fb54
SHA256 124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4
SHA512 c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8bdf9c71990e2bf3dabb2466b9461c3f
SHA1 afb01b770739c4adf43f03355cfaabf766c73ed4
SHA256 8a49421da1dbd21d34dcd06dc18a354ca103110b0d768cf5f55ea1901a9c3d71
SHA512 7bb93d6416757ecbf9736073e78cbb9ad2ac86b98e4343b2e7006b5c6f1835af9f4ceb2f6a7e6c4770836228b20b2b36e5d5b90c10faf7dd2da350b1556ab4a3

C:\Program Files\3uToolsV3\Qt5Xml.dll

MD5 6f8898d2285d5466ec54bda8af8d10b4
SHA1 7238804242aff57aec15acf2351eb507b0111a39
SHA256 2cad1733f9efc647fda9fcbe8cbd188e71e3cedaef0c3c1be07b6530d5727f9e
SHA512 200b2a62ead63232a7753c4b19813209951bdd00a151135a914c121077eb22c9a38ed550ac8842434758be4bbae4b14ba8096417f46ee8c051e589c0c4ec1e80

C:\Program Files\3uToolsV3\idm_other.dll

MD5 970b84cd0bea2555e45d40c1ceddd1c6
SHA1 0223b2da7d0543f4c1cea647916a0c3c368f2c9d
SHA256 2ccfb0ae3fa076fcaf5dd8fb7cd01168b82fe01961804b9ae7bcef7d117dd494
SHA512 39f082294e2030b40cd55a576e62812e21f139f36608511f043b3bc836b453daf03aee84df73073d0c4d08e9eac4d9dd7abd85bebd93186f8d981a92059ef0f9

memory/5316-1714-0x00007FFB448A0000-0x00007FFB44DDD000-memory.dmp

memory/5316-1719-0x00007FF636660000-0x00007FF637359000-memory.dmp

memory/5316-1718-0x00007FFB444B0000-0x00007FFB448A0000-memory.dmp

memory/5316-1716-0x00007FF636660000-0x00007FF637359000-memory.dmp

memory/5316-1717-0x0000000061920000-0x0000000062247000-memory.dmp

memory/5316-1715-0x00007FFB444B0000-0x00007FFB448A0000-memory.dmp

C:\Program Files\3uToolsV3\idm_media.dll

MD5 af4ee552a5363c437fa9a310bcfa6a24
SHA1 c29de8edf94c5e64ab8b04ce180bed2cc21bce93
SHA256 9d4ddeb158cf9715cf08ff4e45a60272d706a6e825212e79fea0d41c815322ea
SHA512 b98472fb6f0a080ebbb5b365928767efc971e60e426b42fd610b3fbd9d35ea7dd38d7c026d2e25ad6c9346adcc75c34b38c735bb2dc533296909ca9a0ed48b48

C:\Program Files\3uToolsV3\idm_jb.dll

MD5 ddab30e12f7de6b8e5f5839ce9abb2fc
SHA1 b3c23abea6677ba1f921da9aa93deb3e0fc65e7f
SHA256 9d879f5eb39b4cc7d262d17219975bab9083992caf67a7fd72b5e48289fbd41c
SHA512 c8225d6269a1f123650ec8d4d1262d21aa56fbe3f0914c79a850a19230752ab3e7266c1c842330658b06deff2d48242cbeed053981e87fbb4c01ab429a1d0fc6

C:\Program Files\3uToolsV3\idm_info.dll

MD5 5c3b95ff2681849b8e59f7bfc80ec186
SHA1 025260bc595c2dcb30946e85ad51389cbde57639
SHA256 8bf68b8f46cd1e1141b8a5c1062b082696c77a3a4942ad504575848761ed0a72
SHA512 7108b708268c1b69b36dceba463e70117d2c4dfa1b9685b8a75ce0ee37b859935706867efc7f362729d2bd8caa3f5d58623203d419abc64f4e57d4abb6220296

C:\Program Files\3uToolsV3\idm_fm.dll

MD5 8c92a3e15d3a619a97baa36d4ef357d9
SHA1 ca23f57dc973c2834e5a2fbc3f23965e7b4e822c
SHA256 79632fdb3e90017ce1774c587066eff264680e807f38faa06b7b357a68a88687
SHA512 5c26d1c0370c0b55a0fb2c617c62eab2c1035db85aeb17164ca650cc3c8d676efbe39215e907c904a5532d90a34bbb955928f8a87e39881fd18d08f3c3c0bf18

C:\Program Files\3uToolsV3\idm_datamgr.dll

MD5 8400f5bd382e4837bcb6ac4d2f5122ce
SHA1 9a961223761f98dd87dd0d23c5562808f48424cd
SHA256 74993e4197c85a9acd48514d81e8b280d1fbc797be6639fade49243fbfb1e2d5
SHA512 d0a1ca6e0d91cd50c0302fb6abb245042e062a2c06a410d95fac27c153eeeb89293fe80a467565aab31827049a4dd302f47b180d141e1502c636552362f8562b

C:\Program Files\3uToolsV3\idm_app.dll

MD5 906ff33f0e6d920dff8fb40c4b77820e
SHA1 fb938d73d455985dab7ffe30612765101f82eb93
SHA256 a626864dc152382e09e0b11019411de039d6fcc244c09010abcfcfde1128c7bd
SHA512 647223bbd4665d54cd790a88b2614b67f4f5b600fbc646517c629843f308ddaac0a25b35132dfaddfcddc4c6f6f4fcd5f8a39d0e6e22d3dfa602f2f174a487e2

C:\Program Files\3uToolsV3\msvcp140.dll

MD5 5cde3aed10412762e83b7fe43694a22b
SHA1 4ffcdf063eafc901105836c27a634530ea614755
SHA256 10ddff48d704c6007e4c2d53fb4856b5e5e79479503366236246a323aaa76e9d
SHA512 fcd7bc262e7bbcbbac9258e31b8d62efb2e601ac1fffac4c86819c8f2aed26fc19403d992a57d48ec92752b2a0a8b04e8204423d6077c7800ea4015f016faa23

C:\Program Files\3uToolsV3\Qt5Core.dll

MD5 60b4635abd67a3040bbc138384a70411
SHA1 b03f6f8426f91ccecfd644ff637eae458429be42
SHA256 8846ea3e4f3fd23e02f616c25a4fac5bda13030ef574608ef84497198a4b0258
SHA512 4de46a3a5b4ba7f9cce001a662df24c15d11ae51919adc3af000c369a11b34eb7e99c477fb3e832640d9bbeaeb245313d895a09a00820a55a8a80f92d844b5ee

C:\Program Files\3uToolsV3\Qt5Concurrent.dll

MD5 d761d30769fb241163c2e30081a6c47c
SHA1 8936afd8a68335ae33cdd8ec918446a1cf7164ea
SHA256 e52e9901cd453adc04442795f507d122d64cdabf3e20cfc2e1aaf30de80259ae
SHA512 b7f3e7fd7cd92f5c3d08b2d8202d76d1a76c31b6d2980e22f43317b3fbe2812018e5bffed15df699ce56e65ddf370d3627145619e011ddeac6d77e61708a975c

C:\Program Files\3uToolsV3\Qt5Network.dll

MD5 ac5afb5d62ef4f569b48b14b94f972af
SHA1 9e02fba0a413d46f242e49307b34879022a3cd7c
SHA256 6f7eabbd07e24f0e0ec5424deb3ddaa31a14fd2e80f235792afb6323c832cdb7
SHA512 34fd10fc67d13713c8fa943d8693444652dd2f0639727a85417c18c32eabe9ab50f505b963946be61c7e78bc7b6c45c00ace1cf4ffaa44fc46b43ef9d80c9de7

C:\Program Files\3uToolsV3\Qt5Gui.dll

MD5 436607b792f143709c10ce039793656e
SHA1 cf6282a5a91a35b1babcad4a315299f448e322aa
SHA256 d6983a5092f90e189096b48154f2e80c91d3ecc006a1102e2eb06c3559c9138e
SHA512 a3f7a1f1f022bde28b465969897902900fb343654f2d5e1f5c1b4ec86f21389042ee7830a31c7d619af653963e87dd30ffb82646a83a83c8535475b1e90d6135

C:\Program Files\3uToolsV3\Qt5Quick.dll

MD5 2577d3423d0f29aa70a78450b28b5ec5
SHA1 418acd19a9535bb5536487b3bdb7b73090511b2d
SHA256 98307b0c701b2a9886de24eff369e22714fe0aa3404e6a58591c8afc3719813e
SHA512 b9e82136596263a36a6bd37564d6649205c4e66e19e9ae3ef79a31bde57c3ed9a8219ab0ed71e6a6c208e5b6b2e3d29cee437c6fca7cc1e2634fc9364908196f

C:\Program Files\3uToolsV3\Qt5Multimedia.dll

MD5 8ca625fd879fffda74779b0af552e465
SHA1 6c6941e688136d22d72beaffcfe7cf541a62a6ad
SHA256 42a532132a7a04c0421f697eb023c54d791d3a8a3b2f82209120292073aca622
SHA512 2087fa205916db22434f83f213419d88969bbdd48dc3908f1069df15996a4aaea9fc19eb572442c180c63e01824c3a9fe45e256318e588ca66eea2b40da6e1b7

C:\Program Files\3uToolsV3\Qt5Widgets.dll

MD5 2c3d30abf2f9cf6ab33107e8bebdb181
SHA1 9569fe1092aa2c4bda74548e44482e852b7a0167
SHA256 f9c58b3f883ce8e969fbeb2908f4a95589122c4574666d75dea6f6a835e3bc59
SHA512 1cb5e3c2e960b992c8030d38c2f76307c06f2f1e7eff25ae99fbd304b32b590cfec5615dfcd05b1b1f8bc740db4360cc78a669b513cd94ba82b55743d0df57d9

C:\Program Files\3uToolsV3\Qt5PrintSupport.dll

MD5 47a12398c7cecfe9ff5556e0dad8d8fc
SHA1 15e5c03a91d887b59a76634690d6d20efa9230e0
SHA256 10f3f980b25d8d28747931f9c8b903beb0cb4e01ac5c4639c4757ad380c57b12
SHA512 17b790185d1d24617f07c36091bc8db1df971376fa30643d205e7d5c3e82dd5bd7a4046a64da31d0bf25f052992169447e74a3827d8e54fae0e9e0cd6ae15927

C:\Program Files\3uToolsV3\Qt5WebEngineWidgets.dll

MD5 febd0bc442a26588adafd4bc3d59e7c3
SHA1 efc0b54962de01ba8a7db5254a14c3a1e584586d
SHA256 6f925a98067394119dee637365c7426bc011f3790a6ebd1209e0941ac7d8a7ae
SHA512 ad0cc1f77af94ee83683eda0b45992652370faae6625a4476f8fa962e553183dd3a1d80c9b9b81b4bb20db7fa51d4b9418c5c27f37885c90553cbf6e2b7541d5

C:\Program Files\3uToolsV3\Qt5Svg.dll

MD5 5455034a118445adabb7a2dba0a5c240
SHA1 6ba6563d7709dbddbcf94ed2501235febe2385ad
SHA256 99fdcb49199d843659c4570df27670f12b33f659e3d080f8052c417fb468fb8c
SHA512 86c2834d5582edb79d01c1be508bae4f67947a1b291b512b9641715cdf6ffb6b6e4177ee3fa906c06f6c8775b3ec18b3edeb145566ff500c72532601c6f93f44

C:\Program Files\3uToolsV3\setting.cfg

MD5 5e06b34689cabd514a777db740fde4a3
SHA1 860f45d178b33f3236e988567645581b27d604a9
SHA256 d02ec6da1bfd753c72438f00628d498c573c1d6f5dba881255817dbe3f16af70
SHA512 c40e251aa511b4775e1ce0f6b58130768b0ac2f61a5c40cc410fa125d584bcf9c0cde8ac5eddd6887def3e9ecd408cd3d7e89391e5e75eb9e4f4ef2a20d3528f

C:\Program Files\3uToolsV3\setting.cfg.lock

MD5 46dca9a822dddde73ff62a3ae17921d5
SHA1 21db5c0357330202f731e722f41586e8bbfd5c67
SHA256 afeb2f72ed635e002145a3d907a3def91263a88ed9b86c1d2033773668c14f07
SHA512 067520962b16e0163587197c48609207415b845f418c5660a641274273d8d5fa2b8830b8d3f0b414ed761d574b30da79e61602b1feaf600c719259fd35e33dbb

C:\Program Files\3uToolsV3\setting.cfg

MD5 aeba642ec3c17df7485618b35a924cc8
SHA1 66cbef809d8f81192472abb0a84688177c247a0b
SHA256 f95461757fbd678445fe708ed3d2cdfd074362903431ae6225a55e3a8c6c052c
SHA512 ff4669ad3ffa46af96e816a54ddb4dad85c4ae67bd0f5ae2a70299228e11519b025a2a9a4f678b94d8e9f709f03ea45885f372b7ca0f21908bddcb7718043294

C:\Program Files\3uToolsV3\setting.cfg

MD5 295378b509925b097268cfc33042ad0a
SHA1 89fb9cafb2b95563c600e4dce8a3e523d357ab55
SHA256 ba6eade872ca4b90cc2207c54f706d461a3a3e268fb0ec9bce2dc1bfc7710f53
SHA512 cf0f1305b63f16d21b5ef3bdb104d34f9a8872cbdb9c065ee25a724152d0ea3cf2a746576c2ad3136a1e2591e2b75a0e3710b75d7fb08a0dad7e5003ab06de2a

memory/5936-1828-0x00007FFB448A0000-0x00007FFB44DDD000-memory.dmp

memory/4876-1831-0x00007FFB448A0000-0x00007FFB44DDD000-memory.dmp

C:\Program Files\3uToolsV3\cache\hometmp\1691646974439_747089.png.tmp

MD5 ddcce3bb78f7afe368ae73dc3ea96ac7
SHA1 adbc9d45e15c436b494a3141beeacfd94ad5dc46
SHA256 e8cae30319ecbd47cc171f1b594249b475ee6e21b3be7f647b8b498140fcc4c9
SHA512 70243d9e576e73797664e3abbf01aed97d8c74ebd5fb73d63e37222131f8f32a65aec7676d4357867d969adc30eb1037bf3841dc63a6b0bbc8468b3b9ceccbe1

C:\Program Files\3uToolsV3\cache\devices_table\border_14_Yellow.svg

MD5 7aa817eedb9c798f2c4bed65caf1cb1d
SHA1 48b3606695148db080c9190491623aa11f2cb428
SHA256 3199bee53e8aab2b971d5038a106565eaff4995b2c3c732c898b4f85b61d2169
SHA512 458367901075b45b39ee380adc3de7cf9d9c03c9d300bdca214b3e5ac695aebe38bc5b2d82120eb2b9e1abf748ea4fa3c9ad205f865c55e49876eab27baeae47

C:\Program Files\3uToolsV3\cache\devices_table\border_14Pro_SpaceBlack.svg.tmp

MD5 7f2390f5032c2a01f2af2efd2fbf0fe6
SHA1 155dfa69d939cbba1a6f147d608a102347af3509
SHA256 65d4e961734340bcc372fb5789c5ee02070239e6209b9cdeedae54623ec2b7f3
SHA512 7cfa63e91cf4f6569cf37fd49134cdc417758fefbf9720560bba36f7e85263954bc3979750213757550b7794f5d588bb2583273334fa44161248e2e36fa78a6e

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaaplrc.dll

MD5 1428a8b3dbf4f73b257c4a461df9b996
SHA1 0fe85ab508bd44dfb2fa9830f98de4714dfce4fa
SHA256 5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20
SHA512 916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7

C:\Users\Admin\AppData\Local\Temp\{fbc78d81-fb15-3041-88da-340ff7219b3b}\SETA36A.tmp

MD5 97bc3bb77be14d66bafe247e5c46b0db
SHA1 4a78bef761020aefc50adbf894eb02666dac6db6
SHA256 9a160fcae82c933fe3930830782b7458707defbf2200f46d370f6bf1a699c376
SHA512 2379eaa10def39cb5286aba3ba7df558de48e91fdb112aa8e4463ed009fd880fd4d46481d6aafa8ee84577331cbb79689ba4bfe4451cb017df5e31d7e95c83ab

C:\Users\Admin\AppData\Local\Temp\{fbc78d81-fb15-3041-88da-340ff7219b3b}\SETA36B.tmp

MD5 2ebc04e384f237d2b32caca8a3f901ba
SHA1 1f3638c5a94668f3877f046b6df2fc4ef6f2cd08
SHA256 32a07ee9313ae0b4bae928e5ba0e2eb9d99a5577946fb44dcd0e81d8062859ac
SHA512 8c142a0eaed394f742e824ff41d0ceb927572d291fe20278d5c09ebea3d69467ea91db3befe72f550dfd6efa526836f7241d70589ca2ee5f8c097d3ad83ba601

C:\Users\Admin\AppData\Local\Temp\{fbc78d81-fb15-3041-88da-340ff7219b3b}\SETA36C.tmp

MD5 a31656d224232177d4049bdcf6d2a34c
SHA1 432483c57d446b2ef2bcbb1a8fe5826cd60d7011
SHA256 b385f6d5839e6a031451947f8ce57a361b2866ba888bea58ce37f425d36c020e
SHA512 b403e8273c7076470cd93af76bd8714d1eecf14104b362971c6af84758d1ced73ff10a0bfc2c3f0e01f11716d77b21b01b0d660c06b0773734a961f7e7830bc3

C:\Users\Admin\AppData\Local\Temp\{fbc78d81-fb15-3041-88da-340ff7219b3b}\SETA37D.tmp

MD5 b2e9926bef29e3d5fa62928f0c7a16f8
SHA1 5325f3761554b960e00ada65478cfe2967334768
SHA256 97830acae22500125bb9fd2c0ad39471ac97bf95eb6787bc368c1365dc608390
SHA512 288bddb5bc4495ca40fa2ad5d2e9f9aa49c0ce05f7fc464d759e7b529b748c6f0726b24ff69416acdce1dfbff3453362da40f4eaaed67ecfc3c2526935be4232

C:\Users\Admin\AppData\Local\Temp\itunes_fix\driver.7z

MD5 238c5c261745b85ae717bc49df6f8170
SHA1 04d2e17652e4f5c9aca9bcf756672df34db2da6f
SHA256 16fc810b7a9df820e9544a517cba3c455fe68d2b4934172f98d184e94c37cb34
SHA512 17504743c90bbf6f0c8724ef439d317c4fc1e668e19c3445d7a96ab5915c4527ac7366fd951fb9232cd8c158ee5136b7563da9b42b02ded6378b05fd036ac7c4

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\applersm.cat

MD5 8dab3e4d8e271f17696cdbbd638f28af
SHA1 c4b3df527a77303785ed28a5cf1ac00d729ee83c
SHA256 df42e6ae66f82785552cbe1815246128cea10029e9dbb463e211590941a81bc1
SHA512 0a52bb023cf6d33faded6eb2829e0706f021be76217f050a77f65b09142f20b37675877ce8911cdb3bc8349357e0630a1e36ec60b3855097ede1c803a60a5880

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf

MD5 6db0394609c92e266a16bfd93b1eb597
SHA1 2d77b73e0ee0cf5f891dfb527991ead8cb39f22e
SHA256 10aac2d96e5b2c8f55605fd6acf6a39c7ef3d092018a5bc622011ec46c139a7c
SHA512 d1e160e507d5f4e2a561226c5ed4254562ac1599481f22d39d6f3b9560312f42d85247017db3b8b710677559327ac71badcf2473696a14dbd2244de6cb48c4ea

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\appleusb.cat

MD5 70e09f54ea9a321c80359bc9493fd9b5
SHA1 440f5acf4b12bdfb052bc2e079e80a8ec6feae1a
SHA256 775e43292702903d1f3991b655dde23ccb378052d28f7e0e8f89e2f4580a7387
SHA512 46bedf56160b17fa9fcf0c707d88b6539e4acab7c76e74bce31d4875c0f5d1f8ff0eb177f94aa0dd11b47c13d39a637f96a81af064aa79886259082be79b6ead

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf

MD5 a150a24f14aa40de4c18a868993c84aa
SHA1 b239f3995efa3018025a8b59bd7617f6ae06fadd
SHA256 71ef7dbef3e7b2c1bdc32c1a4400aa5f92c5c7eee9ef6261385c54cd9d0e26a6
SHA512 953cf9074a00267be108d4fcd8626bfd56fcc7e1df5116a39564cfca4cc472f15ba1f4731dbfcfc92f2a92aacaccb186e9e552bf2115e68f07699854194b1010

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.cat

MD5 168c4256eea6a76983d79d45f191469f
SHA1 2f4e6d8db4bcfeec816d31a70045895a3e6158e3
SHA256 2b8a6ebc3e10d06a6ebbcb4ef89992978836eb52d2ad1c09e19b137b0963c2f9
SHA512 743f28589f4357594c4490c6bdc46b6ca6e3164ab58495d686316ba8effc004e68507b26cb07032f3232ecf21045078a97aae0fad9ac78acff48ec2ae0c26585

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.inf

MD5 2428e7f81420a9d7e81dfce9fa0613b3
SHA1 96605444de2721d553530179ea96024f29b32827
SHA256 6db20d1374088a64b5a435189e3cbf1c0f30496d4a2c80346bc904605f3d0261
SHA512 fc98a3010d5a71ce4c9ec2ef16914cc6fabf531fdbf1cfc487d42dc352111e47f970565a011cc6ebd18b2632af5bc107e5c0e784127b789b68e6cb3f214aaf5b

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.cat

MD5 98b045f42f67bb602d8b768318a86018
SHA1 a04dd80cb60abf2dd73aae417b0a34e10c321346
SHA256 ad62ffdfba01af7222d95193d23bef0084115ee3aaba3ca1bcd808056dfe2437
SHA512 5d3295eb28685cd16e7da047d708f3f0d7fe0b2ea56fbe87d671fdb8371ae9d0e8fd18e3c456189954c8938ca96b4dd5937f21716348b27449d9eafdea104d83

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.inf

MD5 2e21c73e279f7d39222d038cb711d7c1
SHA1 493f1339c2dcaf82ad589158fd2f1b134cadbf8f
SHA256 7d256f65ad5b0a2767f9cdfdabe80ff9fe18c00be93e7df0e08c6508f309d519
SHA512 f5118e029fb911108eae967bd175a30eeee4a3898897120c38e92b92b43009b21f3810805b7a92ef68d2b8cdd84ff3a11d554114c0c4290e5bd9edb0c47e35d3

C:\Users\Admin\AppData\Local\Temp\itunes_fix\path.txt

MD5 8629beec6d2d530f4b06a816c78358a2
SHA1 e4fc314491e7af7783d82d452bad1cad6d535246
SHA256 348b6816e84c4ee4cfd6cd69d340df2e9a7129c25c24f385e58a06a3bd2a7834
SHA512 8d3887345d7389def047296613f1de77cdd8d925f94652c80d5b4b909a693838cbd09bc0df95458d25c25f1bf5b80d71bc030840da2c1ea5979d86677fbf7276

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\USBAAPL64.CAT

MD5 26eee7af8aa1ef8c1bd7c9327c602844
SHA1 990a56215aac7000eac9371f489a0fc57d560078
SHA256 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30
SHA512 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf

MD5 2da3a91b71919d035d8fd17b6b90bbc2
SHA1 c2c6a29f3abc80fd992777a92df30699124d37c5
SHA256 edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b
SHA512 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\USBAAPL.CAT

MD5 97f4158a43852869de6ba9f1c754bbc8
SHA1 0565f0874d623268529b86967b93a7ae8d57dab5
SHA256 1daa9a80eaf692e1c1490afafcc435e37cafa94e9a9dfe453a82b1b472f3b1ba
SHA512 ba75a483ac75deab29c4174f1991dbcf4a76857dac23c99065e07585a5958e49f1ade0133fabdb3c8a28ba35e8df06fb529f81c756ae549b35543ad39817a44e

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.inf

MD5 ca3a369e3993295e11d5fb6b7663f3b9
SHA1 7771a0176a543725d7bbf70a546c096a4ee2dd40
SHA256 4494c8af156d9dc7deea76491d73716e16b42e3e8b5b4555b0fd247b6cacab8b
SHA512 650b0f23b6470ad84a001821bd5ba6fc906db0e6fd616d734a87b9777ac1f5f6d6d0dc52f5aef223bf362109b77cd89c5b4e93562c1168fbd049756d714b64cf

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.PNF

MD5 e70b88763cbd6ea996b231f2d1f22b77
SHA1 fa42e09d3bed60f7ad90f46ef142699ff6a376ca
SHA256 0cdad698563e00f2f7fcb88d8260428630f2cac3bd8f4a60b6862c1db0694961
SHA512 6c9c46fda2d6dc9076333981c5baada87a711d09394a4faa02d3c8d7dc40e08464c37e5439f604846f758684cacf7f78bf944dfcc84506b0ee709dbf4cdaa0cc

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.sys

MD5 39fbeae7efff3b0859b3d467e906a81a
SHA1 de04f243e6837394f141897e6df98a7777a05d46
SHA256 30bebe8d26c16e1d22d776e641f7a68b9ccd1c70a3804964db6753b821eee4b6
SHA512 f565684b27a92dee7b748479631af3f1a201fe9e6cf3b76346f83b59b1755fa3483c97c95b65e7bdd7d2bfcbcb973c4c1f0a2a6859d17e73b249e75f9a6c1058

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSMInterface.dll

MD5 cfdd6b37070699bf9ac287fa4fdebf0f
SHA1 bb6d98979e0577229beae7607a92d5caadf45113
SHA256 35075c0a280d7544b402c1f030ae9acd3c917fc1bd6a52145fae9b2a55320ecc
SHA512 793151eb8ab8c35eab2a4e4d66b2dcd4827fef53080b5c0be7fa359e7f4cc7377998d7f222303d93233b09fb76859c16f6c47b3ec3b0e88081a8d1cffa8b4978

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleKmdfFilter.sys

MD5 201f083b80cdbe930d78fe72f1123e22
SHA1 6a368a4665e0e56c3f32973c679258ab6c4fc35a
SHA256 72fe475d8ada0cc2e26a4e659ca7d03bdb8d3061b4a689016a54eb52b18773a3
SHA512 3fa61fac2127efbcadff25c17e055f32ee8ec65e82f192cb87fc3390dac322d5d24b611ac3b665b5661beb1bb0e62929e6912c80880b2187540298bb6eeb52bf

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleLowerFilter.sys

MD5 dbd000cc3ef170bd3e5d26b7349a7039
SHA1 1022aa866910aeef33a711f5a6d1de77a5dcffb7
SHA256 ac3469ac659287626b05cda0da457b63ed78241d4f20c60778f6292d6e158346
SHA512 6342cbbd7864494ca22b9a5eb26badbedbf800d094cb0343ff441c1b6db49b73e87d37377ed9029c386cdb4e60debe9e24cd34d0f3733ae55b42f6bcd7ce5f3f

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsbFilter.dll

MD5 c1c5b35fff1e13816718d6c30e15e2c4
SHA1 a75a49857418f8915d27df08802555e9d2f65274
SHA256 17fa26ea576e98f40eb2a353123d27232335e3a20c8d91465ec83710bc1a8eae
SHA512 6725458b4b99d330d49c2499659eb87c9cf7c623fb5e9d1660c2dd13104e169ca1cfd242dab1ed601ff9902691d7875fc7f5fb6bc9851c336b41d20c0b66ab3d

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.sys

MD5 ee00c544c025958af50c7b199f3c8595
SHA1 1a9320ad1ebcaaa21abb5527d9a55ca265deec5d
SHA256 d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1
SHA512 c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\WdfCoInstaller01009.dll

MD5 4da5da193e0e4f86f6f8fd43ef25329a
SHA1 68a44d37ff535a2c454f2440e1429833a1c6d810
SHA256 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
SHA512 b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

memory/5316-2332-0x0000000061920000-0x0000000062247000-memory.dmp

C:\Program Files\3uToolsV3\cache\hometmp\1691646872461_895937.png

MD5 417a9a266186eba0b5c0e7fae060d5b6
SHA1 cbedf7bd71f7737c076069565fcab54cd040cf3a
SHA256 fb536ebf3436a353ca42d3efe03204d9bd13f6d073887f8f38b875896d1b51eb
SHA512 bd6fd68e74312501cfe4701ed8627e341d53cb59c6f5bd23a86ee3ae7310762e0dbabaf0f96c5dd99e60a616242d4410e30f3ee083d9b54880ce3073c63a3c62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eb38107809cf569fb7788fe71b1e2aef
SHA1 251eb7b65b5b6d58264c3732a3a23f2076868036
SHA256 ec2702b390b8ba8243053398b1c70299a5cb777dd0741216b59d77141117a5ff
SHA512 93559df0ab778530039357f7dfc77db626365823d91c3eba7a3bdf7f28f4c21fdb9a5c746369f9ad53973f13f1d92e83fb8a9f6f997c8daabf1b23d61b3bac44

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_744046103\manifest.json

MD5 15b69964f6f79654cbf54953aad0513f
SHA1 013fb9737790b034195cdeddaa620049484c53a7
SHA256 1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd
SHA512 7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

memory/5316-2389-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 3b4fc5b9da5a5b1e2bf0a3f62523e221
SHA1 4485894002b763d0414f86d8907f041af77f938e
SHA256 e7cfca586896c501bb2df8763d0eae22a6998c5e056c421e5a941d1843fd10ec
SHA512 267242c0755994565a92b057c163c909fb61d009266d768ac2a5576dc10d4c4c3f96dff40eb9ce6a6ae96def9276ba1cb22396b261ab4494c4dcb1b6ff361f99

memory/5316-2420-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSIE7A.tmp

MD5 6ad6ed5ec87f3e15b9ec07752d4f0390
SHA1 4ab03a717d114ad88207ad808661d7f009156bd4
SHA256 fd762fdae46d1430ceb28887ac092e430003f3f09d45c294a49fb37c831a87ab
SHA512 cc96928bbd249dfe6567469a5bb06cece2fe49b7479887434c3d2fbdca33969c2b05e5217be38eec4b5afa439bee3e3aeb9f7a9bfa015be17c31b2a0fff04770

memory/5316-2466-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Windows\Installer\MSI1C27.tmp

MD5 950087e828e1b7426f703678e446c799
SHA1 c9f28be9b9f810132ec8d78c161e5a232491e60e
SHA256 8a41eaa0d699f48661c2560aeffe4b0432cf755f1b15e31ac9aff667d498b3ee
SHA512 9ab24bf84a4534e219df132a0b43874c1d6410ef802c69e65c5aaf3d0c46085470690851ef23303f9a48076e8ae552d816903e02c43c1af83e6fc3457d2acb93

C:\Windows\Installer\MSI1F09.tmp

MD5 6f8e3e4f72620bddc633f0175f47161e
SHA1 53ed75a208cc84f1a065e9e4ece356371cac0341
SHA256 2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e
SHA512 80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869

C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar

MD5 ce9a2f5a7fcfff341d6d901ad919a2ab
SHA1 341f9d9a0b3fd8cfbefe0169b148dcc55688ee93
SHA256 cc36a44467f41cf2dc91c126e368e357b28a0d57101472d2dfd1c06a4091cdf7
SHA512 1f53e652b042ee27fe05b11ccda2ed9ae9a8f44b948b8658aa7a2d7ad2f5bd94ea16f3d9a92e65a8c65b7480517f1d05a066a4fb8d961b927d0d305399ca4e8f

C:\Config.Msi\e5a18ad.rbs

MD5 4a46cd60c9c6cbcddab8109626edf737
SHA1 a3d22e9ca68595719410da1353f15e6d5fedf1b9
SHA256 2f7a06f3c79cf25a840a2f719f84262be5645ee8354e9bcdb6998548082f0855
SHA512 d0d5c751e3f40dafd3d897a83fdabe4c32dd7a2ccc89b04796467a0cab12ec21a6bfd6e9b1ef8b752ee1407816bb350d5bbc14b568a67edce93ec1be7a7c1ad6

C:\Windows\Installer\MSI2E7D.tmp

MD5 fe11c4804b99dc5328b62f266a34546b
SHA1 b9e4b99c71d01a5105263b1b351325ad60ac31be
SHA256 774992b8ffbb893475392387ff449532c9d75ef65b1e45718a03967bc526c739
SHA512 29f9f52f36de3501c60a9c41f5f16580c4f2b1c30bbbb2fbbc002b21ff514b3fdf5f1ad809fb84c9927c48a1cad9322ad92fd0a40522e115be8443946332a6a7

C:\ProgramData\Apple\Installer Cache\Apple Mobile Device Support 16.5.0.12\AppleMobileDeviceSupport64.msi

MD5 5fa31f33afa76e4ff8387d526abb70e5
SHA1 c45e907c6189429b231579988cbe1010dd7f0f9b
SHA256 b6accb2caf4f4668f130eee803387588d31cb9e8d16c9e02ea010c554c1193e1
SHA512 6e2221ce35ee00b86ca4494ea41eefe9174290119f0798a351a2ffc51f3c8a35af3181c3d366f6232d5b2cada6729a265fdbc6de42ac56d8598516b2c9722072

memory/5316-2588-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_486043928\manifest.json

MD5 01cb8b111843d1f1dac11d249c24c8b7
SHA1 c4f1f6f219f325caee6363df7f459323109f2f6e
SHA256 b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a
SHA512 075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

MD5 1c865471f98902a3818e8bbf46360342
SHA1 932497309e942f67080b84dd37dbd634117135d4
SHA256 b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d
SHA512 d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

MD5 8060c129d08468ed3f3f3d09f13540ce
SHA1 f979419a76d5abfc89007d91f35412420aeae611
SHA256 b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA512 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Config.Msi\e5a18b3.rbs

MD5 10766f0cb36bfcda7a7b2eed1783fafb
SHA1 b52947c393503e0ed1fe4c0bfc69a784eabb76c9
SHA256 c2ee5c14128e28bac9d52da02c54ac830270639b08c8f4c5ff8d0e951951cff2
SHA512 aea2ea86e945b63e7686d6f7cf6fd240f5623bda2ef2a3d6eb47caba4fb95da57413031f02a45525b14f1a827e8e718c8743e51d6a6f32e733245b8904c35fd8

C:\ProgramData\Apple\Installer Cache\Apple Software Update 2.7.0.3\AppleSoftwareUpdate.msi

MD5 adf71b16f66b235268c5d894bb7c46a5
SHA1 b44a713560477c1ddc0be33bfff1a21cba714bc7
SHA256 0610ef6e01c2ba53f57035545f2c61e85b1bafa6334a47f6de8a63b060f9a130
SHA512 4564dba8763a165b582e0ab785fbf658f50fe07469716d0b840261a8faa9b1b9ffba54cab14f674b46bb22445128a1f56e36491421c8ca0b7dab1d933e0dcbd4

memory/3312-3080-0x00000000029F0000-0x0000000002A2F000-memory.dmp

C:\Windows\Installer\MSI53E3.tmp

MD5 928f5dc7a304a78d8687b16618ae7808
SHA1 b75a22cbcce356cdaf39ad2315ac8974f4ee62d4
SHA256 d1727467b076e59abc58fbc6a4355a9d238fc5b1842644e33a0f920aab449e28
SHA512 c85167a58195261cf71c528e4877618fc7183fe04284abf7cc1b50bb74add5bff81d53371d881771bc96302b0be35c2aad9696a7cb3292c3c3ab3cb8e4712900

C:\Config.Msi\e5a18b8.rbs

MD5 09bfd75100aedafacb265abd03c869c4
SHA1 abe47c0bc2d06da15ab9dd0c147af73eb34e96a6
SHA256 7ad67dbd30eb7d4aaa29ecb909b235e488c5765acde01bf18a37266d1b0bed28
SHA512 60294704f0f143614ec74ecd62f04783355c8896ab1e245137b4fb61d179fe916a43a8fc913580ec75d7eaf6e7c4798d14403df4e296e9b1bb51faea1892817d

memory/5316-3097-0x0000000060EF0000-0x000000006191B000-memory.dmp

memory/5316-3110-0x0000000060EF0000-0x000000006191B000-memory.dmp

memory/3572-3120-0x000001EF25210000-0x000001EF25243000-memory.dmp

memory/5316-3130-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\[email protected]

MD5 59d4281f0f7f665c809f2a68434999ff
SHA1 1c71204e311646a1b367860c0de11ea5e60e06ed
SHA256 57b642737825507373c0b192e3431f7a15848c1fb061b51b262b8d2438551e43
SHA512 e38edd4b53f950b8c3202552d38a6a56ee726a239527a1aec064b9a3a66f06a3aced67c0b6bc3c240994d006d8dbd5f2e2ec67bdd4e76c181e9331891d1d0154

C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ViewLineItemiTunesExtras_dark.png

MD5 589bbd384b604e83cadeba1d59f8fd90
SHA1 ee6fe62fb935e9f1007f31eea754e3cdc315d022
SHA256 096343c9ddc34fead4232f182085ceba66907446657257969f3916ba991eb58d
SHA512 369b8d35ee411971f1dfd02fa065ce2badca714a0046cd26d098c15a8f55185178206516a62de59f81bfd285d4a8804a29b64d98f51f4e4a543bdb2eea993736

C:\Program Files\iTunes\CFNetwork.resources\en_GB.lproj\Localizable.strings

MD5 11d00b701160c1244899bc1647e3b756
SHA1 866c9acf31291a1459e6719dff2764af41eddde0
SHA256 47be7f1aea7eba3fe98080713b1c4414ed5018aee75ee7f6453ae2ff95aa76c0
SHA512 f1e8727fa33b70bd146d71aa782ef8000b6824c06b936b7584057ca77cd082a001398bc5ef2202e12b50bd86687f3a75ba3a6b028d14c7ae3d1a21d868cb756b

C:\Program Files\iTunes\iTunes.Resources\id.lproj\[email protected]

MD5 11b4d45789544050871f75c0fb3b5e3b
SHA1 3362722a15fdd5a67d0c7e1c643c64a3630e89df
SHA256 f03209b2a8826502acf29e9769c73e1fabb923f4ac11057299cf8fea57a13def
SHA512 51854f9a9961224dac3fab303d2e39e0a30d3f52b9d5e561dc07c69950733e6a9c6f585e001a3f9453fe0a7932a74e9b53fea0e87a691787cd11cb009017a794

C:\Program Files\iTunes\iTunes.Resources\he.lproj\ViewLineItemiTunesExtras.png

MD5 59ecde9c26c45850d5d42fefd0a2fad5
SHA1 6bca0dc1fb62c293f30bd7880d91cf96835ed4e9
SHA256 2f0e9c34845db2353f8798bbd7ec23ef4fc151cd61b3383b0a3280b7de78309c
SHA512 9b9744414188aacbace2bfa37561266f7aa6426c6e61bece4990601f0a57c7c41302dcefe1757e3da86947baac2ebb06c266f18108448ccee41d205680822994

C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\[email protected]

MD5 ff602a53d097a0d42fae257d6cd2fcac
SHA1 57ed476c7c88b7c231ec9e4d6acbd5c04808d78c
SHA256 8acad76c6c4eb0c023664b845a7492adc2e418cefa48aba7e99496125a06e5cf
SHA512 a5f0d07314040fdbc614d09e2d38bf87ad0a1286c472f8c7403dd488488124e769d436ec1b01ff1b47825455f03aafadcac5722f4367fcdefb13ec3de0ec8def

C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ParentalAdvisory.png

MD5 d947d2a1018ae12438bc118af0a04215
SHA1 c816253a5341d804712b8fe00967cbc887f99907
SHA256 041204ca5fb90b0d19d0f8b5bae858bf4022d9c794990e8fa4a0bc7eae093ed7
SHA512 bf7192cd4f137311d4696a0dfcb5fec66df5ad45e301fff3f8d4104163b0c64d8abf2b2d3f4100802f75aa55b435cc890005d5836c1350702473b0359add46a8

C:\Program Files\iTunes\iTunes.Resources\ms.lproj\ViewLineItemRatingC_dark.png

MD5 b52bc951d0c8f8dae4329368388dbb76
SHA1 ae408ee6f2d946aaddb8be466f7de2b99c7c4c58
SHA256 befb8ccb14ff090ad56345786c9f367a8cb2d14516ccb52dcda123df5e5dfbe4
SHA512 144de7bcef6fc1be493229c84c2038e2c6b6719c5ceba95d7abbc14539c5222a3bd1e65eb00e0c0f3bfbe6e0be4ddbc9d2876dcfdb9f1b3372cd3361d7f58d98

C:\Program Files\iTunes\iTunes.Resources\hu.lproj\[email protected]

MD5 02185d025965988b87c6b4748cdcd745
SHA1 e110b97b7d669361a0f2a2cc38c4a62f3d5deeab
SHA256 ce8aa4cf4ded795fbf1c10fc881978746ce6c76f13accf566e7ba0e98f5af774
SHA512 f1b6617eff4a584a760c24423226c844e2ceec8df8023bc9a53da69b18f76d2226ad24d0d1b2bf61cb2da9711caf4c23ff7905298edb309cf771cca1797a2c48

C:\Program Files\iTunes\iTunes.Resources\pl.lproj\SortPrefixes.plist

MD5 e4f62c535e191b6d40912f32c60e1eff
SHA1 37203bd8a250fb9b7471e1a4b8b2dd4f727aca2a
SHA256 800cb75b9347c5142edc9094c9c829b10b6a280271f19e8ef3b4673a1cc48484
SHA512 2b64834f62de68efc971bf59e36d7cc0a29c3e7dc4c2c987ae6840488f6fb94e88ca73276fd0968f2f6b68d427a5f87a97faa0821f0cefb533deab38a58f3630

C:\Program Files\iTunes\iTunes.Resources\cs.lproj\iTunesExtraGridView.png

MD5 94eae9dc7a205de2ee0a17effa21b60c
SHA1 54f23cb71ac3a62680bd22a3b2b8ed5c6c86d5a4
SHA256 a33f1e4d73943a77e6471143d263aaa53a871f7534e27435beeea19e75c82fbb
SHA512 5601cb432d92697a630dfa9c5403b7ff1210f517c51eb84a4036d7c14192af287eb86782a8036b0da72ff39f827d118d276a43cfdc0019f40b85147948d3d99c

C:\Program Files\iTunes\iTunes.Resources\vi.lproj\StoreBlankBuyButton.png

MD5 ceeb4e2a8deb651b69a973f5d671d92f
SHA1 3fff59aa350cdd2cfea69c08b55540b63122bf26
SHA256 51edab4204721531caab3a704e86d54445db4b4ddca70ef2c4b1012fa6bb3d5f
SHA512 9112040b761b90b93e89249986e6e75d55038fc1537293d7eadd02e181effd601ea15aff7a3100cf2c72de610b8b4cfefb433ae8bd75499e4a3dbbccf8410493

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]

MD5 e85fcfa0b73018404b29d4fa04f047a8
SHA1 2c7ba150c3fd101231563ffec9a7fd5ec5ae02a0
SHA256 55617519bf037182dc93082300e162933c3771996607aeb605079bb834a182ef
SHA512 141c92030b58dea61e29020b1792cc2a8dafd306af2a9130b105721a026b81a05d0d1621d4a76f6b6e5509dfffd47506885579279b6a098130b542df60b0f884

C:\Program Files\iTunes\iTunes.Resources\pl.lproj\[email protected]

MD5 010e5869f100573199acf50905ba17b3
SHA1 da950fbeb52dea27dc393ad4a113422238bd6002
SHA256 f533c5ca2a6bdcd1a9c7f757c0c9a17d894b2717c3493bd7ced8f36a722eecc3
SHA512 83c30c0291ce0540a41f07a6566eab12b784efe5a7a8dabe29dee67fdfdc0e53e89026511476d0abd46a267bda76e179892a249be46619c7b6fd621d1ce753ca

C:\Program Files\iTunes\iTunes.Resources\he.lproj\[email protected]

MD5 8875b575ec840a83ede84ca27762761b
SHA1 7463b50c8483598dc6ae4889633a11edfcd3a5ad
SHA256 6529e898923292f4163ad09594682cb7fa1c32c6c71baac0e4405d9996dda509
SHA512 9af764d681309781353504d270d78ee59798154c94292e8eb73b07e78f077a52cecc9523ee088d68fc08de353541c6ed34fb2d73eabd1316e638485ceec6a6bd

C:\Program Files\iTunes\iTunes.Resources\cs.lproj\iTunesExtraListView.png

MD5 5e93c7b6af1f907359091cd0c629b3dd
SHA1 4aba4ecd7b1b5d7937e7c7faaf7ac1629c0394cc
SHA256 b21d24670a44bea7c5c86c2b87d356e66006cfeaebb8e6b7d4ebf07974ac3f66
SHA512 492683e196bceb4f80d2bf07dc9031fd8f1667b0d8e3da877df1666bc419276bde0a6af8a1dd983a0b5594d5e0143eeda09ad2b87378cd221fbdb3e45291772c

C:\Program Files\iTunes\iTunes.Resources\ro.lproj\[email protected]

MD5 6cf4cedb6b5148b103fc91a2d057888d
SHA1 23e873c7d60c21248eb9f8381643a295dc4fb12a
SHA256 dae1592358924b99a4363cf20fc4a6dbcaeffb5af2f7a248a0fb687e95336597
SHA512 4847a96925aa568c6d523f84e760b35d0f4abad4b6df70c3ed6003289b776b3327bbc41dda3da96221113e41b0097a2275db5bc562c77117db6c04e4275fc583

C:\Program Files\iTunes\iTunes.Resources\cs.lproj\[email protected]

MD5 236216d5b66e7e9f48715b953b465c56
SHA1 7ad8425770aeb398922005b2649c4764c5b6dc5f
SHA256 ebdb9147c9b509b923fbb4e1e7903c84f67b42542b0055b2f8356a16c456191f
SHA512 6da4821957d52ef729cee2c6436f75b8581b702efeced430e99abc81be11f8cd2f2b2c374a88d68ee177b46b0cf34f723341a78d642dd4c81a8b5f09e8c77bd1

C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\[email protected]

MD5 755eb418266342b17633f1615a1882b0
SHA1 df51fddb36717426da15d38f4edd48f74c140364
SHA256 f5f639656493f65e4a5462f6c4e280fdd54a7a4e839c2c0f52c8b5b1840fdab2
SHA512 8bd4b9879f1899c2a5e5f9de80897882f262252260c69767365634f9a97e281020176613c58a9d22ffcb510f1cce66dcf26903092c455d7b17f951ba0876f116

C:\Program Files\iTunes\iTunes.Resources\hi.lproj\RatingCaution.png

MD5 22b6a916115477a43ce634ea820a6304
SHA1 a34138e73bae3a62d745171d62f9f05a6dc07276
SHA256 138d6ca25775eee1f0ea7001f694a5b286224372aa168a09578a1a9af7eb76bd
SHA512 97502dcec76353fd69ffabf398b53777bde50d08cc998a6213410596fc42eade86f717eef60bea0d5a4f193fbdd18b33f09fe360b043246b9c96d3316c7a0347

C:\Program Files\iTunes\iTunes.Resources\fr.lproj\ViewLineItemRatingE_dark.png

MD5 ef859a036759f6f29c3dc14928a75c76
SHA1 45f8c4450757f2ec653ee0845f5ce497b6832598
SHA256 c5c8219de48b954849bf19b716dbba8358c66b02836417d8d729dd2a672935c0
SHA512 93aae547f72edf6c466b4f6c1a43f7f0fe0393cc7f7ea87818b462a4938cd86903017a12cf4eb1f3e05492b312e8826c5fea1935388a168e1f0278cbf3fb505d

C:\Program Files\iTunes\iTunes.Resources\el.lproj\CleanLyrics.png

MD5 357922d796c4ab56acb274ec1c89ed4b
SHA1 4f29801424d33877426dc21cf02bdbabaa321120
SHA256 66e1fc581446d80a7f64afeae19273cef7d6a10001e3e7d3127ade5842c754ff
SHA512 e0c7b23cec3ba61f83ba3a9675ce078d4fd36fed08f8e1c20be6e9b7891c1d4175e5ceca9ec3797419b22806d82d86fa4fbad314565d000a36fbe92905c9e36a

C:\Program Files\iTunes\iTunes.Resources\fr.lproj\genresLoc.plist

MD5 17d011dc9b1de5a0dbcbe11f5dfa4dda
SHA1 22b3182f41bc4a322f162832b4dfa92a46a71859
SHA256 a0f0336ccbb2964f1b6534fc1a59a04896bc104473812ce0f407496648eaa93c
SHA512 99193d05842ff4debac4d1c1ae772d3fa6424f5c097eea557095a9bbbcec044a18c3557afb1d2f474a2b86db7a8ce24d44d2b70d1c5a989258ad9f70d6561452

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_536253503\manifest.json

MD5 a30b19bb414d78fff00fc7855d6ed5fd
SHA1 2a6408f2829e964c578751bf29ec4f702412c11e
SHA256 9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f
SHA512 66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

MD5 bd6846ffa7f4cf897b5323e4a5dcd551
SHA1 a6596cdc8de199492791faa39ce6096cf39295cd
SHA256 854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666
SHA512 aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

MD5 17c10dbe88d84b9309e6d151923ce116
SHA1 9ad2553c061ddcc07e6f66ce4f9e30290c056bdf
SHA256 3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e
SHA512 ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

C:\Program Files\iTunes\iTunes.Resources\ar.lproj\genresLoc.plist

MD5 093deba2a9db087a0cb01a676bff1c9b
SHA1 9c7d3070d1fef593731dacdde8cf38e7f96962ab
SHA256 2950ef6f4409f89b8513f2bb787f9070c2983b698b35b678088c59cd83246bce
SHA512 dc3860ac3d87ad8f28988b2c7e694721757a43367ce6a1333205cf335de1c29e739a8468a70bc305a60c4d0587aa062fe01f3762d608c9bc4d76867f2d381c1b

C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\[email protected]

MD5 e14f8e390a9c489b10eb23306d27824a
SHA1 e33831e12fa5092ca15e7d8af7b01afed996b30c
SHA256 0775705d7637f7173ec31f22e324af8160b43d4cc6a47a2f199b3751963252b5
SHA512 63c3e261ea445de5d7eaab326e0168db054b4d953e81f89f16446a1ef5170a96aa32db5d7cf42181f990a8028e9a67764885a6d94f74d1d1c9910dcebc4f8a4d

C:\Program Files\iTunes\iTunes.Resources\fr.lproj\ViewLineItemRatingE.png

MD5 30aa67b32a3542874bcc88e146e17b46
SHA1 6d86b94d2c71ae27504ce8b3ad000fa4ef532a6b
SHA256 2ece6d0b0fc97dd6deacfdbaef44458a4b96e43319c78cb74c55d4f7ea79d9b6
SHA512 dfd082a54a13c5d2fdfa66ee9db8c893bbc6b32108308727665267f0a9e9fa9610c174082c0ca7a34832cbba768a1e2d8f6218b4c5a538a328a6159be05f3cc3

memory/5316-4047-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Program Files\iTunes\iTunes.Resources\it.lproj\ViewLineItemRatingC.png

MD5 71062ebf3a5a9b5c578387aabb2e7fd3
SHA1 410d43bb43f7ddc7ee7cc225963303326485bc0a
SHA256 5c751b7f4b96d07b22971ea4977566ed88c3297ab7d0b2853e7e9baec00be1a7
SHA512 0ad45440a3e77a4ea2d1ebc8531c91fcd663e596a90f5cdf1d0a57384c54d988c0759dff51f5231d973f9886c80c16feecfc16da84579a0cad53ba70b984a865

C:\Program Files\iTunes\iTunes.Resources\id.lproj\ColumnWidths.plist

MD5 8490f8bf0576147ba7cd139446e6cf20
SHA1 48a557825885bea1a6afcb662b07113e99a20136
SHA256 bf81225b2c30aabab43beb74142693ba800af85f88025446aaed2dcfd5068ffa
SHA512 86f0896fa6ad25a9550cbb3d0746eb413c86832986165e0824eadd917bb902b1f13c9aa60db78d477c3c5921fb7fe1465025765429b6a5a7e638da8063487753

C:\Program Files\iTunes\iTunes.Resources\da.lproj\[email protected]

MD5 b8f2462ffc91bd1956cb2607c1c9df31
SHA1 b4d4a46fd481f23268fce6b63496e753ec1c8a25
SHA256 b58b3ac76194b282833d971e2e2379cb25e7149f29f4a585e9405daf810a3d50
SHA512 6814101aaa72a241e4f9d37594c666016a36bd4d5e5ef50623e23590ccf94bac80d2b8c062213b557ebbef5e007fe0400ed9c84422df8f5a5486d2c9bc4516c2

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]

MD5 784f871663195e678f524f4aefccc28a
SHA1 ee8a70134370ce17ce49bb31e92cff252958d202
SHA256 efab63103f90135001658bac9c8724da424e81fc05c9385953a7555c6ce1ace3
SHA512 7e1b0f1f74abd674b09443b835da35b9b1855a0d7ac15e60670c6d3ffa1059fb13ccc579f069e444d073be0da76b65b4dc1d517c2ffef654a99ba9143fda6f7b

C:\Program Files\iTunes\iTunes.Resources\hi.lproj\ViewLineItemSubscribe.png

MD5 d4eda1881d75dbd2b0d9336e9a5108da
SHA1 fa2264a591a47e42b7cd581b9e0a3ada33874746
SHA256 a9ccdc7553e6cf9095d3760e88a3c9f76c0817ea6596337f21ae748828ce3532
SHA512 4a953a46684569c02fa447f46ebc5d8c8445a045703f36cc17df708eb53b2c324bf83c4c71a72f35d96f4655e5159b919f4eb631df598d4888d40a73d675f527

C:\Program Files\iTunes\iTunes.Resources\hr.lproj\[email protected]

MD5 5132ff3c2935630e2f54ccc9a360b742
SHA1 58a0b7d8667d625d8e0c9267bfbab88551c6524a
SHA256 5501b7a0c2af99684fb58c1acd227fe53bf07f4028382aca136607ed9459fc8a
SHA512 816d16f9b37c52f97a64a5a1f4c4b6c1bd2705231703416c7713212e1cca2753e3bc5e3352439a0cebc89a5ba0de584edd1183603cd387e7c7fdea1f023b1f85

C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ViewLineItemRatingC.png

MD5 471584f30a8dbce0f8e4ab7a781d3705
SHA1 1d4ec7b6ad3ae1ccd48056c84d05f2d684db85b5
SHA256 ec0e0c2e51cf0c587bd8cd8842682ed78becd0cdb76ba06cb1c8cc1d98c710c1
SHA512 b6370cdbf9430cccb041c21641409e43bfd2a1b78836ee38fd0a706f26623ea1cc84e645fe6b501fed06b4222173055c101bee5de2cdd012c0cf5451cd3031d5

C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\TextStyles.plist

MD5 7f9f90998dbb72a12f12464fffd40997
SHA1 01a41b41e92271eea01f31b208a2c2b47b496b59
SHA256 503b82910c0a98e3509cdf590dfa8f722ef149390b260068675fae09c3cf12ef
SHA512 7c293a39681c386002107aeb852c15ec8b4acea037f8abcef601cc76380f3487f421d267a6ae856df90b10fe8d032852c3650d5feb36f675a524163314e23a98

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]

MD5 d9eb252906d8d98e592ef01034a94c76
SHA1 5fd847136846bba1957e2ace9e1d3ec482de2e5a
SHA256 6f231775671c67eaa458a6a2d1405f3e5c52d56882f5620aa435166f4bfb7529
SHA512 7bd132759532496ca864cfff7ad411ff48e3d2a9ab28e3b50afdabe5782d853da52a09f093b25c0d7c60906ce42ae8a28634df363fc6a435962dfdf3ae9faa71

C:\Program Files\iTunes\iTunes.Resources\en.lproj\[email protected]

MD5 498055b7ec8f362e71a988ff8c79b517
SHA1 4b28c12932e86c68c7acea45303be3900bf987ea
SHA256 065261151f732d9f8391b0bfc00e71d3dd8e47c84331aa94b58e295782d74a30
SHA512 0b7c4dd87fed1ec01b14334e129ac43c598c30a1141bc9831f7b0ad106704072112b36ff4688520d675eb72652ef6a1dc349c95f55f6a59a245c5c151771f0f7

C:\Program Files\iTunes\iTunes.Resources\nb.lproj\[email protected]

MD5 c6beffb1568071b2fab6f19bb9c875c2
SHA1 137ada0e83cce6b784a8d4f345430c28d61944a3
SHA256 f1b5cce0aece4f65441bb7cbbf86155ad2d4e90b8bbba8252de985ae02d751a5
SHA512 a1e811646642fbfd11ae794e7c764a3bff39e285f1724deddbf9ed516cfa7929e8ce10611b9d0cc11f6c1944728f4aedca99df5badc72f2878209c3d24b28758

C:\Program Files\iTunes\iTunes.Resources\tr.lproj\ViewLineItemRatingE.png

MD5 18109ed593d861bd659055a5bd9db831
SHA1 3b2596e909633ca509e857650d7d7c9693987a4c
SHA256 1c28554bca95dba35ce291c0a42e0810e2ceebe805d63f916b6b7505e057752e
SHA512 1b8bb8ce363f7b5db7fe6648f518d0d528cb47bc90f5c80e66d8928b79f7912879b1c35ec6944d9ff91cb70c84547b9e46758cdd315e299453016da3cc24bed9

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\MasteredForiTunes.png

MD5 67f1b4232079935a9998b0395a6b7c10
SHA1 ac4bfc88ed92cb526720f9cc9b4a377ae6a7a787
SHA256 95f0affa39a202e292a5f630a2524c8de31b6478304e040ef06488d9dd1e9f0a
SHA512 410e56ec048d2033e7e05202fc09575758d5c5e441146bd89070106108f1332e3ed3b8868238c78f18c0d641898607ecf1c704f51234d741f0693868966b0219

C:\Program Files\iTunes\iTunes.Resources\hi.lproj\[email protected]

MD5 7676be0b698ae5a36b25772f547142bf
SHA1 4f5ab9344fc8cc6de692bce6881878185b96bd4b
SHA256 946361d40f1b68a0cc29004ad4f55522c648023004e6adc9975e90b6e382657c
SHA512 09f77f33a281a5d4ab712b2f43f01da729085cbc27a973c8f34e3fe0cab1fc515f9dbc45ef35ed9d0a04aa76cf26e98d0c78e8b1805f12560e2866239bb9248c

C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\DeviceCapacityBox.png

MD5 8246496c258d58712c0a972bece0d69a
SHA1 65f4a403895354702552e2769cfe7f480a70ea6f
SHA256 f930036e7cae52b4022d979fdd6274d8604ca4c7e6f14495223dd78c17bc19a7
SHA512 b1dc4bfc186762e414ece274b158f10fefaa86ec373c732c804381733a7c17cd56e27331ca7381e7e9fb795c04a4a09ac75642684f36f99d4c2ae2871dd8d447

C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\iPhone License.rtf

MD5 cb4f512972b12e3b783e89704cccea3f
SHA1 e64cd7091224e3449e15e4ea664aef256534183c
SHA256 b636c8c51b01fd142af1134448763dc526041f3fbf635e841b0c2882254d64f4
SHA512 8b9abc21f291f53ae89b16f1cd9403bb881f9fa9140cb919e0fd5f4ef8544dca0359b7d5e45f54e3ff74eeccd4d9f0b62494992a58c6e230e4467015a1092988

C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\ViewLineItemUnsubscribe.png

MD5 001e313e3be5e546cb50d86cb65dec8c
SHA1 e7feac3aa8b53b2670077ae0254a2900ac579467
SHA256 59a9ffdd81daf97ceb9e66f1e29b292dcf78373eef8df94038df3845d3e6d5a5
SHA512 26329e02aba9b0ed9295dcdc0834a7b2a75aa05843365490ae0d86f787159967943a8040ab425c10266523e15308c6c52673cd2ac5db7073369bd76c0777278f

C:\Windows\Installer\MSIFD0E.tmp

MD5 93394d2866590fb66759f5f0263453f2
SHA1 2f0903d4b21a0231add1b4cd02e25c7c4974da84
SHA256 5c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b
SHA512 f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk

MD5 680b862ec54fbc504a1ee1847f160e49
SHA1 2b0584a7d2e00c337faedf5ee084cee5545f7d80
SHA256 f5b207b18e431363b4b88d3fe321a7f16be3b60fc2eb065fe1e7e24fa898d2ee
SHA512 2322d2dba6851e12e4196a190ba7ca8772e9a9e604099b3c2109ce31469482a0c8ee521b8ef834eadb4078b4f5f837b53672ba27a2360798a02250d8fe73548f

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk

MD5 b232bb048ae98f0de5d597066c22fde5
SHA1 07a9713d193af91243ff6c1b2d75e7089f6a7ba6
SHA256 f97b74c859dd7f3978a697813c0fecf10998421309fd1d02e2bc3ebe5542b063
SHA512 0fd1ac94d2b9bd9a311084ce2306960a7f0381f63b2cb1cdb94e41a96689638f097f8e8beb59c887363ac30d5e62b564952d13543137e6b694ecb594a5163e2f

C:\Program Files\iTunes\iTunes.exe

MD5 f76984d6a5d80ead9c597ed723a3a4d2
SHA1 161b2b74aded0e27d60ce71e8e1cb81d20caf527
SHA256 985fb377ba59ef405cd7591b646cb17ee6cbebdb8fcfa33f4510c6e9ae7dd16e
SHA512 c43903add9fac4a3b1628b32fe173c5a3d9ae2aaec85b3a4530a86b798a5a1db58923750f3da36736b0f04f5180a48a13036a4f4ae66312838feff360b800a83

memory/5316-7660-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Config.Msi\e5a18bb.rbs

MD5 e28e7ad1c6c457c29f9e32c63a8f8aad
SHA1 0d52ed6359e7773bf48fe2a10ab25dee0929aafb
SHA256 6cadd385b30906af6a7af18d9c77f032a2b9ec4d340025aa9775f134be1a7adc
SHA512 1a015fca1b11fc8600c11c27aea35fb975c3812dd27413852a9d4c562732dd39ccfeeae2e2308f5675e890e6af3ad892f61bbcc9cfdd4767a3fbe94965fcb792

memory/4068-7683-0x00007FFB31ED0000-0x00007FFB3394B000-memory.dmp

memory/4068-7682-0x00007FF785430000-0x00007FF787A0C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist

MD5 8f770dbbe853e44d5b119b80dfbc62ea
SHA1 6cee85554518d7a001a00d09f8c9fd1b7b979eee
SHA256 5ffd48bc774b10ccd5150d2fea0fa472bad76cdc0b59ba06962256f512281b60
SHA512 54f36264fb27fb800eb09d6f39adcb3f9da21a89e8e9f586e3f28b96c7dde75fb8a0a8a4bba69ff72a1147e901df16c96b47f7d99defbe4d06cafd1e646271af

memory/5316-7713-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist

MD5 f1d72378ef9eac50d0cdca42693a977a
SHA1 40acadd266c37b5af1b53df3ee8c3a03c5b6b72c
SHA256 285eefd5e18d162bb370fe3a2b99b2ab514d3a1314bcf5a8c2c7070d86c1c3c2
SHA512 ee93ae2f2e528f7e355cecab732a6729616451665d61a44aefd86cf6d496bf891bffbc890d8016f11bd701715dd27f846b1766951d21c889f05bcd46d93f6b41

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa04740

MD5 e51fdb9a95c62038c1ca9761357a4e64
SHA1 3843d6d7ec78531b595c3310fc55f8baee703465
SHA256 790f43344026dfa62f4c5969530d2c0c22e77a7f825ad9a07b386927bad3325a
SHA512 a12092971165f1158ea6f608e50b3fc8fa64248f205ddd3782e642279d4ae2ab55f8141853a3c8c93c6060e335637e598693c271d980c94c0ac2c7823867f2ec

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.iTunes.{64cca931-4d71-11f0-a49b-806e6f6e6963}.plist

MD5 4c9450201ea591d809927172a5004ee7
SHA1 0c195408e0626bd8ecb4bb6dbcb06e696f9304d6
SHA256 80215326d75aeed7cac5346bd6fe383307a8e13c1f946ded4b8b62affd21e3a9
SHA512 c6c5cafb1e39828a1d7478373d9718917c97d8ad3652a323709d4ae2acb81f252e63cebfcb3843d36f20f5b5c739e4bbfbd31b2ae5a207bca79faa0724ec38e5

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa04740

MD5 39fc76ec25bfc17b9ba2bc126cd51b0c
SHA1 82b11cc225ff6ef4f2adef2b1d61b4cafd837f84
SHA256 0bf2c4c1b5975cbae0098ba2817d47b8c296f466d8aad1692f9f5ad14c24d904
SHA512 4b5d06e3571bd936988cfd9dd6909d0d0dba51d430de605129e4d428cd31dd3c930e3ade88674370d503ef015b123be1d418936398cfe24bbc629419c114e607

C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\F702ADF51A2C7ADACC92D3771879D3259D54CB4E

MD5 61f713638abefdcab8dbed695192a3f2
SHA1 70ba569831332b076cfc524b016131c663d4f2c5
SHA256 7a28934f09994b3dec3f844849c5411a02133dfe91791ace99490b1cfa091568
SHA512 559df47da97f0a7197efbd0be3366b7dfc478e1ea42cfc02c329b4f3cf98bc8bfdafcb9f700117b9f75fb2fc44c48f825eb4da62382d4bdffe21f89c74b603cb

C:\ProgramData\Apple Computer\iTunes\adi\adi-A0F89D8E.pb

MD5 456642126aa296cf2e88b0cefde9c180
SHA1 2a4b1a139a830041c92a572d0404ad734b5ee8e0
SHA256 00bd5f421a69f088c31d40064b9ed6354680f69b98989803c3b237bc114fbc0c
SHA512 d244f1f3b5e6f48a9bb372e25ec86ede690fcccaac6a8d8c0e52ec55dd6b48b48c8f172f4b30aa29aa26adb528aafc3cd2272a4dda4218f511bace9d5a468f4b

C:\ProgramData\Apple Computer\iTunes\adi\adi.pb

MD5 776cd421d2b7a1017ca2892648245108
SHA1 ea376d6d493d77063a47cf34c29b73de6788a529
SHA256 11d31e528358c55425d5d0e087b8dfa75930dcb08e7414e55f9ed65b8c409c8f
SHA512 431fee467272bfd7475763d61e33e76c9355492f55fe42f302cf41291a48f5aa8ee1c62b3bafd9623f366e6c04df8db1daa786c4de2e28fd4d1c01481dab7d73

memory/2612-7850-0x0000000002B10000-0x0000000002B4F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa03532

MD5 b19f6859cfbb6bae0da68d6e99d928b8
SHA1 4b521e706f1952252ecaaf9db8eaf94743352c4c
SHA256 b7be1a50723a67d9f71d7afd6f7f6d30ef85917ba43b27b7c11ea045a04758e2
SHA512 1474e701be5f8a54820c8c0b490f344da466d1dad11b0e410c34299a70e312bb7ac79efebf86c4e18cd3f51eb27f31fab4c3d405919f99631b8dbd3386f8961e

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.iTunes.{64cca931-4d71-11f0-a49b-806e6f6e6963}.plist.Xa04740

MD5 ad6d0d8b168cdcef68e16a5484c40501
SHA1 0578374ab206eb032404e03b5cfa100f635c9e62
SHA256 6a557a96c1c9a23124dd8166f59ebc4fb4c711e1fa8c87f0ae247ab897cb6308
SHA512 05f9d42259cb9ac08b9059c6f00996704d1236d4fad427f7c9dcfbff9388c7265e3a633930168d6181078d7491702c4b5cb4552c58ec3c3bd9b8d04f37dc6890

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa04740

MD5 67be28fa28a83454dbc4707e27d836a0
SHA1 c25c6ff77438ef4ad62cc3cb4c6da051e3f9f3d2
SHA256 f0248dc7d03ef717e01b18fae08d79220836244e4a4fa588371147c917f5fe71
SHA512 76100a30d2ed99b8e23b25926e3600957ba415734685a8e8d648041ab54171ff99578b1c5b95a32334ffc641620adeab02f0638be42e1dcdc8d1fedf4f355fda

memory/5316-7910-0x0000000060EF0000-0x000000006191B000-memory.dmp

memory/1388-7914-0x0000000006890000-0x00000000068D8000-memory.dmp

C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\Platform Notifications\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Program Files\3uToolsV3\QtWebEngineProcess.exe

MD5 5a27bf395e2d7375c549b6c6976baf21
SHA1 9997d224763d4107dbb8d37a77e6d6a47499d842
SHA256 2112be5480733a2e8f735cf392e01ec629d25b5b8e96fa53cc9613ab2409973d
SHA512 252bbee67a9d1675ae947a265b948e2daa0e0a01d6b6085d6c116097d16c0724bd45742881603f8ae6a907330104e378d97b44e89bc38655cb56934f23227956

memory/4452-8075-0x00007FFB444B0000-0x00007FFB448A0000-memory.dmp

memory/4452-8076-0x00007FFB444B0000-0x00007FFB448A0000-memory.dmp

memory/5736-8077-0x00007FFB444B0000-0x00007FFB448A0000-memory.dmp

memory/5736-8078-0x00007FFB444B0000-0x00007FFB448A0000-memory.dmp

C:\Users\Admin\AppData\Local\Apple\Apple Software Update\DistCache\082-11726.English[1].dist

MD5 cd1c8fc295cf354cd9982b94554532a0
SHA1 d3e63b78f9baf518cea2a18acc5fc4912f5ca1a2
SHA256 fe2c63e9753f1ce8687e526f51f7309581abb953c02883e6a170a394920a2b86
SHA512 02d5bd2c4161e63e5c718ed750233492a552f6144b696afcafbc27037b8c306b8d9c4c07a672cd13675d34d4e0de9eec32c7aa5275df6219bf7005fd168d97a4

memory/5316-8095-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_1354245751\manifest.json

MD5 22b68a088a69906d96dc6d47246880d2
SHA1 06491f3fd9c4903ac64980f8d655b79082545f82
SHA256 94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88
SHA512 8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

MD5 60beb7140ed66301648ef420cbaad02d
SHA1 7fac669b6758bb7b8e96e92a53569cf4360ab1aa
SHA256 95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985
SHA512 6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.sys

MD5 9213aa35bca94eb79d366da254e4bdf5
SHA1 e05ee5138270ef09bdaee37b31ddb57935e55cbb
SHA256 5e1c71beb6cfff5a6f149e9fe6e169d087a6cbe63a504fee8d42170284952f85
SHA512 51f147b5822b1adbc524712575a0d77cc28cdf69e3c6e01a81136043fe6fe57c64783b47d59f8e8dc0235abbbeefb658f9dc123ac104666a8f232abc121a6e5c

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\WdfCoInstaller01009.dll

MD5 a9970042be512c7981b36e689c5f3f9f
SHA1 b0ba0de22ade0ee5324eaa82e179f41d2c67b63e
SHA256 7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77
SHA512 8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.sys

MD5 f957092c63cd71d85903ca0d8370f473
SHA1 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d
SHA256 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf
SHA512 a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.sys

MD5 a176718f0df45f60f545cf3e14f4d108
SHA1 fb03c1b53709f65712df5a8318130d9788bc3cea
SHA256 5e767cb0b51b3ba05b6f99a7e46bec275489dcfe874343c9b992843aa1f2334e
SHA512 7af3e0b90cd175b6b6c24abf237dc4395e6b9d2f360ee2cc3721d3184811fb5b086199d4a27f36bce8d6462c2717b3d9e2e1814a9d5a24ea4dc4fea32e6ae427

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.resources\ClientDescription40.plist

MD5 f4a8cacfacacf9d8367062bec459d4c7
SHA1 c848e149eb92e3e1fc185b66ff3c9075d3a89833
SHA256 6dfda830fdf53416e579bb472d0ad35d38e2b4908ca8facb32c1107115ec30f5
SHA512 7d170add75d15e918996667c2ed3e8daaf78fe59a5974fc99208280d2181adfb6e8c842b124541e4e0d62db2a716a59c67ef2870409bc68d1fcb25f8696b68bf

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.resources\ClientDescription40Tiger.plist

MD5 fd5e0a5957e6e850a0fec29a5b4e7778
SHA1 0310df7cd8671079175a4bac08522002d873d08b
SHA256 a409f64fed63229a64cc329757967cf689294ca51a3453f6ef56349e65b7abb2
SHA512 15ca1a5247089e0ec21c169a35d78d26b3d30ef7ed50d285ec41ee791fa6771b7e692fbb9267c4c072f51838b8c3cc33d5fde3903e9bb275aab50a9da006f75f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\CFNetworkCoreTypes-Info.plist

MD5 d255aa4a14ef83a6bff0e8d15cc5737b
SHA1 ff259bbfffca544c54fb2c000d9edbaa904a0150
SHA256 f5fcb0fcd6d7a2b59ed3334271f828604e44eb6bdd74c247ff46385e419c782f
SHA512 b0bfd38933bfc5983717aaa74c943e4f08aefbea114c5843060437b79ee501fe9e89cf29f0c228ca8bfcd3c998e93260b617111096f15bfcc7211198e3cde9f6

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\PACSupport.js

MD5 fa2b0e76f31fba2633e4b5f9af936656
SHA1 cf7d62e0fc5de667a6eeb2665980320f14b9690b
SHA256 c206d735db997f65d265fa42d068744c7b1b1c14bbdab3fda7ec271e1953746b
SHA512 be4aef1bf0276f492f17876adba88bece9f063e90cc87ef2d4a80a4deabfa5031d124dacc1fbe9652765b2f4412057727b0aefaef0eb880fca6ebf5bc7993108

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\types.plist

MD5 7030a24390362226b001bac16f82417e
SHA1 e198838ee05170afeab2313259a5b3f36ae8e82f
SHA256 e57ab8116a2202a4c20ec2eb10f25f145a6a298ded8cbb28420d75dfb35366d3
SHA512 4a94f0b6d7be64772c663d967b6da8041db229f7d191a156cf91e772d9b1bf9e3d613c3fbfd179b5628d55107a23b20a80978e96deca3d4935c4feecd5828109

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ar.lproj\Localizable.strings

MD5 b63479f0ee7e3cf41dc013f1b0d6c8ef
SHA1 f1c099f87f3c48745cff4214909270b2b24fc8b5
SHA256 7924020d9ca8e53d520d53dfcbbaee633ed6801a696692c43f2710d251fadfb8
SHA512 861be0f361098d705331a46c53d6e349553824b5be7d61ea7ae7feee622109e54351bc7e938657faf37f26ed9762dcc336f42632b0de2e8c9c73e9d94b302b01

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ca.lproj\Localizable.strings

MD5 988a7ec9ca3cb97bfb575da2970d2600
SHA1 e4b3efc59c48c465d4a214cb8b6ca0cc25511aaf
SHA256 31e59fd2e43d48f7c84cbbfada6aacd3962c5ddc89ce9630f366f8272201a403
SHA512 868be2afd6967a9b5bb518cae3d7ffa89701791c60c539935525e627eafed2fa31e7d93d150023d1613e73422c0e849bbd20301d1b45522e6cb0684b992e3f0e

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\cs.lproj\Localizable.strings

MD5 aaf2bf0f366b20942615eb5901367b53
SHA1 911dd660e053cd1600014800e16238c5b9edf67d
SHA256 0bae07fe7d8a7217b561869244200a3d860708257d4313d5f32fbaef478279c1
SHA512 03f498e20c9d70288a018439061e96aa8b0cfd45f72eb4b8bfe97ecf1d10e5d6e98ce2f13ef023b4451a64ae665035ce5d1408bed802802498241e69e9ba278d

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\da.lproj\Localizable.strings

MD5 8f7f2df2fca56448d7e6443865c2f0ca
SHA1 2ff994667d2eacb07d33924367a1bc62c612f24d
SHA256 ab05afdf443334a85889dd600ea695e1d84940d5e790ce8f2cef6e22efc9a597
SHA512 9d2454d927ca6a737d8b25e9575e195ba7013d852c4bb83efb98ed084dad16d7e3ff6e2640228b3b09b18c16b7909aa75ed4925604dbab0d6afd3afde3063120

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\Dutch.lproj\Localizable.strings

MD5 2a75ded6b8ca09ae0dc178246dbd53cb
SHA1 8c1d029819ac0a45c24e2edc9ff566c5f2131c63
SHA256 f4113f9543e6e8de2a94eb70ba17d761e4140af2da61c9fcb694df8098d3f707
SHA512 ebfdf1d9b520cbd3befa89cf03f6b983a8d9abfbc4e5234fb9bdcb2e93d1ce35776c2a99c519f475d1bf3e310e98410918b02ec4228d4ce4dd59d57c03d0a409

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\el.lproj\Localizable.strings

MD5 58da4449c708eaeb78082506aa82a09d
SHA1 b24f6150216a511fbf7576862b18dc0a765b8b90
SHA256 b4fe229cc2578499061004644a42c973d4dc395f3499519932a8ebebc88cec07
SHA512 d6e8a81afacaef7ff18987fc2254ef7f0236d78939e40eccc0c8a389c8bc0dcd386f42753e3d655f79fa83671dc3f5cda4f2eb7ddef49db6762265cc4af46979

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\es_419.lproj\Localizable.strings

MD5 fa129e180724260a4a9d9511473edadb
SHA1 c3e8b48d63ca9ffd4f444b85d616a8568b01afd2
SHA256 4f02a5d6c31f0a39b68c8cb34b45dea4a2ad2faf363a95ee81968701153dc63d
SHA512 a65d9ff7507c3a366cafdeb3e8e2fb46d388591989aca0a8ee6e883797f49186920bf93c44ef0a82a55972a060e0bbccdae0481d0abe3f06b087f41b87d4293e

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\fi.lproj\Localizable.strings

MD5 143abb3fdab235aaab9fbdd038e05e5d
SHA1 04b78bc0682c28f638578994dc1ccac3336afee5
SHA256 9045b3c351b44f1d450febe07421c3a24a88cf117370bf2fc1669ff3cddd8d64
SHA512 bdf9bb279ab9ee08f59ca8d48ae63203e27b2569ca587fb3e799a26536393caf251b7830d466d5489613a72b8b7ada369dc61f3d1e901d8e0fa64c9a8cd2061e

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\French.lproj\Localizable.strings

MD5 ffd3d649033c637e0a5f87036e7829bc
SHA1 1a1f76176e30a620ba536a8040de0b1b1b52b87e
SHA256 edc7b90ed31e8e205179bf1b76423b582ea3735e4d3a2c2b8e8a37da1ce86ead
SHA512 a34994db663ddb9e4b2c367427835f9e8f060b201ec38942dcf9a4614401c56903c1040c65950f995ecd7d49dd6669a817f321f97205f46fbe6a4bdead825999

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\German.lproj\Localizable.strings

MD5 257b7494ce6458063e73ccd80d9abe03
SHA1 c6ef4dc93e43d1277ee7a0f1a46a1bbb8d6898ea
SHA256 5fc5efa213c122dad012f1af242a59720882fcd6f0ea9ccff086cc5dc2d16b13
SHA512 e31ad3c72ae43e370994d2e2553511fab9eaa0175b91a0eb65a564ec5a55eb00f1a2b14d264d68ba0a45ea91f120c1377b91d6ffb1ae8624efc62c27079b8b42

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\he.lproj\Localizable.strings

MD5 eeb0d6dafc21381c68c0540500ecfb6e
SHA1 062496448500fecac25a2e41942fb1972755aa96
SHA256 c49bcec8a1bf9f27d378e300463940242a47319633a1c0d0218efbe894264e19
SHA512 54240f23937f8f33c5448797a394e9c4e5f203fb49df3912909c5d05b54f289d5a409ef300a954fe8f3538cc7446e9f23e8ca5a4ccab0b8e3f3aa74301244db5

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\hr.lproj\Localizable.strings

MD5 d0b1d92b910a016bf4e860f1735a3ad0
SHA1 a0c5b64bd8ccff27c361cb89c9f68f0b21a12469
SHA256 18f5f28a065465c5a6288d95770cf2ba3e6bb25a27957b449f900768e2ae6cb0
SHA512 4cf6a956d02d824e95c911209d75c87465bf9dcc460144409460a994fbc9bf7b0afd5ab190355dd7ab5b017b02cb5838b4025115f8f70bf7f62c4312a4e4c528

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\hu.lproj\Localizable.strings

MD5 e3b7230b907bd55a33754928501866f4
SHA1 e1da4e0cdf75ad7c6709f9cd08b8150f2389e392
SHA256 618ee9b9991a884d75151cf06da52d6c6f7068b7d4aff91ee2a0493b293a6e0d
SHA512 ff9269cfd3a2acab7b5abb53627907709cddd897e1740ec447ad4f26ff2ac52a43c3ce719b456c424ba1ef23599e5d473b3fe8f49f17015c3736fdaba65ec04f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\id.lproj\Localizable.strings

MD5 e0a8e5e53832c40fff5c0171bb69919c
SHA1 e500d1366fe0f52c36086b0b67e0eeba692db678
SHA256 ddd10ad95233ad606d03876058773faf0bd75e23de761970771a5151cea320b3
SHA512 205bad0b8b7827106d08fa575c4e6664792f8f8b34f2f55fce73204e8cc039e38ff71f17424965b173e5a2d329619bdd37b6e6f649a6c4207795080798eb0676

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\Italian.lproj\Localizable.strings

MD5 35603494436f5483bc80ed6f269af72b
SHA1 c1b2f361acbbe0441a0f8a81e15a13bdbab2c9c1
SHA256 b9f2daaaaa6a6f157d2b507c7f5252954962e8d8ed6e57c9e70c92f7dd90d51a
SHA512 933b2a55091a7716a64f7db2740a20b5e9df58136ac15c28c3f64a580da024945319aecf111d6ab238220a6c5ce5842a354efbd8665e24d539638bceda962a55

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\Japanese.lproj\Localizable.strings

MD5 6ac64ffc99ae891481e77eeb7be3fe32
SHA1 36eaaf1ba3b8aae059d1474ac2d7a8b4fbd5a87c
SHA256 4e66d140c7d9377aacfb8c9a6cc7e01f837ad7e7da07811dd40f2d513eec1e2f
SHA512 93f55de023ebaf4def201004ae0efb3ac638dcac7b13c24fd0326b62a62caca04248775f0f85f32142b3ed753f2ecbf9ef57dcb2cd4b8b8f29de71c05440db61

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ko.lproj\Localizable.strings

MD5 ce8f0fa6c2f6acb3872ffea8992119ab
SHA1 762b2685163b85bb7c2865c780f1456b4516cd09
SHA256 d705f8a6b2f1fd4d1a89694d64cfae73306f09ba264f3b1bd8ea579d5142f0d6
SHA512 b073e6b957758e2895bfe80daacf2ddf2e7713e8d92d426199ca1328ca6711859260957b1e5097c9d5431a652cd60f06d651964f4479d6bc9b08bf0270c8b9f2

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ms.lproj\Localizable.strings

MD5 6c9954e935baa10cad705d1373a799da
SHA1 53f0b8fc84bf946cb7826dd2807f1bb7a4241b73
SHA256 1e61dea43d77eb1098b4a4510e9511e53a1b9141bbf9f72a9143cd3c89e2bfb2
SHA512 2017a789624823de5b218fe971a9fa742b4c99af564a667e1186dff397b79d594e820bd9d8c3aa206a4551a7d9c1e8c3144994da702bf649fafd046824a4db0b

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\nb.lproj\Localizable.strings

MD5 26bd730acdc5ac7cca4f7f6c458464ce
SHA1 240e53549be6c62f080d5dfb72e1e9ee8de39d08
SHA256 59e34613c58bb72c28f2c81c826b66ec17083d5436009410035f4435a904bf5e
SHA512 9b7f2de5231ede30f054e5ebb0932f3d34762d0ba89ae85a39d8bf8c20f9a44526c086f75d96af1f0b96188508ce02934d7cb618e35ae4354a118c4c67c4af53

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\pl.lproj\Localizable.strings

MD5 96dcb3e4f3ba2f9e4d7b38f4d5574a04
SHA1 2e7e71742f7cb50e9015193f4cb6965e393b4f3a
SHA256 fd8b61535eb6df458a8a799c2e7bfabf6cd7c0232f22cc2e391e058b33a5b3a4
SHA512 351c44bc793a605dc6931520606425c317d18313668ecd28ea97138c88f1c553c765c9359a7ccb4ba0761e3fa715aa904eda6b5ce196c2f1e8b608bd43343386

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\pt.lproj\Localizable.strings

MD5 180dcd8377675931c7dd20a6507fe8a8
SHA1 3d397799dc4c052b287f21c70c9997bd12046390
SHA256 90929ee8b0d2ed297ab1eecece802e6d12da340c421d6f9b57e5640d319d06e4
SHA512 3a222ed70ce6fc88774722617e583247ec7b675bcc53fe2a8c330bd1e71fbb95c7a1f8c37ddfdca641a6176bd7a8f514dd08b1f134e370bfbb6fbeb95b905769

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\pt_PT.lproj\Localizable.strings

MD5 758eea5a1be513676562d06f2be8b677
SHA1 3e5f71521abf5c204061c1dddeda7307b2c84a85
SHA256 1a8252b17cac94aa82d5588c13442f80f4c1a652120c79d8fce096e50396c365
SHA512 6b2ac6ef5d4e7e0eac781b1d8041da4b3518e22d1130e42106a5ccd4abdcd580f02fa3d2017effba383bc6a17186a8aa41cf3f85fca6c08ab80c6f0aa6dff0a1

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ro.lproj\Localizable.strings

MD5 d6e4ccc4902c8fece184b4243a63a229
SHA1 67a300fa8174f1e5dfcfa27b0098a3d25e3a333b
SHA256 496676a45cfede197cfcdc660d398306a487ccb8f8fb7d7559cd06bbc904b834
SHA512 16232ab74a492fe45e71d3cc6cbe749931455c7435e1c204e8242e83adc37ce77dabf20c18eb876918c53648873691847ec15cafface1498b394b096d138082f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\ru.lproj\Localizable.strings

MD5 bc6ec8f3ea945f42aeef109cda23e85c
SHA1 c8818eb4a6ed81417ee1b786fc828038db34bea9
SHA256 b20222b432188522728be00f196b3f23e093dc2db28efd2fcdd270c06e8496ee
SHA512 59ed48f18cae100c327322c4e30433b964407bff7921264adb061841b337ad25c3ff35bffb31634d97076c5de2953c1587fb4ec7340288009cbd9065729dd63d

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\sk.lproj\Localizable.strings

MD5 3f66523fb039ec6a1d79c93d54bb6897
SHA1 80daee3f66c68bbcf7ca0cad37e290d179aa4cb8
SHA256 6b8d32d9c17e9fa14a50af69c5482ad14b9cb261961aba079f0f5b2618a03865
SHA512 f58ea2fe70eb2728692f92095777e879e3bc8c7e06524ed9d96cea9be361cf2f60fc422b3434e1cd65d20a4dd7a7e07905105aeff8998c34137f6648ff2c31c5

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\Spanish.lproj\Localizable.strings

MD5 bdd41ad87458f7b08091cc6b1fe92ab9
SHA1 fffeab1e20bd5b56ae2ff927036f43624c39c88e
SHA256 a6e8811946f89501be1395e4ebaae841ca93eaec478a6704f5624155c153d3aa
SHA512 4c6e3a001c054240724451239668582943b57552e707ccd8186a429a75e22373a2c596330db6a77c32941ed7e80c58398786354a29b4dadacdada5a3dc355376

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\sv.lproj\Localizable.strings

MD5 943d803d733eb087b0e2d825a57a22a2
SHA1 33ebcf62d3da9b33b61969b8375d5a00becd9fe0
SHA256 5a7c5e4d0694a36d8465f81044c89bd2155b0eac8d66671161c4eace47694fb5
SHA512 cde46282cd3bb738c0a24013f5f5d48b54d46b5df892a7853d5ac457424d85789a5b2982c28e13d1934ab69b68b5fab3df17c3832b8cae965a1a6f1eba426ecc

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\th.lproj\Localizable.strings

MD5 268c4a68ff061248738c9279660328b8
SHA1 ff8616c9ff02d26b7d24d136348d2b748f8a019b
SHA256 88a1eea5c12e0d62d9089ad8d0fc8b44a6b50f219617475c32716e43c00168b1
SHA512 d9b02dd4ce7770766a1dac8cc7d274f2395bf31340dad0675adbde745e6fdc2bba475072e1693f91f67d9528a849bbd2c02957f4bf1644dc87030b95c1ba438f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\tr.lproj\Localizable.strings

MD5 c0dbdc3a54b49c71d05872116775d073
SHA1 5f51618214dffd9f53b08da702f456e2b818a536
SHA256 ce9b965642664a416a7ace61b80acd2ccba319789efcac97101ca4d889661bbe
SHA512 ce82bd39bbb0d1090b34578df42460604891a5c2543247d34f1582c5da89bd08e7009af647027d38f23259e6da5277fee596cd88d2ee4d6ea20041eac460fee1

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\uk.lproj\Localizable.strings

MD5 5092b4943281a78edd9ba468fe3d4acd
SHA1 64bf7f31407b21d925979373800801a89eb5feaf
SHA256 8a20acdf8a2cd8b4552800a5dbfa0da8b376e3e9dc1e7a9eb52b93ddba8b2f36
SHA512 f8be301bfbed0193507e7dce4616349a6e48d973ac117f212462f06e6dfd462542cadc47deedcdae16ddf7571e63642396cfd5fa7982f893fecf661ae4f730c3

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\vi.lproj\Localizable.strings

MD5 2c937a02eb0aa17a6a000006a2e8d4f5
SHA1 2e5f1989dbc2bd722f7802f5a1a5503e03ec8a3b
SHA256 a0470812a2c2569bc8265b655d683bf03b280717c34a055f6811e77e0bd101f5
SHA512 60eb99bfd98bac61c7dd24eabc15f21b0a57a805da086d02525aa6bed19d37f4842572ce984aeb40f9387b81ad46e00d3ce9e695768a79742ec9f51c623df5da

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\zh_CN.lproj\Localizable.strings

MD5 28ccb4f3f1babd9b9a1e200c9fc179b9
SHA1 b394556cfc7fe91dc59d318002de65e91cec0e2f
SHA256 a72efe35ed0980bc8d6ec1012c8c1f8ed9253bd7a26b9ba03ffc0db6e49587c3
SHA512 b7ed2cd6535b6eeb4a5bbc7e0e08632446ce6a5312a86f06a5a4a9a10283b8783043b705fed156cc8d9a1005e8d6714ddb2e8135f0f8f41c6d1ab97335d600d1

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\zh_TW.lproj\Localizable.strings

MD5 557c29c4ae6aeae8eb8940bd2e66fb61
SHA1 9ff8478f740cd4ace7059ef464f6a9539a412bfb
SHA256 e36027e8fedb625b0713cd1ff3cc4fc78ede573ce3b37c27c2cbf37315ca6dcb
SHA512 5bce9ac14f5d01f0abc34d78d4a0464f76388df282352770bd54d3a806af049ed799505c966b9b7ed864bab225602b1ff76f540dbcc70932ba797f3dabb9afad

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\CFUnicodeData-L.mapping

MD5 aa1641575ae08da9be4ca06650b8a579
SHA1 5a486f7c0efd1e5c0bc7179c3361cea888926c98
SHA256 95a9fdd9bb8aa77c9a57e5dfd9b789ab03766abfe72e271b08dbee5a74137c67
SHA512 6fd513c85b241f1c103d427b572c3e526165952f37de446f5b52273dba95cbad669ff72df895636127c74501548823f67c78510b508526c8bbcfcf836488cb7c

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ar.lproj\Error.strings

MD5 8744ca814896e5120e41080655bad2d3
SHA1 ce557ed533321a16c44b6e2b91ed6b340792a23c
SHA256 f2c854966337cbbca1d087524b1057049fad65ad08ccb30fa936f45e567f902c
SHA512 b8800a5f977b6623ae8573dff768be850931bc125023dac399713221a2e27ec846ff39aff1a579d53da6598964a244fc277ee5c40a52e4f2436331d0fef8588f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ca.lproj\Error.strings

MD5 5b8bbbadcaba3e9effb307fabab9b6b8
SHA1 f640604ef70f8f03b69c62da8abe60fcb1361bbe
SHA256 12810b32b5ae54ffdd80c392e3762dda094af65bcc4b2e946b9e5fd9ac7ef904
SHA512 43d0c9ae66e7c49324a2a44f3dd3013fccf6e76540ca116002a77c1604c3a2e6374c182b2109478dc7554130c6004a91867cff256a54fa89be30027683a3d69f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\cs.lproj\Error.strings

MD5 e6bb465c0c84c24d490a233d5e15fee6
SHA1 c3294d42ca0921c16fbef908059a6e9a722fbc90
SHA256 ba7305a291fedc3234a4c6fc2a751df30842b619ad120687709fa2bd112b0e0d
SHA512 f925117d73750d33cd1be05e2e4aeb7c0ce20a06e095f96957a771a2bcd7de4335b0e4df4cf88c045589c220413945ffc3acb30efecb259b739ad18cee7e6817

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\da.lproj\Error.strings

MD5 8e522a9f1efe755a12705e29f9b4abd7
SHA1 7f7113cbe9239ace12a44f149201e011c928adb0
SHA256 9e660848676a0fdff6b6f6ae68973fd99b670349a36ad7ebc56a319cab766839
SHA512 14f43ee624a45bd10fd99eff84c514d77d32ee4e132b21e8a3d515022dadecbecac81bcf5ea61cd2c3d36abea041e16a654921fea70e15c311f77c73fc77bf47

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\de.lproj\Error.strings

MD5 2be887e04f8e279e7cb9aa42f1408d57
SHA1 9312df0b79dfdb0d0b1c5c52cd4227c870971830
SHA256 fe47c21a5b34cc6634716835c71afbe289581b90fdb4dc45165e25fe28f67aeb
SHA512 476f164a90ebaa7a598c0657814155b7948dc042309c49d2a2cfc248c32d8549062b8ab7f03dea643824b6144e4b6257bbef9e9cccf65d9b2141613b80a0cf0d

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\el.lproj\Error.strings

MD5 8548e089d1004f40c8156858bc798468
SHA1 0a0d4a4b843ab15af3645c4c6675a9c3f0e59f80
SHA256 87b4c300541166546dbc8d6ef71f6daf80e8e4b6b0724d6a3838bd9f709235e4
SHA512 4ed1be336a478cd8a6305581f1e356d8e5893f7aa563cd8faa8828837af4fd9f0fe66fb3b52c9bcd6f513c5388c84ea03bf77b062ddf65b6c67506a60148eb3f

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\en.lproj\Error.strings

MD5 2edc6acd3caea3cc1d295aa83c4e42db
SHA1 0a017bb9a5426888e76f6629dc93279dd1e8a40f
SHA256 ea8fc9192d60a78820da393baff637152404078202007c8a4597c1c029cd2bc9
SHA512 f25775a8d62a7935db3de09c20ece9938aa227d354e17b5abfaadce6592ae036577d9afffc804632f9d733ff515e10d05e729e97d3ac64a9db1472dfba664849

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\es.lproj\Error.strings

MD5 c76c4b7a72358da379c0faf39fe1b6e9
SHA1 acfc016321717f0c2cfb76bf155c5e1dc08297ef
SHA256 d1321ff0de3719fddc55357f0e5af6af04530f40d173d5398f9c7fa4a734bcdc
SHA512 33178faabc142ca1c0569f6265464ef297b93cfa4a850cf3b5fec7c5dede19067f391c737af961a09f0f70ff16d2c2ce401c0253a6fb4dd5b02e4a14e9f9fb8d

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\es_419.lproj\Error.strings

MD5 d885bd58892a30421851dcda4bcda7b0
SHA1 31b8e378d5fad3470c209271df66cba9d8b46967
SHA256 995b3f4fb4634a0cadd1286d7b45d8cc9d628d8d14443056f0d2f8eef6842885
SHA512 4edb3bcc43c254edc8939f7405dc1bf4914bfe460accbc9a451c1af1d853e59c0f2fef145fcc0f4b1f6aad3c265cfb0295dcfb84e53b49bee58fc441a0fde876

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\fi.lproj\Error.strings

MD5 cc9b90bbde52d2e64f528f4c5a9a8b6a
SHA1 4d83c8db08466100fab41ac052744dc165572c93
SHA256 3bff46313bebd0dc446e19906fee1bd1da763d7fbae8c0a30178f72e88d4e0fd
SHA512 a7b185468539c470e18a996bf70f41af9c29ae25a952009d36ff142817dd1f208b295b943d25b43f76f13200a73669be78e0f3b89a4b4998c8562f8a679e68bb

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\fr.lproj\Error.strings

MD5 2c446435c0d0d1ad2f1bd32355341205
SHA1 879f2e480562dc1d971e34a4c8aaf8344dc016a2
SHA256 a6a7f917e16619f66df619ea6ca6dab8590d697169a5e37d208fb2579270ec2f
SHA512 743ac4984778f63ef0e7bb8fd1995c874afc5ddcd07a3e8a56f8356bffe673d15a77bd6791ab8c9e010d27cea74bcc371a68a539c25d6fca34faeb8a257355bb

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\he.lproj\Error.strings

MD5 bf986abec72ccc86e69a813424dce535
SHA1 8e297b76ff1b3908a6784bd02ba70a15e6f69ca3
SHA256 c046b7a995626a4de92329301dee8d89076c2d82108aa3a00100aade8661c58d
SHA512 6279c698cc269d6b628b9ae9616c4c3f48855a59b4c39ab731ab095794ceacaf5283116780479f930e4f5baa04601e195cd42dd35debf28ae841a839e6a8be6c

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\hr.lproj\Error.strings

MD5 84d4f1b4d2e7da388b3d44a17fcbb12c
SHA1 079e081ec5139d1a58a3af7c37bbffde7d27480b
SHA256 74acfcd628e2e89ffb6f10d92d97c019e16bd1ba93b3f054b5f1a220dde2dd58
SHA512 55f2644042c8906a0ffd1c1ea95fb8f3d27a3919ac5c41ee315c144c967c28cf3673666c1522706625165a9981374d8eb574f78694721f0d4c62da466ede680e

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\hu.lproj\Error.strings

MD5 3bbbda44eb949a752e19f7438bf0797e
SHA1 757956a010b9843484e86c5982ee17aa19888bbe
SHA256 9def8ca5d38541c057cb079ea62a7ce508f7cd5d601b9012cd16506812f8bb91
SHA512 2cea5847198ad7e6db7b118e913eb55a748f885b78ad948d5c7abfe339f6bd0919afffde98dc01442e1f83a0c0252763f12a3f2cb17711be968907a1349d56dc

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\id.lproj\Error.strings

MD5 524db54430888a08448ba13b7257e4c2
SHA1 07caa31075e86985da46a1582472cf6b7187f097
SHA256 92b616861ae4f59a318a9f30170f05a45ca199b4cc088414808d2a42747fb634
SHA512 50b2144e9fe41e028c5a2421f7b6a74c5456075cd21d77c4ccb5833708fa8f15f405d6a4997cbda527cfc0cd7744e9b89e87b64be76a00e3fdc709bda9a457de

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\it.lproj\Error.strings

MD5 6c5e5067b1f93269de5185b428af832d
SHA1 bd6139f2ac99fae483ea1631a3b432deab1cc21a
SHA256 1391a18b453b08d06e55075b467735ae4b8a915e272a90de41e2aa81ff92fc82
SHA512 a2e8e4f867104a6607e6929c87a388fd6ef2f5e2e8ba2c31e41cbaff9b334bf255c372650f150de03c9379cc51913dfb9f8fca51b3e1460967b4709a258d3e93

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ja.lproj\Error.strings

MD5 9fc71fe08468ed0872811c5a20eac1b9
SHA1 4d45a62dcd5471f6f5d808d0be21b9a51abeae77
SHA256 511d3fc7ffd515942f9f3a0fda579d92efe8eb239eb8a8ac769b9a45a56244f8
SHA512 635217994b81cc5effa29cd25228b2d9831cd3d8abf7ecdca793113364720115b95b7c93c3be4d4112df0b90f5854c6355cfe96353f993c2cedde66b11afc4a5

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ko.lproj\Error.strings

MD5 f415d4bd6995304d9ecc6b459cbf860a
SHA1 c1970a923b9e33714e47e6c954d2b69472b3a4d0
SHA256 6b41fe4976602843b48cc72700c85e93e19d18f8db32910c2407c291bdf9c60f
SHA512 6ae1eef41dd1c6a7675ca5d32e223551cd5abd0bfe1f475ac78d03ecb587fa3711d31932daeb44faab7fb55fecf84b5d77539daf122548ec6e7d709f0454202b

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ms.lproj\Error.strings

MD5 4a13350d1de04d0ad0deb22bdf7cadbc
SHA1 855f6ca7831e7cb0c0228fbbd9ef205ca5b96293
SHA256 d89f9f88de70d1064ef3ed841088af699ec8c9881068f6ca426037810a0616e4
SHA512 bc3af22ab203b59852e2ecdd972d186f31c3214b852d8e0306cf720a18ad3f9aadad604bbf4f929d6f4f1df0348e2540a6ef2b6766a7a8a134d96ee4079faa11

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\nb.lproj\Error.strings

MD5 bf5157a48f11f7f12779cec7ab5a0d3d
SHA1 0f60afe9211de5bff96353cfa19aabef751d1394
SHA256 f320947931297199997247908935c0bef9eca35cf6d48c00ff1114bf35b135ca
SHA512 4c0da787bb0c6e9a2bf3691af02f6465eb334df4ec40f0c819f4622bf247a7bc84ec6cc1e0452a49ae4f0f131b7d1fc20074325cff5d44742fe9df7e5fbd638d

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\nl.lproj\Error.strings

MD5 65d1364e2feb65474927e5186056851b
SHA1 890f264c6e6f0b550ad974fbdf9273ebafb6489b
SHA256 e2b1739edc388983e76c9c1935596e7153f191e789a0dd12e2a5d0fa8faa5b9a
SHA512 90aad82cb1cd7e478f710ba47dc475a473af3235009a1139f1f67c438400ab425396ed9d123988ab64eb21e585dfdb09332cef1008ed1f4633159a350e59dab7

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\pl.lproj\Error.strings

MD5 45d9f8cf8cca2b0810ba850777244c41
SHA1 ab438576c736f352799f5523937dd641c67e5c53
SHA256 ebb2eef7ad536fb6ce5f66a2e69037e650af04b0a23cce97d814bb6f6000d53f
SHA512 058089c3fd5abb3c12e30789e8eaba28202c2780db10fff0a0db1b11911462514040404504c7219abdb555be6c408c8e8d91903716399c4d1350de4870a89373

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\pt.lproj\Error.strings

MD5 d64daf1206d8258483cbc4ba7a974a4a
SHA1 b8ecbd1e33bbc14590dbb16f877a2e433342c09b
SHA256 7284d3d751ca5a2e0e825879e85b9b10633bd48b965932236452bde7e9288879
SHA512 514d450400f5313d28ba9b7b75aaeadf97791775ae40b7aba7e29b88e5381392f2a790a79fbcb79378605fe3dc7b784a7775d9d1bb3610c1471cec5bd3197cdf

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\pt_PT.lproj\Error.strings

MD5 e2eb563f2e2566e86efa5b82c4f54782
SHA1 eac01239be3fbad3fc98205592ab750e8653cd5e
SHA256 587c63d9a85e2c2c9930ab75da3d72afee4e8358e538b12994c7da72723da8f1
SHA512 fa568674737a98ec0715d026cc89aa686c22268115b91dc8892fad64ce1f3c8cf5be51ab129ac363c415d641e1c4f58ffab857ebdb2d42305b49718f1ad25b80

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ro.lproj\Error.strings

MD5 84e94c3379b316999ff8b4062e214706
SHA1 2fe1b980d9bd8985fb4dd25a3f3bdb85dcca6762
SHA256 1899bb92e5d727771d1c3624e46e5f515db4c245dc20b1bafbb07bb3b858c680
SHA512 2a6cb3f1e917c3a75189ecf0f536d430b4692e4a515dc5a5cfbf8ac6a9fb4e210eff207cba3897476ed1cea0c5c785765c8a108a7b44aebb8a4d1e1abd4a8358

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\ru.lproj\Error.strings

MD5 774d7390d225233a1e3078ceb46f00c2
SHA1 8c3ecf1b4dcf0bbfe4e204db067c9823b19d4a06
SHA256 037b4a083e6c2f2c79db63ee4d6f5d3cb24a63a5d25b378b07cfe294869b6b72
SHA512 c04f5fe9a3ad68e948212a046b2876ef7504fa8d1d2bf071b6848b1b39a8de56f6c24e2df6d5b585ac8225fd586a8c599483aea77dd786bfe1a62ce15aff94fd

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\sk.lproj\Error.strings

MD5 c0e1beed2c2fcb7dd9267fca0dce471d
SHA1 8f0fc6fc443e8ae7127ff7f213d9662ca8818af8
SHA256 4a3f6920393fad34c8367f48d93beea4352d12a4983d892caab7a86af05c7077
SHA512 81c11bdc4a959420faa85a6c7016f7f160e7eb92e5fde04ad75e4e6c5cb069e601c1de33d3db7e12a8ee6f3ed94ccd8312b254a4b23c5ee2cc8f896852a38969

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\sv.lproj\Error.strings

MD5 6041f8b3603a5483894b1f42e2a77cd6
SHA1 f3dc2d87872fd2e9bf8963864472baaebcfd8ce5
SHA256 68cf33910fc2df8b53e3fc616c5cfb42b17eda2c69617fc618a67698bd040c6b
SHA512 516422a05efdfef17a4be95721fee17d6768bf059fdc940c4013d5d4f05bd5c063e0326ef28662f73d6365c135a696b64d7e30753bf1a584ac738fdc4d066bac

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\th.lproj\Error.strings

MD5 d582caa56f48c6ad4d06609cfcb3549f
SHA1 55ca0cce047baa4cb51f058f845916ef93108a89
SHA256 58806171b4642f3be0333c4b9e47ad53f9f9fe552dfa33bf40df66f7ee060a28
SHA512 b44fb060d206fe445421141bac71af0c69be1e79cef9d9c5a6fb1ea88b9111f57d4597611fb10fa4c07995c8f7db3dac388474aba616d6ccf272200d8f68a386

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\tr.lproj\Error.strings

MD5 ee78ae40d9a246c6a3626b0f4d08a8aa
SHA1 5d7bc68cfa0f094f9aefc0ccd067695ed57a810e
SHA256 e23ea347757a5dbbec6304167a20479d1d5c1fce617804507599ecbf3bb9d87f
SHA512 fd5a6d7d7e49267b6d498b20beb968698272ca5b130b4c4714bcb8c195eea63d6d936315f52297c050173755659608583460638c491a8f51dd72f84d6b62ebc9

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\uk.lproj\Error.strings

MD5 4f13b3cce1ea3cd36af6c9801c5a9cde
SHA1 db0b2ccabf4ecf24d7c827b99ba87f4a6f667111
SHA256 7caa89faa1591f8363aa4784c43b8e9a4512dd16593332d193ed24b5407a3016
SHA512 55344cec635159ac18307da637a2a1505df6bbc4c03c9c04f83277f43718f84fc3027bbd33bf6c933daafc49a4436190016c69d846b60087b93abf0407376f39

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\vi.lproj\Error.strings

MD5 476288822af17f7450d504721e16bf64
SHA1 995efd1a96ec58c851404e661ce066e09f15c389
SHA256 d8206f6b72ef4f91c3ef68a74b6999538273641a0ee997a1d731ff24f7bc38ea
SHA512 a34fbd4718ae102341a8ffe91143793e3c7a1f252009745a6db03a3144a38ea754ff1d0508ee013b344fb268015397fbd61f7853b9cdd7c59041cea6b86edc6e

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\zh_CN.lproj\Error.strings

MD5 88e86c91755aac0b8b7f5c6c33d0a107
SHA1 3ec91967089d43e1a8ac95e6863b8ca27d46e24f
SHA256 e6f7d7583f51248bf4fe454ffefe7623d303de94d55f84f364d7c2861551ceba
SHA512 86d153971ae33a7634f4cf63edf8263f10fbaf3ad7e9482bc614f93352937e3c42281c64f7a3026ded2bfa8b9a981db75f05f2b6247dc7c8e967500d7f6a7507

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\zh_TW.lproj\Error.strings

MD5 f92956098e09b9a6846a5f59db75457c
SHA1 8104a1e6b3633a79a13fe08242ec2968866d46e8
SHA256 227960093ea74b088b7473103ba4b1a4bac79b9f0aa638fd8d864029d31eaa08
SHA512 7842782c91ddb06c4c3a5feabac023b110be26e32771980987990b313212a1b4e0a43424e264ec0272462b79ec355ad5224e8296a6416852c9f91824c5316984

memory/5316-8560-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Windows\Installer\MSIAB68.tmp

MD5 418322f7be2b68e88a93a048ac75a757
SHA1 09739792ff1c30f73dacafbe503630615922b561
SHA256 ea5d4b4c7e7be1ce24a614ae1e31a58bcae6f1694dd8bfb735cf47d35a08d59b
SHA512 253f62f5ce75df3e9ac3c62e2f06f30c7c6de6280fbfc830cdd15bf29cb8ee9ed878212f6df5d0ac6a5c9be0e6259f900eccee472a890f15dd3ff1f84958aeef

C:\Config.Msi\e5a18c4.rbf

MD5 413b5abdb97475d3f33ee6e34025669a
SHA1 8f8e081622c14b5baf0858760333a4d6864c6888
SHA256 c7c070204d90d698e520b3d470fc6f18e1f5bfe89d11bb2b4ec7a7b2aac970b5
SHA512 7f15f0765abbaeae32e95f16c46d8add184ae157c031199629d88b6e0067b57b5be542174714355ef17ece0d44479b7758dc4ee4e64dda0fab776ceea81fcfe0

C:\Config.Msi\e5a18c6.rbf

MD5 f4048ce55ed2ca9ca9e93db0ecaa6a8b
SHA1 a5786a10386602d73fe0303f814e2bc87bdba310
SHA256 405964db59bc97d621683bf3699a695cf6417c544a1079ce1f7c565843d46d00
SHA512 c36c72157f574d933d727b2128992264229724d7b69746f1553f46817b26ea04aa0c6447be07b5ca52ca497ab1f2558079673e56c5879301c7cd943bf0ad0cd8

C:\Config.Msi\e5a18c7.rbf

MD5 3dd5b0e4cd4ace62e0e2b65f46480629
SHA1 12a84cdc5112958f489a8a2449e37bf1915aae34
SHA256 da41e4cee8f8bbd98c03a91667098bc5144f1aa26b46c61406adf1d7b8bad60d
SHA512 6430d529a26f1cad4a4e816488bf598472c19957d0203afea1390014d4944a1b5888968bacbd7013ad8c727a01108490509bdfa0904a74933fb15f9cd11a8d05

C:\Config.Msi\e5a18c8.rbf

MD5 73fad84db974c5f2a0274a1aa6015bfc
SHA1 c699e26c064912830c39f11c30436d4c76a3d0a6
SHA256 3887cdaaf37f0574ef0fecaeeb026d19c16162c5101491bb350a4a69a5c7fe8a
SHA512 1655badb044498fc255912bc02109405c0aef56b351c020c2e03d65238b7631fa06d5d1fd91c2650e14bcf11e955e17c1fabcb6c406725d581d5b1650bff4c3d

C:\Config.Msi\e5a18c9.rbf

MD5 38a2b9543ba3bd96912f50f38a7ddce8
SHA1 f0fee508c0d734d7c012da1ae7d2b3512daf5374
SHA256 489a64f2b7d541295e54614db8fd188096b90629bbb5d319ecb51a509568c74d
SHA512 59606dcbcca17a48756b24790ed6611b9ca233734236a976f1762ea29a23622475c49dfe6dee21bb9b77f172d5fdfbfced89c3fd713c9aa6ea3bb6c662ac6e51

C:\Config.Msi\e5a18ca.rbf

MD5 3d67a3ebcafcb41f9256ab2f97a8e812
SHA1 474ddd8800a8bd34c10de476e710f7fda90aaaa1
SHA256 d2a3077d93c2b2485b1f6df96d7b675dc953094e9131d209659a34a1deecaa45
SHA512 cc179bf5b0730dcb485c8c8583cdd9e96c406ea713fe1de7d1af025dd393ac212595b37a7b104cd12bfa3d6c99fe7e753384c7b8652fcf419b246b0d1954bfa2

C:\Config.Msi\e5a18cb.rbf

MD5 a1f80a0940dd77583a8802cad4a99df7
SHA1 a137d22f08adff73bd28082fa338291cb9f1ea22
SHA256 09a935974675499596214ed2db92c1c6e96516fd93df3845cc26041a14cd7337
SHA512 eae8b3a68f3d6ecfef5adb351748a1b6d9612e5d5e46e0a3d5dff7c2b466b560f85f2154a7b7c9c73d08b6d157534008935d7c7a7f778843a0145b23b985d1f3

C:\Config.Msi\e5a18cc.rbf

MD5 59d8ea1d9646e94bb49f6443746f54a7
SHA1 6598f214903a6e08b2d49d1d811e2a5875b5578a
SHA256 c88fbd156276d61351e8b99f2d812d1c8dd88cdc40ed8b18bc8eedd961e93914
SHA512 796b53124eab26555eb14316e4d6fc0ab95aa70943be7ccae17fbdf1dbb93ae8e305974bffa8e17330e744446b80b207c967e66a3d296d0a816f67deceb0ecc7

C:\Config.Msi\e5a18cd.rbf

MD5 519a3a7e990f3fefaef77c4bed924e31
SHA1 c65bb4119e268f002a37ab1456a7d4cb2f2c9819
SHA256 9003852e9d866a6144d354b6240679fa9b35144b9492653395640c3b80043f6c
SHA512 ab6325a35d1f0f904a21853edf0d69566cd7087072f35475b3f46bb3b3e708bf4061a76e2610b7045046de214bb129dc09d251498ae70f30526838a09955ab40

C:\Config.Msi\e5a18ce.rbf

MD5 249f43c632a82e9f7369d37bf9ae3a54
SHA1 9b11f4f214056f14838e3ced98d3ea1463bf59a5
SHA256 e8d9d14b7883778a54918477199e9993e59ba4fba352eee2e7e522ac6c48f93d
SHA512 1751117d785b1c46e9fed8221afc1334a4dce887b0f540ead4cc49daba0f2f6736bc517c1ba4febc83a7ed80302fa099a35af73a9311ddc3af9069c549c03286

C:\Config.Msi\e5a18cf.rbf

MD5 526d078076ff4f671f7978e34e2d625f
SHA1 54865788d6c297a545f12206d08c3922ff5c882e
SHA256 c08e013786d878cd631810721646d6553050abda9974dc80c11e9ffc28958b54
SHA512 521bb7d58b996f0693199652295554d24afe9810557f0bb5b17d78376d5c89efbe2561cb39f8c98e5ae3f5cbf1be22f072cc2a5f56a59446895b1be424aa9abe

C:\Config.Msi\e5a18d0.rbf

MD5 d8a10fdeddd30d5ba600c98db0425273
SHA1 9777c27b19e82f4e4437319d4fe896fa8f324d1b
SHA256 8ed6be8f5934609ca463c925991944784a53808cb7224cd126ee6fce0075ff58
SHA512 c09ce70949641b97001c64b4588d5c9f26ba6c0b9954441db4ef8e1b7bcbfd872c1201ae0b5c2c22ab847818986bfc741f7939d25fc9f8937cb7f96b78b8e2ad

C:\Config.Msi\e5a18d1.rbf

MD5 1c1414a1a2925fc066652192b7a7970a
SHA1 948ab017ac00c84e3c76039ac527a1b8eec6a153
SHA256 167721fa8ab031389c0e795f50bbd4ba824bc3f30cd5e0bbd98b9c3f7f0d8ea3
SHA512 fff3c93433d0c4ce8fdebd1c220e36c07a85b4894379a9635302ea017fae8f3a90be4361ae3ebd6f354106e9bdd04c40eb7f71dec48025ff8c6eb9debe3b4a16

C:\Config.Msi\e5a18d2.rbf

MD5 86c2dd95e9e41500b10e82af970a04ef
SHA1 b2ae0a0cd6aabfc3f1df60246435bddf368f27b1
SHA256 c81aa8db1be728822cd83692aeab946b38c6db53941a3b66cff0ff0367041a9c
SHA512 9dc0a776e1efc2710fcf09ed1e857b5cc71eadc200e0613df0f840eb1d22d315f99752ff770b382fae6616a23008f09bc787afa348b2ab7533e43bc0d888b028

C:\Config.Msi\e5a18d4.rbf

MD5 6102a65745afc727818f93db350cbf03
SHA1 208883aceaa2218c544362290fc48adc3c1c24e0
SHA256 0a8723ae8ed425c5030a00c870b5850ca7a45377d4c09ea6880191bd8d05a056
SHA512 51e49ebdb9d1ba261f61aad90213277106552126ec60cd22bec7cd296acf69f7a8d3121d9d504784c4f3f2139a130f4a181b055361f77f3c0df6cb7a49abbb3c

C:\Config.Msi\e5a18d5.rbf

MD5 0e17ac9ca405595492dd86d1ef00d47d
SHA1 58641d77453aee7c5fd4e430f1566b6880919212
SHA256 c57d471f4c6581ed188ac9dfe2b760d4e43fd5d878ae98196ed1e5acda3f6c66
SHA512 4fbd0a8573160641772fd1379ce9f9b8418cecbd1a5db7b95a17058df542ec8204e65bfb5492f7a2c064d6913b315270440b8a01de7191506fd47d57101ac7b1

C:\Config.Msi\e5a18d6.rbf

MD5 e112424dc9fa276db5c0641a8eb154bc
SHA1 259cd8484db1124f4ddfcb728cb37cdfde89c227
SHA256 5489c9827c713602c6abfb702ba23871872cd0120ca5f2afaaf3b7f3a1c7a8c5
SHA512 9b8c33567eab50fcc9ef397a4e55f268a48f88de6f731f91ff06fdca471a338e6aa43e4a785d6e4f7e69b0872ef39139e944d18f6527ce8f5bcc5f6261a4680b

C:\Config.Msi\e5a18d9.rbf

MD5 febae94931cb3e1ff52ddf17e4e5229e
SHA1 d770999ee3a0a14402d807f013efb6638da8c088
SHA256 f474dba31278306bebc1c4bdd65fb2a8314264c2bc01e7795636748f5eac6239
SHA512 b71ca0bde5ea5e194289a567191e812fc7cdfa64546c30721ed1a7bae2c7b4a0062d2f0aeb8adf7873c1de5ab3bff5ce86936addeb51651fa4e1d3da1b619889

C:\Config.Msi\e5a18db.rbf

MD5 311252680e81d12ab13b2232d6ce1f38
SHA1 8c69fca34bd168627eb5b43232de917f82d7fe82
SHA256 2863ca770a369531d2eda73826cd7b445c2a10be7c4733ba09a45271c5ec9f0c
SHA512 ed5caf66b81ea24d056458c7e00c282917ada5ea4796baf06859eb18b4c74fe80cf5e48555da76beb39e69c880d1cfb752798042ab24e70e94838c76a35d7538

C:\Config.Msi\e5a18dc.rbf

MD5 a149f1692e1cb2b15c3c3c504aca16a8
SHA1 079c0b46ef6818603b79bd7eb83c8a1ec0230726
SHA256 fe85fc8cb0bfa285882f395d8ccf62357b0fcf3bb3f543492f6dc8a3c715580e
SHA512 bef97b8b0d7f201c7fb81bc0d105d202944f67ecbaa840d6f09d926f0a4857c3bb50eaa0e5cb40355d9883c319060faf55c5c4c2d1cb1e5d38fc4dcdedf38742

C:\Config.Msi\e5a18dd.rbf

MD5 461d941bdf42d9a5728e8c8f324a1527
SHA1 eb5df865b2a60e2666112a8d6c4886f3cbebbaf1
SHA256 2d612d76b9e3eae1da135331cfdb0c5a17dfc8508663a975cc408da3a2df516e
SHA512 3fbcd95f91803dceb7f5a77e6849c2828aff5d8857871a61926e90612a20f8982ac25c78cab53ae1e4ee9442cda9c1b6ba583562975982b8c5a7482c3527e75a

C:\Config.Msi\e5a18de.rbf

MD5 57161a19ff1be550c684770455074148
SHA1 4d5d3c34ff992be135b6e133b66903fb89adc30c
SHA256 9ba03e0009b505a01ab6f78735d9382492211db645350bab73c97f52b5038e0a
SHA512 a75c67725f899326dd33d2f8e5187df5e074e3ad477bbc762d08835ac433140ccb1367bf01b71734fee44f662712477f8f2deb210a4b021a5550e08aeeb90dc6

C:\Config.Msi\e5a18df.rbf

MD5 4a25b906e8741d6df171e7db6060cf2a
SHA1 a1ca9741a60c7062e371b5dedad7dc7a1eac1d28
SHA256 43783e98a10bc9dafc3734b7f563fd2ea526fe0e42ef5c991e4f38d69db14613
SHA512 fe46ceafec83015cf42c63eed2e3aca2223e7e98d7f966dc5a93fed390bb3bb296b18413c8ce0d0a6de5b3040bc512a7290f3846f2577ab8281e2732cefdc2d5

C:\Config.Msi\e5a18e0.rbf

MD5 51f2bd76626cf45691515b5d577bfd93
SHA1 2500293341f9d8d253688cb4d044af788ec627db
SHA256 b74d390df1fe87c7246c7f374c62c5f9153cbbe1c8542aa355f79ec8b0076dfc
SHA512 3ba20e31732b27422bfa8163a57374539c7769d38f262fd6dfa96924f6af936609020f592d7fbf3be63b67d95dd7a103de3ef68d6aede5ed0246f1359c63e6bd

C:\Config.Msi\e5a18e1.rbf

MD5 987c8857c110b9f683bc75e0e1d6c097
SHA1 c2e543c3a172898027b50d7bbccd9bae5f8ebf87
SHA256 beed066eeb1970311261434f6d00980cf02e0fdf21e7c63c96f036a18262f4e1
SHA512 3e8275dcb8edc24ebfdb185ca463aedd6ae6d8373cdd1adf478e828c9beace664ca2284e808e44f36e4a2a2c5b42fd250f017c26318c08aa3f4886e48024cf51

C:\Config.Msi\e5a18e4.rbf

MD5 8e9393938e2ad56c1a7f29251cf34480
SHA1 4fd02a343d5b7437b781884fbfde6cdb8452e54f
SHA256 3bbe66dbd355c087faaa30c735e964b5ceff0b6016246238e14ec9d222ccf543
SHA512 21c3c145f09c4007c1c5ee0958ecdc9818139bd3e8d3d0eb09fb0d26c807b4e3a7b291209d389aa8a5857560f7a372826e1fcbb3311d19f2c0959f057e263515

C:\Config.Msi\e5a18ef.rbf

MD5 3e0f86e99db7298ac78de994ef850850
SHA1 7ac395a70611096b78f94a734ffb74324db06cf3
SHA256 f7629e2a449a07d5607be9ded12c9eea7e48efa1545c5d57c5e3547ccba3a1ca
SHA512 9cc604ede5c5e8107fdd20e38871aa0b575c29092b4a74a419b01d9b70d457d6f5dbb8d9a0f37c20d3b2cebb5422cb4f7435dcd6583d1c044f6730a935d81040

C:\Config.Msi\e5a18f3.rbf

MD5 682900acb2d9716a937c261f3f3d1301
SHA1 38311aaf71a75d8636b7bd5213b56e463adcbc68
SHA256 fc1b05440fac4fd43f837dd991df795c134be767e030942ddd5a0b5f92018600
SHA512 7ac68d27cedeec8662dc3a1e2dc5a353b9a7c0064351c828f5354fa7e1373e763331887854db2f63e57b56362fdb7d7ee115f77e7bcdd883be4167897c9f165b

C:\Config.Msi\e5a18f5.rbf

MD5 bbee8d4c25cd9677e66eabd15579483d
SHA1 0971ef81f3ce1a1d5af99fb92e2d631e84fd08ac
SHA256 6a6f450d1699a5d63ec1e6799ced68b52b13f6a73bc3f6dbca168ff421a7c1b6
SHA512 0359cf42ca752c609bcfca7390621c1e7e75f43ce942ddcb5cdf32c4b66da430ff81db6f5c084eb4d7042a74c62740f0db12e6e45798d144b25577625bc665a9

C:\Config.Msi\e5a18fa.rbf

MD5 684b4a283fe242eb5f725d123bdb4c47
SHA1 962893d50228e7684ac6cc06a23b75a4015401ca
SHA256 2a730d75fec6ff9a4a1493e2e96b0efaa6655592afb1a1d2eacb7fa4e77b0c19
SHA512 800466b1ade1e7afe13c26b716ee90adff200c0cef1b45ddca832321297c4efd0337ed7e0781346a375500f411febddf453dd1bf6d30154d60775f736a897f64

C:\Config.Msi\e5a1924.rbf

MD5 0a2fbeb0434f2b91d2dc632befeecff4
SHA1 f899389e388ebf559707df1e0332ee04657e65f1
SHA256 74dd52511cedb19d1fdff2eccf80f4c36c48b7335be84e7a6349cf956fb77786
SHA512 6eb520304b742bb85ada1b4eda394fc8e7b04dd8f0ae96aa8563fe6ab96170eee0d6bd7bf185a125b92e739111b96cb6eea050ddaf1bcbaafd52d47ce11683f7

C:\Config.Msi\e5a1950.rbf

MD5 d4dfd40331e0d6a8a7a25a0895d0baee
SHA1 c375b8d2d2e25f4f844496a970540cfcf94873f6
SHA256 d1045943718b17ed04036d6ca566e8626ee8d7c153c1b9092cc82b3e713e6b47
SHA512 997802addc2125a9f94c31bfe4df8232f5f1597cebe89966611ccc0daae01cdd684e2ed24d430869429f13491f166d4ae8656c9b0e1ef5e2d39105e98b5df8f9

C:\Config.Msi\e5a1956.rbf

MD5 5663cc9a64f410e9bd3dd071f0c93afa
SHA1 45cf6ad320eec4c4eb9a8c82c023f34b28420f3f
SHA256 98ec4d4b290dd7c4352296e1768440ea16587c696a299c203c07906cb3b248cd
SHA512 d1c459e515351187c1acef395b2d0887374a8c56db7abb72005d153bd10a85d032e7389e2fc962afcf23120b77751de40d9b94915e9c4f747046ee2bef81b9f9

C:\Config.Msi\e5a195b.rbf

MD5 e8f92120a12ce59b207758a4f5813c57
SHA1 97e88a8f751d7bf3ff0ae6cbe65a2fdfdfd92134
SHA256 a7007dc142fbe549c317414efeb0f74e9ae925f6020ca9eb407afbe99463d004
SHA512 03b9eef3a4312db90f1da56003015f8829a4881e99a1ea81facfafa52f8e8a93ebbf22850a7596b85e1cd6c0d53132ea5fca0484069be1f17d86572f31a1cf15

C:\Config.Msi\e5a19aa.rbf

MD5 69b3130ce593f0ca98a4cfeddd3ef941
SHA1 2fc7757dfd5cfc313adab9626816a13a69fb3104
SHA256 8e8eb5aae32ba9e37c6c2c2b0312fa33347333072e3fbe11f7f3903955859560
SHA512 7c6348d957d2f41aea9ee7001758cc4b04ab8efc68916f9182ff864ed27e142afa6aad3121fef25bb5c28645f4faeccbfbf290dcf8b9cb305aa05118bcd96312

C:\Config.Msi\e5a19ab.rbf

MD5 3aa2cf15c27a3d51f6d5e4b78d265a6a
SHA1 bcf5145ab967bcaea56934176d9204b8e35d503d
SHA256 847ac5ce7b0922d3dcea30f559ed39881105168b38e5f9171d9dac7a5d4112ae
SHA512 0421b50d84f4dc3c760fe0f392da2a01e54b8fbc0a7e6623e952336e0bd246bbf990e0de2a2a787ac2ad93fc9ad47d9a9c45bc1fed2f163f09b23a5dcd39d017

C:\Config.Msi\e5a19ac.rbf

MD5 c180f6b66aa282e4fa62d0438d1bc742
SHA1 b79c645ec7ce8ed5804f2ce7315913aa7ab71327
SHA256 c3b0c4028e223b3c37b529c9873c6eb514c35048ac0b7d99222f469e64e0bf8c
SHA512 2c17c76eca36e484acf2838da1fea372215102a8ad1e15b0b6c2428e944e3076bf65f3c8aeceef12b03ec59726dd62b2446d334c0f73592890b804c6ca331852

C:\Config.Msi\e5a19ad.rbf

MD5 549097c4d30e0623fe20142d50891bdc
SHA1 bcf89775558ad69b64bc071eb36b469bf22d3aa5
SHA256 51e3f1441ae71dba3f3fd1f88c0438a15aa4b4a46fb28e56ae0dc076c0b300fa
SHA512 17a6b84f9ee7ddb1c217203d8bc371332ab11c8f7f6444976c75c4a79590d8f8cfd6cf9683b304e79efbf9dfb69c16642fa75127b5d49fc2abde43e03b1001f5

C:\Config.Msi\e5a19ae.rbf

MD5 296e20b8ee8d78fa7e37839b91c0311e
SHA1 0a25d1a8febeea5303995c21d51c5639b884fbb9
SHA256 494d931e7c17db42ef9b80607c45b27be1e045062a95abec11307d826a95ab0a
SHA512 00283b24810076656080c7e030cbd64e936041af09407400d2c4ba79ffaa2a1f16a951bb138b8e1e148e597af49a6041a89ee26ad1c1824819e0241dbbe894e9

memory/5316-9335-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Config.Msi\e5a19af.rbf

MD5 8ab93bc44c9a9a8f7809bb04dce6ff37
SHA1 4190011ee4d6c84686e80189fddedfc49e40fa5c
SHA256 52af1c437c5d82997915d56db21610f98747eca470418f6055e839498df0fedb
SHA512 adb92b9d9c3096c69e051b47de3cad7e8869817304da6b149a03aa7fa50f2f4399e4e7ae31a29a23ceb65529053843bf92dcd57c0ffcc958162636f5fe8be0b7

C:\Config.Msi\e5a19b0.rbf

MD5 caeffb3a2869d5e2fd691d5fee0f5795
SHA1 6d7c7e1d1bfff71028732743d28479ac2e919cf5
SHA256 a330c2b28422e1694c6539cda7a64da902e6bcd28a5bb0d01b38d17df3a9a932
SHA512 c47ffd51315aa3f606a430f4ec8313899fbdd31e227306785170448dd0bacb4760245bdd5e28d4ae97a025017de9883439a3d9cf62000ea145e56927b00fb6fb

C:\Config.Msi\e5a19b1.rbf

MD5 7be360e3381cb30fa15d89005b049a46
SHA1 a30684ab2ea44e296f6470180dc513f29be9fb02
SHA256 cc195d2b2ffb86ffb6912b8d1430c17f9e756de8c957bcc4e18c0843526211fe
SHA512 580dec6c6afb0a1b12ce05644d0b2d62726a10dee8317b521df3c63a85193b163ed904425f0cc157fc622a5db9c3a6c973b82e24b35b454e006e7fce8dc2b050

C:\Config.Msi\e5a19b2.rbf

MD5 0f373c894b40eda33b406ac184cf4217
SHA1 57895cb51a6a246565e0f2a2bf933f4a378d32e8
SHA256 6ef126b15d251dfe4862b462457a8e41064422b68d98412d4c9fb8129ad8aafb
SHA512 808c42d2ebf53e404a1c1d25835afbe1a222bfe86f8e70555bda6ff242185a27388bf0f00be930de54a9859065cbe1cff36cb7a50fe325710368a715e253a28a

C:\Config.Msi\e5a19b3.rbf

MD5 ddce4f5925f5907bc5468d32c60841ca
SHA1 8e51a42db2778b966036f0a9ba795c50092a77c1
SHA256 f2eaf469bfcde0bc69405c640acd7c05f0e17841ca34cded284b5bcf36186398
SHA512 c0b2ff2616bf8ef0d5f0f7bda2c629454993d6510354024c688d8ee9dd15cb71b83469c10b44779ac8c45eb2d5720c262492c19c65e3b1619835b1a4d9723f1e

C:\Config.Msi\e5a19b4.rbf

MD5 2b0841d3fccc2e299520af8a8109511d
SHA1 2f24e4ba99bc1973d39a2b82a2a1e4c76c0d53cb
SHA256 5220abd4563d4d2ba2455759d2d8aafd02da905359d891e9d87c9eea843812f7
SHA512 5983e3d35780b5cd41acceb67e70e85a8e10971f8df937ed199518a67f5375fe9a4e256e7f7bb78a0d1f9b3c25d31e887ea34d3f2cf7e5db0e9fea82d9920f9f

C:\Config.Msi\e5a19b5.rbf

MD5 891e03266a9823b9854bf8fe6f027e82
SHA1 abddc6b01dba52326190b1540cf5af74240dba9b
SHA256 d988044279adac93bb2e3b489234833f3358082e1988379a6c99b261d420826e
SHA512 e6af1a20238323460c8311000fce073ca4b974738ed561b4cac5aa20936677a33ad2b28f7714e2bd2f892e4abdb139df1ce3141edc698248a3186f199dc96132

C:\Config.Msi\e5a19b6.rbf

MD5 7392a34b1edba73424643ea793027b1c
SHA1 df8de7bad2ed92dc1a01ac1254a6f1aa227ced66
SHA256 60fb829b4c65ac92b6dda6f59c837d726faef18136265e3c8e01328a8a5fbd22
SHA512 98f904c42d9aa3cccf1bfcb74e51c4e84f12c66e35ca1a7e051fbdbab6ce68270a1880f3694453f48cc99f6f5b63e88a8210b16776c77d115d90b21f9da0a276

C:\Config.Msi\e5a19b7.rbf

MD5 8c28911c8c6500aee366f9515b583f4d
SHA1 c2dac0ad77f4fd851e2a6a9179e6fc7997a55382
SHA256 e14bae6cdd0e04daef8e2a319040bd57592e4e6dfdffefdfa25bbe205a1be9da
SHA512 9fc329457ada05cce3338f3aef668a594033318fa6fe0809af41bf9b7566dd8533eccb0175664a6360e35d5acd2f75bd4c371a70bc08673d7bd33601804b273f

C:\Config.Msi\e5a19b8.rbf

MD5 60db22be7244bc3f307876fa75facadd
SHA1 6cb92c86c5097713c5ab338383c1a9e484c8f746
SHA256 794759a52f2ca1b3f2b133afe0fb2a5e2e1b44067f0223d540bceb4468cdf08f
SHA512 246ee15c0bb5f7f25cd6e9da207f43ad7142bf5d224ebc30d47d5bfe26d62e970289168269571df193327e01ded5e9011129857cc7caf1e309ee652c6ddc9fa0

C:\Config.Msi\e5a19b9.rbf

MD5 386d4e6516b7db69c66fd305d5b84f2b
SHA1 d10f2ace7188430fe73f8963eb718283d7a17e0f
SHA256 42be0ff8e25dd802f3c4d245731d1ad31fd2dc3132547abc1df487ed7646b97a
SHA512 86d723665b165d8f48297e6aa1a0f351281eaa08e269692c722b6300dbfc54264486ca536303e14c776b754f456c2108a882ca0da9f3393cde88531b23783393

C:\Config.Msi\e5a19bb.rbf

MD5 bbdd0eeebf0b9d33d2de5e3eda27fb7d
SHA1 f6650eae57dc3aed8aaa48fe0474c07c4614737e
SHA256 61fcff88914eb4b9a7dc5569cbfa9d8f02628d6b1f684552cd3382e87982e9b3
SHA512 3a51f065a96f2528105a40c7b25ffd2643e1aa347f93a191b77b443519a06614829ada3cc2cc2794ede010f9307053f00911850d099a4c363fe1c42c984a7a85

C:\Config.Msi\e5a19bc.rbf

MD5 7006cdc67ee3f25e73a3e72cd1f727d9
SHA1 d5ed4852bc4ac2686303f3713f7e9fa86d62f255
SHA256 9fb2ebcaa1b37c3c1448202808c2730dca07b79a3528f09ce36ec9a8ae406ebb
SHA512 f7deac126c0b370aa0263095bc3885bebcbb3911037bba8183dbf2a94dfc43960759cce76781a5a33892bc43e0e5ac49ad031ac36fde7c592b8bed94dea9284f

C:\Config.Msi\e5a19bd.rbf

MD5 28876b18201ad577d7f27c24f53b4ab3
SHA1 89cee672b486db3839ad20c5e884ab978f72e34c
SHA256 18b6def1c85d178036bb71a22eeec1979b604cf3ccaa83ad795dbba8414a3454
SHA512 35a5ba109f9eec22a975f12d1567577ad85c9a026e7bfb41f28744d4dd40eba97a6cf71af11007e7afcedc689bde931f93593d121cf17836e60205d2b2fd3f73

C:\Config.Msi\e5a19be.rbf

MD5 c7c0caf0304538ecbff06257db42257f
SHA1 aaf92d9ce35bea52d605b969c79d982b9f374119
SHA256 4d93c9d9b4931a559703e503e94db2059fcdaa6267b23339764ffdabd986d7ac
SHA512 d4ee2ec08d4fc95ade87b0d65f4c170c6d1696eb9db7286eb3b041c546d72500a20b033670b488a6a42df13627d9e6aa59b52496c8ddd59760b222f7dcb4cda3

C:\Config.Msi\e5a19bf.rbf

MD5 8324571c11429aefb0b5bf2400afa80b
SHA1 5b98d68d0863d61aef9f1374aee3792ccfc7782a
SHA256 9e52ddecf1c8f241e257030af5057020d74c6527dbc1c27c0ef0ab65c4ebe962
SHA512 012f9a3444b0e51cdb3215923b84dc805e59aa2137eb67700566a61abb746bf8a2795b2c72ad1cec686cdd7efbec86637a4eaefba080f32247ae4ae83f6bb381

C:\Config.Msi\e5a19c0.rbf

MD5 acd0b10ede9a34bdc5c976a3b153d496
SHA1 4a2314ab62ad2ea7aace0811d597d759aea34abe
SHA256 8385dcc52e2667791518e66e9d6c965371b1f6de9f37214685fd834b65076a9c
SHA512 ae13f141d1da0484c1192a42e1dd404c54b6bf3c7a674bfa8fc6b6fbe826e351fab719ec303a6180c4ec80a4245d63f7d851290f7809748dd8b45da37e5c4119

C:\Config.Msi\e5a19c1.rbf

MD5 62e2cafd3b9d7012a6c64daf8dbcaffa
SHA1 7c506da5c8bfc9454e32486e365349291256b829
SHA256 3a88331bc1877dc015481d0d3c096307b5b91fe5cbf2a0016c63d8027b68dfab
SHA512 daf8952d44cc596c00eb942a77683094565c50ccb539d0bf4f961b0f5c1f13922a9ed1a7985ab29569bb7018b9053f2d511dbec5748c8ae0f044712a84c84747

C:\Config.Msi\e5a19c2.rbf

MD5 d06bfce702ebc94a8a285c2e9a810026
SHA1 43c9ff002c9f4c3613e050f48cc74a02fcba3dee
SHA256 aaeb5b17334fe8f398f44296543c0765f3e91777b7afc64abd01b56146c16db4
SHA512 6da24a308dbe1db0a25b1027db20c6aa8b622687ec7a915844653b238429aa8e60e216b3ad8d2d6a133880ac7a539d8f98e5c57def33c8053079263653a95e1c

C:\Config.Msi\e5a19c3.rbf

MD5 a160dd35254ac34c693f05be99fa374f
SHA1 eb4cbbc6741047e47a59b5422c55473a2328a876
SHA256 189838a2c6fbc77141ac53eaeb34faa0989748c099d913ff87840cf6df30ea35
SHA512 a7e13a19a58ff655cf1e382824212b4c9a05c080d3093e0077a6ef106758bbea37776b89d36b13bdaf8eb07556ae5a926ddf6f06bfa8ce44263336bb0d7142ad

C:\Config.Msi\e5a19c4.rbf

MD5 cbff36e3e1147a7f447e50697a3db020
SHA1 ffb348b0ac901b0d4c06b2fc335fb96eb6898bf1
SHA256 3a0c96a6546cc59502b9720f12f03b7037d1f9f9d5a23c9194ceb765f7f58262
SHA512 57e4f64bb224f31ec498c9a5135d84583941aacea9ed126c51183af361026a9f12d006fbc1a94e735188c093a3be23f0b9b2c839a603276c4ea6080a3a7e4fe3

C:\Config.Msi\e5a19c6.rbf

MD5 4f4b03e798c6b1ee9e94a898e08585c0
SHA1 cc86d6df21abf5f6ba3ddc9ab41e6f38efa19232
SHA256 9db52089a7ef223ea9fe710330a9dace3244fdd43d914f60f24fd529d5303cc4
SHA512 dc4a2496cd85037606df1d8915733b476c5d1398a7edb3db962eb9ada5940cbf8f11f2d7596156190086a302ce0131ae8a65ed83e3fc7302ba1085087e842d77

C:\Config.Msi\e5a19c8.rbf

MD5 e90573afe2137626846fee30392b095e
SHA1 59cd01c72e33afa3b0ab6424313eb4f160800e11
SHA256 d50936fdf76cfee739b0c64b61a42adf4b2276134fc97bc86c53685d240747a6
SHA512 4f7813cecb75b3937f5c1c2e10278048ddcaf217f735acf0a553cfc2772df1c39016d02257459e4dfa5b65383e3799161e32abe5042c5eea761ee9a3aabfe670

C:\Config.Msi\e5a19c9.rbf

MD5 09c8b18cf4b44443a867d35101fcc820
SHA1 982f73d087641ccd817acc5f85aaf915e5a26708
SHA256 3b17a6351c1f0e046d5e8e1a37b3d66dfcf0c8d20c50d122e9cd66e3376b1057
SHA512 a3cfc0f9a5f882477a83559c07d4b98760def72d41b1f9d5839f3a1d48ecf7c89ef406fac8b31ee5db251f6a2e506d0d5f9a55e55d79c771b2ad4ef0c36a4f98

C:\Config.Msi\e5a19cb.rbf

MD5 19235806768a574adb4e06779817ddc8
SHA1 7926b32bf9093099bd7a0d0f9b6ec828df0dea92
SHA256 16460ae4731a2fbc04f44e1730685d390c59b09fd7391460a5d7b152e8ddc972
SHA512 d0523fba86fe2fd1f1624f03721d95bb309245f6040c3d7dc10a9038f05643713d36a2e4728abfd7e6616556df0710830aa7b57bed10d61a12291a513085b340

C:\Config.Msi\e5a19ca.rbf

MD5 d18fbed2919a5aab6f2e080a03b7d3a2
SHA1 b83070c301a31b5b55de3ccdd81d0c4b7f0771f3
SHA256 de2f5d355c0e0e2c28946069387cca189013085dd4771ff2f63c1d0012f22557
SHA512 1d6b055ed4e92a2d31df67b5ea0eb3e3ba32068bc5dfa4b16b51a293fca08fe2afd11da33e00fffecee58a755661e24ffd20a5ba66d7d4ce38d30a347b2026d4

C:\Config.Msi\e5a19c7.rbf

MD5 87bf2e81aa609133406d6374dacb858c
SHA1 df77348f22f985d4a5e54780ea93c2060ea2e79c
SHA256 4ba5869f6751a3022d38efb190a16fdf7ee492340ede85d4f4f2f7227ae8783c
SHA512 d2fc4608c86dd5508e03cdf1e25add053da97901760e02ee2e10b7c2833984414becf0bc51c0b6f701a55b7f1028f5db571bcdff21ee31b08616a41bdc4e0f38

C:\Config.Msi\e5a19c5.rbf

MD5 9b36b8445c5ca281c0c6135c195d2b1c
SHA1 79d6f36e9fc4b2405616246733c3a34bd713c982
SHA256 09f2d62beba93c2b47816fc58ed6e5e2b6de74d123fbbe1d836b0d7d610c5709
SHA512 649c0b7c0a55311293b126266ffc22d24d23a9152ea106c85eaeafd8083661cc19e548ed4986681d9ae33d84185b50faaf93b305706294338436f2cafa03265f

C:\Config.Msi\e5a19cc.rbf

MD5 f0c2d4bd59224be9e51342420a09948d
SHA1 db00e8e7c7f83fc5d0bfc9046cf220470303c394
SHA256 88ba01d62363007a0c37059febd4ae3f912f39f5eaa6e478554884f789a2c96a
SHA512 1e4892d04c35f8c486bb77057c989ea4b433d6bc66ac339233056a9b76bfa35e1550a3e2d78bb1fe99861e85b90d7c883db43178995ac11da5821b2a6d97967b

C:\Config.Msi\e5a19cd.rbf

MD5 29f1acd6d97658958c2f45fb1b107bb9
SHA1 193d0e52e80b30aed25143d903a073dcc1a5d0bc
SHA256 ad36955e499eb2c6fb5518a4ceb6f800d81996298235fe323a8941364fa2be86
SHA512 38c4f74ae6c5d61b105bc86d0ae2af0bf472e71eff19144b5a41bfb33f66df5c68350781ad823795759910e477759667998fe5ad1151b41e0b62d88bb9194181

C:\Config.Msi\e5a19d8.rbf

MD5 b1f664a67453d6d18353b45a5c08e1f0
SHA1 0d37cfca4a508c05d866717dc6b0188fc4ae16bf
SHA256 e6332f6c81006835bc1252a1c1592f5d4446599917b5ce7f20d0fc1180828ed1
SHA512 c3e9cc738750cf9279951da4ce60d3dc2fd0dd1c91b9a2bffa9df4a3ad186817803bd0486af0a7b223581bee8d91e7fcd8c4161ee2f810120b2da0bb0758a84f

C:\Config.Msi\e5a19d9.rbf

MD5 6dadd4274b53c607309b21078c2bfaba
SHA1 8cef4cbd1fdae9e9df430e7e263a21b787dbb5b2
SHA256 37375556be7d6e2904f97f273b59b33a114d9e2251900edbc88ef04d5898f926
SHA512 bc7b999886a5bf4eaa49c82f0ba7e22b5be5ffad745d2a1b5f0ee1f1cd442053bbfea7526c86b95e9ee7d753edefd86aa1812c25a56787334626dbbca8bafdbe

C:\Config.Msi\e5a19da.rbf

MD5 b5d3c883a3f38734713ec578f2a99814
SHA1 11f2daf08583c1b7a5c9b0c4ff5660b91049732b
SHA256 221c82767561d53534366c55027580d59be7a5e617fd33bacbef91e2ecf0fedf
SHA512 399d64c4a27d3e6c5a1215104790abed868f6027b599cca14d49418cefe3dd430eb976ffbd588ec98d53b4438b1f02a971c0c6c4b8f6a91e2e486155570ec39d

C:\Config.Msi\e5a19db.rbf

MD5 27237a00da8c9a27b52b291635c86307
SHA1 21545feb5ea9db98f55d9290939405bfd97efd71
SHA256 072b8eac5be99243c057763e0cf2500e5777c87a17471af845170231529fc491
SHA512 5db5670a134daef062555c7e4c49a5748e53f0af492ae8e3fa6ce9c50af9d0a045c94b9510cdc8b0903566f31d640ec37dc1e8aba0058556975c03b0d009850c

C:\Config.Msi\e5a19dc.rbf

MD5 c566a83855ab845359d75277a51b20a4
SHA1 a62e8847083bda76027e69e7b67cac137df7c2ea
SHA256 213c54bd4f89c474fa489aa114844e9ec9d2c304e287b2de34d2e7b4d8c19a1a
SHA512 0389e1f7ee4deb45cfeb9d16e54bec7d5f06a68fcc14715c7d17899b03c331bedf3348a3f6883832102b837e5691b889efdebc945b778428fcc4193efa7d8027

C:\Config.Msi\e5a19dd.rbf

MD5 26cc50a08301004a550763f3122ae5b3
SHA1 bc3009a90d6734b4026ced08eb2d0db29eaf5228
SHA256 b0d820e40a04e6f564fd0b17c586799f72b59015d4b4803deee23e2638d32cee
SHA512 4d6d37fc7840d97b73787ec41cad09196928feec6a32797536346af31bcb0fc9e0659a36bea7b6a10dfa23db0ace32665131864f6b20fc87669876bbe789afcd

C:\Config.Msi\e5a19de.rbf

MD5 cb7c8a5920d4ea2ff5f6635d49fc29f8
SHA1 bd08b57a05d46a086f3411898067c5001de1e9cb
SHA256 fda2310c0a837febcf2975add0b816042c00bc256a8a20d8c26e25698f4099e6
SHA512 95f1884849b83752ea668b0762e84a8edcdcb9ce8f6092176157a700675bb372a9294cefdaf420f73d9a0826f3378d7a196370cf0ce0e3e1fbfc4e2117d64f36

C:\Config.Msi\e5a19df.rbf

MD5 8c7204816f074771d7d77693d35a86c4
SHA1 8c0d5352e783b95f6a0e79d269e7e94b06d1a5f4
SHA256 15126d10e06aaee6ec44e18c64aeeb1f99967466e4d060011a4735b41427b5db
SHA512 4145425c4e5f381f4a5c7ebe087a40bc7857458e575a81b48465af65726ae59c51c9abe1c31eeb1699d9c96f2ef096c4072afc0557131f87d7dcdfc203c815ee

C:\Config.Msi\e5a19e0.rbf

MD5 7bd5f1cec95df39a3b497844d1670d01
SHA1 233f52cbb8ddaa10e02610d602f92ce79093697d
SHA256 6ef1c478910c478bf7f47f91edca5ef74afcc87a26e38a62154459b60dabceed
SHA512 52f89d1797e500f15e44976d4dcddb30956f4e59f09ff6864357962e1560490ffcdfec1662486c9227719af21270c07654f288fd46df52f6d0b165a132105548

C:\Config.Msi\e5a19e1.rbf

MD5 5b58fdf8dab218c9d1fa3f639268522c
SHA1 40ee77c6b7aa2d175bdeedfae0abdbd9a9ad5bec
SHA256 eda8a7738f9268a57b60c02eab8c6c5dccaff1b22e69ddf4e6b02ef75e4526d9
SHA512 887e8f17c72775f1102a7fd447ffc449c7902b6c72df678f49cf6ac81d5521f6dbfa8dffa281860342449c6cd9093459c682d62707d87a25c5d2b9bcb17410dc

C:\Config.Msi\e5a19e2.rbf

MD5 80a93fdeedb7b495d24a683ee08b8b73
SHA1 1253fe0b4fb6240f32a8d078eef0b78e92706d99
SHA256 298c0e48f49a222c258a590d667a47a05fac590b3dda4a4370e506c03a6a3850
SHA512 c53c02624baade7690cc7bd1dc388b56ed89592096a1795bdd554698e3a82440cf96c2c88191237b3acda5cd88a65b0d3b154edcca05f5768c5e507073a6025a

C:\Config.Msi\e5a19e3.rbf

MD5 dd955020722b99aeb6d4f7566d3cd7b7
SHA1 7c1c4442323ce4fb42ebe3110d6482992663b407
SHA256 ab559663103f4e7767979ddde22fe7bd5e357452126d93ceeadf82cdbe57ae56
SHA512 7fe8aa598bfeff2cb8b3bc3c522d08ce8be54fe45c239cc2b6d7746618c9b93dbc21cdc8c72fc11968343f11d946fb39385bc1b11daf12c5145dd82e00fba22d

C:\Config.Msi\e5a19e4.rbf

MD5 b3b15bd8d83bbe8053fa90082a169d95
SHA1 7ad5c8ba4d29d6af773c7468d02e8486738e3cef
SHA256 2195ad89049378706b20ada2201bfd0d0a5265455ee0919201a81131643a218a
SHA512 dbb9c042a4b5fcfe06c8d4e7dfcf38357673abaa5435abcb559b784ee82ea8361a0f1dd402ee5068a08dc52eeb4b77e94aaf51d18ed2401d48efa6b7059fd76f

C:\Config.Msi\e5a19e5.rbf

MD5 6e9c5f764adf49156e03dc1cf54fdc70
SHA1 bf89f5ca4ab8510c71f7bb96d737ef16886de6b4
SHA256 233b0754ddbaf2a3bf16b38ec4d74f0e8c620a92e92503af351c23b9e16149a4
SHA512 6856351700fd5b5cec78b2552caccd7d3f41c64892791713661d411bfc0075c8f2ac2dd8500057761ac11146d40ecc8eef0be63221e8a2de9364d14ed982b356

C:\Config.Msi\e5a19e6.rbf

MD5 1dc9b808b5fc0938dd53039812ea36a2
SHA1 05720df31431ca3e259c7fa726afcddca618ec39
SHA256 50b1f2372133cba51950fe1512a7050522fb7e88798b1b5b4e4199528813b17e
SHA512 ad56c2bbff1ba8a9fb497729c0fa9ccad6e10ebafc6399bde6bd82b8b6ebb1a06a271504e17412af8eb561743fc6abd5cd7e37339a505890fe1ef8e413be008b

C:\Config.Msi\e5a19e7.rbf

MD5 41d9c719c66c79272a385a1c471cffd9
SHA1 0ed4e0e85f648dc2fb8a3459878b62ff160219fc
SHA256 530fad2ae3dcb8fbacc6ba82557e3d10a6001373ffbc4f96192495d9458c004b
SHA512 7dcd5edac918841218c33dd60817e152a201bacabf47928b876e139d859b139b05d83bb3184bc8e06738625293731aca8fff0e461869facffd5c9af53681ace4

C:\Config.Msi\e5a19e8.rbf

MD5 339e01686e0ec70664e3b165c358d737
SHA1 46f8bb88bafa037066f4c605a48565ebe460efee
SHA256 1376b51b7a8fa906dbb05d0717b28d27acabd5d59ea969f0a6590d91db91a850
SHA512 5e6857274a12a695b2e87ba17cfb6345af81ae19868e3be9931964512748418e3865b9a04182df6aaaea8c1d404199525a861d8d60eea5f1a0915c174e738738

C:\Config.Msi\e5a19e9.rbf

MD5 4295cd19be24341cd33356b86e0df9ce
SHA1 9624388b828d4cdcab3813555d13b9770813a29f
SHA256 fef8cd1aedd695561ee591f559eec2eb0e1fd591768fb68ab1737e19172f322b
SHA512 209c4ff567b62c3a4269f1014271ab07ef508ec2fca2db2fd5b4ca16fb3ccf2d27970301f443f63b5f2dd326148eaf4573f456231b9aeb4d50afc675e6b9a84b

C:\Config.Msi\e5a19ea.rbf

MD5 3a62e4f91e5daa20d4f35205b3b91da4
SHA1 bdaab06f2a0d4057bc13d3c77106aa6b14636c27
SHA256 2e2872d6bef9f8ebe8c348a44f35551c9cd661c87e16058674164fd63b1e173d
SHA512 43e188cb320315f9a73161aeb1941bb34faa167cf6d7a2979824dc675c58a65d01ff2ffbbd0a05bddcad23b75e08e41ec2095d8d71dfbb7a67227198dec33b27

C:\Config.Msi\e5a19eb.rbf

MD5 c1eb3ec5286ca176912d7f06e94be2d6
SHA1 2d0895b6b64e93ebba0c69b61bfc08da6a98975e
SHA256 170f3f20a4f01853e032e17622b7b6364c5cf5b5f683e1d7c99177a168006ca9
SHA512 45d84a6534b0360c9e722afcab8ada89de803d7d8160029ce7df0eeb4a7ae4cc2ad6d30df1c47633e1d521c8f8eaedfb777605884f6394962719360a37ec4530

C:\Config.Msi\e5a19ec.rbf

MD5 7567ec81db2b8c3944c317ff56ce0fe2
SHA1 a03f9a904732486807bf9a2250c5ccea7088fa7e
SHA256 c6aeb784644e19502abf14febc3288361c4d5aa93a4f575392b5e4bf79488f7d
SHA512 7383ab1738fc164731d77b1f4da6840cae8f9cf6c2573ede8d7d05fa5c5c06f035f4f3ab71faa2b279a06538fb10101944b68d8ba4d6829587dc8bbdecd397d5

C:\Config.Msi\e5a19ed.rbf

MD5 01d8cbf5c0cfab1f753aeb92761ca5fe
SHA1 8ab4fd7f7306cafb3f18d07a278115b1da026552
SHA256 a3704ba6b795ffabad3c163ca02d754ff48cd8b9c1e32ea3f6bd21eb1a9fc000
SHA512 d8d1986ea5a695c89ca7ee9b5e1cdf03e0564af75db4582a724718640ddee3f6ff1821c7fe6112a57249ca05ffc709c1994288716c18054381721ed3a91f663e

C:\Config.Msi\e5a19ee.rbf

MD5 7ddbdf3ae1b983997de21942a5cc2a72
SHA1 066068f0b123c8546e82042cc8fe125988d91ecd
SHA256 e409be0726adcca979ba49957f70d73cb26772b3f6d7a54a7a4086db2256869c
SHA512 2faad8f23b44fc031201cd8d1d8481d143c974440b12243b3c1d8edb7532d148c431c762f07013057c53b74480d9ec372bfb3506024124c1ac29a3eb2088616d

C:\Config.Msi\e5a19ef.rbf

MD5 95f9a2904d0aee9c0d1dbfcebf9eb431
SHA1 e2d47b43b2abe41f0870f34dfcebdc3ba3917d19
SHA256 358c934185d4fe24ae6d6ce8b14579b13c16aaf85b2957af1bedcebc2d5d80a3
SHA512 e4e0dbd937d7f8e5ba291af66594788a369a6f962266dedbdb9d4b252b8bd8a4a948d1696670e880b3445474173776732090ea792890ab4cf0bb756564e5ebf6

C:\Config.Msi\e5a19f0.rbf

MD5 7d3fa1ce90a24c2eede69f0ef4af4ecb
SHA1 67e441da98f24cf863d08bc02e1dc05d7622921a
SHA256 70e437b31670e5afb73dd835c91ebe8b002cd445940c3e397effea6673318848
SHA512 2e2f137f914ec78da85bcb220cd42de07ec3d94bd5f19fdb0904f766315d9324e86887279a421cb476718437d841344fe24aae78ae838b87f3a866885c2a2736

C:\Config.Msi\e5a19f1.rbf

MD5 54d17b3eaa90dc3146c266ab1ffd120c
SHA1 d4a4b3867e6179d3eadd21ac2d7ac54505dc4b87
SHA256 2ad1aea03e5155c2a40963b5c671cbea500bb92b9876f31608e0f2782c560926
SHA512 fcdc14938c04246b3e448ae90c4955ad78bb2fc5064e4f6b1984b1c6ced346ea93e747e8f663de01942f93086b17ba01cbbb43c61097ac0f02aab4e4594ec151

C:\Config.Msi\e5a19f2.rbf

MD5 563ac815820715f93a3086ac35df8388
SHA1 0584d9f2b67343aea1b0aeecc11f6c5f1402d64d
SHA256 2b65605144fe920ae6c0ed2b8141f0a2e04a1dd27fb1c6019cde25ec482e89df
SHA512 f54b763ba4dc57af4847af4d6a857717ab2f0a644ba58ada2c656e1b9a853eff660607bd17b5be02f3669efa77b95528078c70d8b12721735e98beb88318083c

C:\Config.Msi\e5a19f3.rbf

MD5 8aa9ee7bd82b917e07e4455d49ad64a2
SHA1 02f579804bab32544d27facbf62318d76ed80ca2
SHA256 a15516981645d67f4478917d0af8222665329a30d7e431b3227aaf59c2a90970
SHA512 64823a9fc6e5a759d7bee833f60dcc36944b39fa6c10031cd1e0704cdb444f4006ebeb062e3777a221a0fdf96bbfcb9378eb4a0de6f047783b2000f7be27993b

C:\Config.Msi\e5a19f4.rbf

MD5 c83d058492568167cb0191f4b16cf2d9
SHA1 f6f5a3c756d4e68f5c54236e8b1af830f9d7c8f4
SHA256 50454777c63e43e350d5561deff48c3d29946d1c8127b48133cabf545f86304b
SHA512 a5e1970f1cbdb89833e3fb8bae70d12b52133254e4b04986138bf0d33cc1fff8e816761e137a04a78b994dcedda4cf53dc5eca161041d21353690856117e7833

C:\Config.Msi\e5a19f5.rbf

MD5 812f4f4cdf31704819569e348a11bd4d
SHA1 815e95d08ac3fa13074c131a3bb94191dc1c51c5
SHA256 9a3a6a1b785360249b346f8c8d070f805bcedd96f4f845bc20715d4898865f04
SHA512 b4d093a7076c7056b33d7aa9c6b25d16be8d23f9e890e0cad47ab6d1fe91075f36992c98cfe31b07eb08e2c1b116f2b0c77cdb8e05a9527e0abc1798e947885c

C:\Config.Msi\e5a19f6.rbf

MD5 41b92794e0d7fc9ad83dd8ff189fd33b
SHA1 cd6d7ca3fa6d127579c5c77d4574a72263974abe
SHA256 b0961e1b1270b4838b04c0c0f79ea4bb776592326ad4ede3177f6808e706a13c
SHA512 730a3a03dbbf3063867265639dccc061b32845df6900ca383ea2bb35a63d49adb7c68e134c1c088591214a7697d6d89326935d84d7b4d173ec65fc294703a9ce

C:\Config.Msi\e5a19f7.rbf

MD5 8c9c20f41ebce00a9aaf2cc0289a3eee
SHA1 409110a6edf287cf5dd195b068f725f68682b895
SHA256 7a5b6807712d1761e679fb19a7bdec9485ff511ff0c97574e22e8088bbf6592c
SHA512 a605857a6021ae721a2739839211b4099c0cab223f400561cbc387ca37381427c8cfb04e0e05af53fd7a0d5adb7c8e1c2b7805d66e4b1d0f41407ffd500c98ba

C:\Config.Msi\e5a19f8.rbf

MD5 cc821881fa3e10f876c44e4e4fbf2937
SHA1 bea6cab86090ec6b9b8b0d916b957da844fb8ee0
SHA256 a2ab0585ee4aa2672dc7f310aebc6e625b6e9c215455b796b4182b1c7b9bd18d
SHA512 7f213bdb004428a57837e7da2d93c72909d7900458a9f19b6fbfab4d42b8498ca82710d301bd04cbdf2e6ddd0beb29b88a6fe685ec54e543b4c8a50ac15ace30

memory/404-9629-0x0000000075430000-0x00000000755DD000-memory.dmp

memory/404-9634-0x0000000075080000-0x00000000751C0000-memory.dmp

memory/404-9633-0x00000000751C0000-0x00000000753C7000-memory.dmp

memory/404-9632-0x00000000753D0000-0x00000000753E8000-memory.dmp

memory/404-9631-0x0000000075420000-0x0000000075430000-memory.dmp

memory/404-9630-0x00000000753F0000-0x000000007541F000-memory.dmp

memory/404-9628-0x0000000000250000-0x000000000025B000-memory.dmp

C:\Config.Msi\e5a19f9.rbf

MD5 89169842a1562e4365e2f23b38563e0d
SHA1 1c250907a0abd525af8dcabe546a04691ba91cdd
SHA256 cc0efa72461233988007db6f0d89a7e1d78e739dc830bb776b1f458669451ab6
SHA512 e87e80205b1a66e2846f7b71c2713864b9b447d4f986e60ca516865a13bd2f9ce0d5f90a3c79050d3515eff84a1199857904d67f62a2351e7afc44c872968126

C:\Config.Msi\e5a19fa.rbf

MD5 9d54b336b5a2d03898b73bf3e826336b
SHA1 63c669f255cde03b5b3ac515ce53294ed5f8feb2
SHA256 34bc6ff281a5ed6bf5eaeda121e0aff6439a010d265ce450e011c7c0a3f8a8fe
SHA512 1c335c4d4ef760ef51c9ef577a674871a7ee9e21b8d83770d69af48623a0b14cffb6d6aec7147c75aea2176e516d1102cd53ad2ce3a37c7dc235449a54a9d8ff

memory/404-9635-0x0000000000FF0000-0x00000000029D5000-memory.dmp

C:\Config.Msi\e5a19fb.rbf

MD5 834da362b59c590d889cdfad7cb80399
SHA1 f95c6c81f8b2bb870777e70a37b9ab5bd9a5bb80
SHA256 67713109fcf9a6aa20c480ff20471860fa198480de3a64aa51c1e5c94a16e7a2
SHA512 7caedeef3c9cea200eab61eb909d9de72a12ba7b9fcdcb01ad7988b5a21b464b751cbb496346a4fbd30c2651b0e20696fc6e6fb744c34d2657c0e6d9b5c19e64

C:\Config.Msi\e5a19fc.rbf

MD5 dc54d64b19e1d63d4a0c54be370f1f0e
SHA1 d595b8c816994f6a69bbb1c44aae50b927a689f0
SHA256 b45d1dff2a7ad8d68117a40979d6535107ff14521a8f1e6fecfb18c52ec3aa5e
SHA512 db64c63b796aaec85e01956dec32e6a16cf4b95f9f157f5e6ca42cf17802be6c4f5e7fabe1601e0642587fb3ebf2e5f604bcaec5a1702114d048b1a749f63034

C:\Config.Msi\e5a19fd.rbf

MD5 4a7ebac9f2e325c854220988b0492725
SHA1 469e2ce21d0eb9b2268d0da1be660556fe24c0fc
SHA256 6f615e0a416f393fba3c72de4b29d97a331e8662bd7ece28211b7ddbe7443f23
SHA512 04e38ab1b4d99421dc302122c98ccfc5637c5c872fc043cff449080ce302dacd27bc182de0061a6d80fdce78ba0df7a3a336727af57623bceb8a07086f746bdd

C:\Config.Msi\e5a19fe.rbf

MD5 dbb80e2b61e6f829abd5f33907d8430a
SHA1 c1c6f38d084668960232c04c0026060a8893ee75
SHA256 c595969b68a54566bc75d0548330e54709783201a179b96761e36562f80b1d0a
SHA512 50aa08299d1a22ecc454006d1091fa53a84757861bb701d605dc56ca84e64448cee9a4da3742a420a0527f0d8c750cb963143f19faba58aa0c9cb99eb6bdadec

C:\Config.Msi\e5a19ff.rbf

MD5 4145d647bc525c2ac1d2cdc768cb140c
SHA1 43a19450e1cf228f2f7d066ec706fcca9dd94517
SHA256 e71357ba7ddd0da43d2e4493192936c18be894028ced23cd944f5ba36221a2c3
SHA512 44420dcb866c6e5a565d1c760b602b43ca96e061bf9d1adabca693afdd83eced011d40bc31498304199d6f4c70e4777fc6389b015d869ea44d362e7810990a08

memory/4592-9664-0x00000000008F0000-0x0000000000903000-memory.dmp

memory/4592-9666-0x00000000755E0000-0x00000000755EF000-memory.dmp

memory/4592-9665-0x0000000075600000-0x0000000075607000-memory.dmp

memory/4592-9667-0x0000000075430000-0x00000000755DD000-memory.dmp

memory/4592-9672-0x0000000075080000-0x00000000751C0000-memory.dmp

memory/4592-9684-0x0000000073F80000-0x000000007407F000-memory.dmp

memory/4592-9683-0x0000000073CC0000-0x0000000073CD5000-memory.dmp

memory/4592-9682-0x0000000073CE0000-0x0000000073DA3000-memory.dmp

memory/4592-9681-0x0000000073DB0000-0x0000000073F36000-memory.dmp

memory/4592-9679-0x00000000740A0000-0x0000000074389000-memory.dmp

memory/4592-9677-0x00000000743B0000-0x0000000074683000-memory.dmp

memory/4592-9676-0x0000000074690000-0x0000000074959000-memory.dmp

memory/4592-9675-0x0000000074960000-0x0000000074983000-memory.dmp

memory/4592-9670-0x00000000753D0000-0x00000000753E8000-memory.dmp

memory/4592-9669-0x0000000075420000-0x0000000075430000-memory.dmp

memory/4592-9668-0x00000000753F0000-0x000000007541F000-memory.dmp

memory/4592-9680-0x0000000073F40000-0x0000000073F7E000-memory.dmp

memory/4592-9678-0x0000000074390000-0x00000000743A3000-memory.dmp

memory/4592-9674-0x0000000074990000-0x00000000749BB000-memory.dmp

memory/4592-9671-0x00000000751C0000-0x00000000753C7000-memory.dmp

C:\Config.Msi\e5a1a08.rbf

MD5 21438ef4b9ad4fc266b6129a2f60de29
SHA1 5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA256 13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA512 37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

C:\Config.Msi\e5a1a07.rbf

MD5 9a53905892d9c9f3bf9d295c8b32e446
SHA1 2c5c56ff86fb1e827b2e0d479c529baea13eb561
SHA256 d58e3ff10fd96a22a8e6d2fd76146a282cc45ccfaf2301257e76e7c2771cbd41
SHA512 2dde975e15f95aa9310820cae009f2b04e26b7bafebb42d5822e3917017e4a37e17b0a71825f8f79f075abc1507d7d4d9202550fdd7a53ab54ac0fde4349fe2f

C:\Config.Msi\e5a1a06.rbf

MD5 7587bf9cb4147022cd5681b015183046
SHA1 f2106306a8f6f0da5afb7fc765cfa0757ad5a628
SHA256 c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
SHA512 0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

C:\Config.Msi\e5a1a05.rbf

MD5 b3ca8dd4f087d9af6c2b918e2f05f6fb
SHA1 408009a526c89b1110496d654388fdccbd3c6669
SHA256 c1dacb1f6ddb8d1e7364bbf47d9079e137f4f40c64a51b16f81dbfde7297e144
SHA512 1fa50c13347eea937ed9408fbd806b901018d649589c824fc2f3d218b8ff9eaf48c72f2008a3cf521807ab6155df4b302a152f42a308a277ce6b388f2c495cff

C:\Config.Msi\e5a1a04.rbf

MD5 2bb6b0f10b0a436861f02f7ea0d9a086
SHA1 0e96c00e5f0151e195bf2cea4d8301ad3b078924
SHA256 592680dc8933653e1527b5417588d261a7211f365159abbd9a47986342090416
SHA512 2f72ee5ccb8e8210d289049a06593dd6db097c61283bfdd67dc104518aeb37bc7b996eaff9baaec5da00c1e6508bb1be9b9fb23fcb963e7d28d342b5c718273b

C:\Config.Msi\e5a1a03.rbf

MD5 d396985225d85caa7d743d67c7da6316
SHA1 915d5829ed02171684c2a9e8b3b57f7a35bc1e2c
SHA256 be2ef4f6d540d0ac5fddd556dcb6bfaf6cb6288679e4d64882d625ff35f173aa
SHA512 d7b0df2865bf491c9caf34cbabefb7b7f04b35b85276a59fef0499d02b09651d8f6d0db9e87df4a9a1417f07784a8e5625e9805bc434b87d64e442ab98e24075

C:\Config.Msi\e5a1a02.rbf

MD5 109f0f02fd37c84bfc7508d4227d7ed5
SHA1 ef7420141bb15ac334d3964082361a460bfdb975
SHA256 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
SHA512 46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

C:\Config.Msi\e5a1a01.rbf

MD5 db9c709057fca0c0dfeaf17aac1b6c39
SHA1 21c75a6e658aba023e4877f67e07f01179be024d
SHA256 e4443d0a00bd600c5ad4b68982db804f3e0d106cfa73cac9b8266dc49f07df8c
SHA512 c79106f2d0d3bcb6863f595ec12519a9eefc5967d2e44d0c803d8f9d23ef2c009597c6ce17cc0ad96eba3cd9b034e87507b1d6b2a107c0c37ab27152d8e4b69d

C:\Config.Msi\e5a1a00.rbf

MD5 a9d3b1dfc5757f1ea793fa28a344dfaf
SHA1 737b2738b64f12e42b04da31d3167ec98882f906
SHA256 47596155716aa40453cdb755dfc392e6aa1fc0b3f992db2c5d694e5bb0e7fc16
SHA512 1671a66a8e575935dc9a3012298100fbb7defc11cf87e13b07db7bc7016c6b04bd614bfd5eacf2e356057a2c422cbcc45cb2eaceb17f00ae7ef4606386401cff

C:\Config.Msi\e5a18bf.rbs

MD5 9272adb43b26f392b636777f1118f5c0
SHA1 ef03426d2dd4b14396cb845fe83de20d3443ab44
SHA256 22f9747f61b80baf7d65a111765c42d90c7a229c7d08e4181162b7776bcc194f
SHA512 f4b047186f2a2671408c5247b144b8bcc404be33ff4e9e6bb30544b9af44c6261ff0843947dc506dc549e8800a22d87895038bbfa43d3ff7f34d61ef5e1e1da9

C:\Program Files\Bonjour\About Bonjour.lnk

MD5 7854c8f9b915492e2c03c3d8a5e66d01
SHA1 03f66f6b042595a4cb0a1e05d4d980e907bf609a
SHA256 66cd6553dea151a456e499370f396260c5ca5be52f522588994d5f3f284c0789
SHA512 572c4fdc9d7dd83030700483566b8af1f5d0de225349e9650dccb5b017135079ef7d93b0dd84b1757aaaad02b8d4f810b5b8024b639691d5612a84fad7e2bdbb

C:\Program Files (x86)\Bonjour\About Bonjour.lnk

MD5 7d15e89bbd13ceb9987e208ca4512d8b
SHA1 cda724cbe319be47e2fbd4febaae28be2fd698d2
SHA256 fca6dc9be7439fd44646a5bcf827ba731c0e1dca5916b93ed432473e964a8e19
SHA512 ac576f30dcdb3422c0073e042d000c9567707fb34377487d2d28bc38f4979f7e9423f6ab59580c43a13b148b11852e33adc5140b0838d7db38307131e66ea885

C:\Program Files (x86)\Bonjour\Bonjour.Resources\en_GB.lproj\About Bonjour.rtf

MD5 9e626166d182ee9df2b9782edaf1798a
SHA1 c0078989fb7d872a43a77f4c1ee48412fb0a6c57
SHA256 23835e0a5eac9d4c76bd142ed94580afa45d0aefe52dc503d863a3430ad2d159
SHA512 fb9cf41fdbc54ebe051d164f3f09552451126b78de69e413895314c8eb26bbd0b86fa7c9d9c34e6e32cf1dbcc35d74aba0dbcdce31b9489f3454be4b512400ef

memory/5316-10899-0x0000000060EF0000-0x000000006191B000-memory.dmp

C:\Config.Msi\e5a1a10.rbf

MD5 b028c54fa794c275703bf3f3babdc119
SHA1 4f7dc4a2963a283df429bb8c751598e415e34b00
SHA256 6a27826b490457ccfecebaf98a01325cc1ccecc81917b156aa1e566d141b520c
SHA512 79ca9874ec2b18f70a81a46bc7580786108f329bab287c0ee4df30578831a90a40fdface604be8d1aa8738a046f886a610c3ffadaac48a5164fc7d6004f7cf6f

C:\Config.Msi\e5a1a14.rbf

MD5 53b76c4a911ee4892df5d91930abb355
SHA1 46aef82b84f29bb54585a487033f724b1ab09bde
SHA256 04151f4db372718a1a0b5b611f833ae94b2e74d6f46f047f6708897c6f284541
SHA512 11a62d827219a8afee82822c7986c6bdebc35a738adce1a47eccdf195173e82f7788471fd510d6955f02f426642807a2d3992dda57044d95e7e15ad9e7d33842

C:\Config.Msi\e5a1a18.rbf

MD5 1fd3881e7982cbefd63a6573093c54f6
SHA1 b424a7f3605aa09b6c22a727c865602161838ccc
SHA256 0c26331b75215a2b9504a02a91a7ec886b9721d8764453a48b4c607779179dc1
SHA512 2300415b843d72dfc36014063e78b4684038e778d1ed0dcbb648281c2700fab3026fdac6be36e55669a56f8f0e8189c25b99f079e05646a71cf0a2121e1a26d8

C:\Config.Msi\e5a1a19.rbf

MD5 6a5067a8a8a41542cc7f31161a061d35
SHA1 c9878df717d5755f0a2f71f31ba10c1a5a8a6473
SHA256 687f7b82c26611fe08b18fe97c5b9fcf91d9f282df7cf26dc1df13199b340b13
SHA512 bf1d1dd6aa011fbe89d402ac5bbc7cf969ac55c42cbe7b28fbee8abddcaacf112d2d03d800ff4b12308bece37c370dbd60a864633e9f2452cd1016ef8c88dedb

C:\Config.Msi\e5a1a1a.rbf

MD5 e4a3e4914a42fa318e2cfcc7a974cfe0
SHA1 fd0d87e0d59a0e56f04f0e0efc28c434786d2118
SHA256 ba2d6be9f8aa8f43a070e4f38b22664cd78502e7de1dd3f4d61bb9e39b540c11
SHA512 0a86dd916fa631b294cb8819c2c0b4af8324557bcb33d28f057698012c4059570a4eca94ebf69af74e6e47cdb3b0d9f8daf9711654a59265aac86c5b0fdb1335

C:\Config.Msi\e5a1a1b.rbf

MD5 4e63a1ec637976cee0fed2ac7ea3f6c0
SHA1 6db00ac8282e599532343062fcf33b9b478cc6cd
SHA256 848567c21b0174b83e5cbf977e158088cb397d929cc2814fe91e6613fa5968a9
SHA512 12b3adf901b7e547aeb5bda65dc309004ac07730064ef0117890efb3613cd65669a8b1355131fe0a6eec5af995611bf0f95f979235e33d43deec0b49a42da7eb

C:\Config.Msi\e5a1a1c.rbf

MD5 7e0a6ded4d0886adc99fee2a3048f3ca
SHA1 77fdbd19486b6265ac9833920149972aa36a49bc
SHA256 713c47e915773329be364ac7ee8c012ff21432f4d120aa8de0b2be5638c7cca5
SHA512 975ef81f862c7fa1f51fc9a8d3f076d9bb6266d2a196061be45eaee84d5a0ef7fe5bd924d56da276580a122e9ff60152ff4b1578fe5a95f76535506e148219c0

C:\Config.Msi\e5a1a1e.rbf

MD5 6647e1fa7909e75773805964669979fa
SHA1 1e896aee57db9d77e77f601c8f585f9bf54a6a20
SHA256 02e3cd39e956c4286d106ca200886cc3bce5d020883ee5f8a82e7e1e74a862a7
SHA512 c11716ad9d06a3e5269b7ea1cc5e64f58eb58055529d4d65c0fcdd309bc2b872c3364bd420101c932cdc3d1f28c7b0135b708e54ae15e676508f911bfeca89c6

C:\Config.Msi\e5a1a1f.rbf

MD5 f3dbd6c5c3ed81e28f8ba57befc2d0b0
SHA1 ebc4c8776ea18808092267196f6def0535e912a0
SHA256 88e7a3c48263f62f093ca933694bfb8e0ad482929a9cc88537c96a7e13baeb15
SHA512 8d79cb3f19951d14389f2cbf60dddfffee4e32696345ab158ecaa3a47719b910bb671d5d39f34d1c545831d4123f1cb15b023beffb6fa719fa5d10f8a189660a

C:\Config.Msi\e5a1a22.rbf

MD5 c8562a8e10d9a5c0e0194b48eefdf0cc
SHA1 cb813d0d57619f9cde1181b128ac572e8b467faf
SHA256 b15e8e12973f391e47a2de99f5ee7fa8cd86ef105d1e21a23ac5f869db13ab34
SHA512 c9fbe68d5d7629cf896abceae812187e5d5f3a55ae2d256e46d516e4d82feb13ced7dd563a9eb9ad72d65dc0d2b61b81bfa0723741385c4a121daa0b2a5af31e

C:\Config.Msi\e5a1a23.rbf

MD5 74389616be82976a331dc3a2a5167abc
SHA1 51d0600c32785cdd9d799fb7b4a5d9a503026b97
SHA256 6347f7c16ab8e5797fff5131ea0c013d67f051be1519cf52142e928a5b3b7e1a
SHA512 1297a85f6c07d5dff90eb4a355f8b36bea8cad84b661e6c771de939a5c93d53191501984fea061d6add6c5ad4b6f7ed41077c4027134fa22d2f75dcde7144c46

C:\Config.Msi\e5a1a24.rbf

MD5 0169695544211e46012688e66e9ceb59
SHA1 58d0f2d80b7d945435a85648feaae41816224f0d
SHA256 15fd5ed281516f36d33723da63d76c26c8918e592e1995c7d15d9ec9fe2dc793
SHA512 cc1eeac8eacfb235196a9980ab50c648e2c7e68061038b012197fa39eafc68026b758a792a819519062c0af59bea83a346634b8398b94895bcacf4fad10168f0

C:\Config.Msi\e5a1a25.rbf

MD5 082d4affc2c1a6c1b8439c9296742541
SHA1 852bceae7c5d637276620c0fc141357cc9af27e2
SHA256 993ad2d40d7c8ea08871753b6108e0a8f1f7830edff507414501e69010b57894
SHA512 91d9476f87dfa09d0cad569f73ddcc1848e99e2d2ef04a47a7f21d3d3335ecd2fdfbd937898ba15f31d5381d7d48231f2dd266fa99b8172d38828355b32e2828

C:\Config.Msi\e5a1a26.rbf

MD5 11d6fad916e1d51663eb4024cf4af61e
SHA1 d0f524dd45620a53d50cbc254908fb239884f1e7
SHA256 3dde76786997fcadc0a888530a2b1cace0c76fa07a81233c7e15c8b4023f9bf6
SHA512 f602c11019a4387dbb4e8e3e346716e27fc3796447aedcde47d785d8a5570b284125ab5681ad15f3e30f7a7753798366ab4a36e35674e9439cc19cced8495484

C:\Config.Msi\e5a1a27.rbf

MD5 b875b71de4d8495462549a76389f6d84
SHA1 85adc0bfc1ffc8abf271e94fa38ce3545fec6290
SHA256 4276d8aa0800f33a725f8414ae6c9524d25a13cfa5204d03944022d435e8573b
SHA512 125517261e611f8c6e4da6b859a94a14c804f5a95fd111abeb305de849201450d1361b6bb62a98e8a8765ff7dc890561184df30b6c39d02333a4c19f753b88ac

C:\Config.Msi\e5a1a28.rbf

MD5 8e102e655fae61ab477cb3f1e99d0da4
SHA1 489ce79c50d36832611b8a60e42222eb4f03c001
SHA256 7c6fb74a229d527873e12e3e1ae6a29077dcc98d9eff5d93dc50ea60f91eb616
SHA512 1c6edf62c627e4381f3f75409810326168131c68854b0c2c9697950f0e9acd9eac7a986edd0dc572b09adee37ffce5d81881519e9b548e63fb10382d3e16dd67

C:\Config.Msi\e5a1a29.rbf

MD5 720b1fe3985f5138fa7a5b7924b878d7
SHA1 69542026e6fd7f4860937dca7927d4f6878b3571
SHA256 080fe50e6027efc77e7501f8ee5b890736ea23c46e49467e20a3f08e1cbc1d3f
SHA512 bff05813c4649a19f983ea7a084502f698ca003bccad96d60c4ab4930df198f186d871f9429dc6ac1971b78de81b558516b602596f0107411904f82185b639bd

C:\Config.Msi\e5a1a2a.rbf

MD5 18989069e6b0b0a6f279507399163d25
SHA1 98b207210b3c8ceca7505e8cfac5c76175997665
SHA256 39ec7c3443f9014d32bbe50bddedc0848ed91278f258fae69a684df61fa37998
SHA512 2f1c7154b0a78254954ab4de0d1eb8811ddfc72cd481c6c5facc9587afb0a51b77dccfbccb024c6937fff48039e1279c4ecf53ca819c2ed1fa4df9549932f8c6

C:\Config.Msi\e5a1a2b.rbf

MD5 56392716e859f435f7cb67bb7195b07e
SHA1 45f71c00d87bca7e6d8832acf0c765edf677382c
SHA256 fa4b997ee99524806583e825b622f01c0831439be08071fa8911f445a5eb33bb
SHA512 3403f92999c96f8e48aafde8899eda5d4d4607b255a8b331af594173827f78b16e1d9927899ea5f44979a6160a5722cadf957d8cad9abfbcbf9c77dd94582d22

C:\Config.Msi\e5a1a2c.rbf

MD5 e51340704fabecb9fa4021d5aa0f5f51
SHA1 87c0be029d1b5670e88ad5e13bfbe814e942a35e
SHA256 975f1ba19f362c35423d1d1f387355e42d66b814779df6f7afbb69c2dcea3a8f
SHA512 b0e0119d6f17a9487af2b9a74f9f4b654b2dcab8ce2ea47a153eafe8287089ff10ccb9224362932428c36a5b19ffa129d8177222a02ba0dd185b3f7b61381c4a

C:\Config.Msi\e5a1a2d.rbf

MD5 b13c7818e40fb0fb59224d79ff0c167b
SHA1 691792ca79e81220ed628b1dad18a6d5830ed256
SHA256 79a975b8d9c03e8683421197b26c244c6ada8a3e1fc42d77f59388aaf38a1996
SHA512 bca8c3cf55ebd468f92be5665eadcf5b808f6a63ebfa6cf04c66681303312637cb615c2481308d407568c6c56aa338259652c9c86c469096bdcd7b4676a38a4f

C:\Config.Msi\e5a1a2e.rbf

MD5 9c442665b0ed37c58a6092181b38d4e2
SHA1 a54ce7c1aba738de69666069c05991250715491a
SHA256 86a7326245bdbad0485fc160892061f7957b80612aa44a87530642ff8c9cc4e0
SHA512 8b56d3072f39199f281f4b0ad7a4b3d1de68d86872a29262938fd8e36ce528e5d7edd4345ece9b020ef08bab3a667dbf7c775368098d389e4584f990c6aeb130

C:\Config.Msi\e5a1a2f.rbf

MD5 583b8847a23dbd9e9361d484a91ee58a
SHA1 b71d437f8ee4af9cd77b3a8b85678fcb484cc997
SHA256 23b16fa20436282520acd8559d3b57ebc0b082bd6c8d3395d737bfd7badc72de
SHA512 af252776d5321252276cab3d90e34424a88ab51d3541157a01256f672a30e7d9d089a23bd5e5b2f99b95ebb280562ce39f6d74d108373496d5f2bcab1441e220

C:\Config.Msi\e5a1a30.rbf

MD5 2cb8296ee774beb093841e14b1166b76
SHA1 9d863e42a053544bbf96b01273ef143baa014822
SHA256 81d5d10757f46184a48ef2c0476c6e251284028bbd5627113b95310f7155f53b
SHA512 2d2099ef10ed5514d10f029ac76b869592dce3521a1fc4c09300ce610f6b2f2bac04feb4bd273e56ed1fa79ad61731a12db4d6cfb41a98f2a84556af7961f8a8

C:\Config.Msi\e5a1a0b.rbs

MD5 15bfc42c6b93176c8f055b0509b04125
SHA1 28649cdf372efb3daf6b31c52033d44b63a6481f
SHA256 d8f3fa99fd5a1f4b9ed35355f9936e2f499ec4a16d208acfa8438ad3c7e0e843
SHA512 92bc77ecda68aad412b61867d7dd72770a0830b3d499e47764971bc64e952cfcc8f8f36817b4997a13e0d3072e6329c59bb5afb544d0362b5c09fb9b8d45f334

C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\RichText.ico

MD5 d98ee604b37c67b9ee17f0d3dbc86224
SHA1 b4c0766bca7f0976fcf1fc99add5da037d7355e0
SHA256 4f5507cefdb381248aa5dc244ca192d6c6471ef0079b18763b5345b1601b050c
SHA512 05ff3151c1da10001aaea0fa5229d6280dbf6322f530f5e6c56023892089090acfc375c64dcaaa07c48287c5f8a0bc28dc5338298f78289c83c16efeef31dbc5

memory/4068-11382-0x0000000060EA0000-0x0000000060EB9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 609b7b15215a1066cf3339b30df389fa
SHA1 ea7d36b6433427c3ed7c5c5263c377e49c0dccf3
SHA256 617ed813c5d0dd8931cc60a2491eedb4f5ffc08e9a2e8e1c8595c108616700da
SHA512 a1c6cf489806585f9614e6a1c96ba2babb965614d17881dd5fcf4493032e1b765a0d2573ffd8f8ec06154d0fcf4ed45328fa2e9d4ffffee95bb04a28c94ce291

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

MD5 e83f1ae7107ba9961bf566811e1b51eb
SHA1 fb9c541d9479c12cb035ef3c38e7ec8b254f2e32
SHA256 df82e8fd9394ca9ea385079343ee08abffabac39078a6eebbe71664e52b6ed64
SHA512 4e5846d94fd052c2fc6997450522f2bcc291637d379e17502aba52225fefb92bc2fa181e116d775978cd259aa6af4f2fc3c937e4ff8c1386a62e1e8b05990cda

C:\Users\Admin\AppData\Local\Temp\3uTools\iTunes(12.12.9.4)\SetupAdmin.exe

MD5 6a0d9995affa10fd6d842828c9420206
SHA1 2c011c5ce86139bf35b72e017dff67b2fd54270a
SHA256 8ed8fff282adfb2f025b9d789577cccff5aaf426731615ef16dd99728f0f51e4
SHA512 879439b4840388bb438f6359c458f61d8373632207ae57ac37c45d74060f5337dda7f0b2b45fa0534c305d5ea7fc8eb5de9fddc57fca513796d0ffc754ebd3bc

memory/4452-11404-0x0000000060EC0000-0x0000000060EE6000-memory.dmp

memory/4592-11442-0x0000000073790000-0x00000000737A5000-memory.dmp

memory/5316-11446-0x0000000060EC0000-0x0000000060EE6000-memory.dmp

C:\Windows\Installer\MSI1EC5.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Program Files\Common Files\Apple\Mobile Device Support\CFNetwork.dll

MD5 b91de3c9295d400fb3194f3c41ebc70d
SHA1 9e8a4757f67360e1e636f9c71a223132ed493bcd
SHA256 22d48e85989402243d5a769871db257f41b80046047ad6fe33c6a04b053b344a
SHA512 e2b5761e622966bbc57f76733d090f4adee4ffe03b747559f5db1ab96531722e78a087aa5f55025ce7cba8b931a4841a93e02c84cfd8b64ba94e81138b2885c9

C:\Program Files\Common Files\Apple\Mobile Device Support\objc.dll

MD5 277abb137376a7aaad701f2795d64ea9
SHA1 065c9c2371bd9645f02a3c387a78af77c4df25e1
SHA256 82e2a33dd8a44f48a684a87ba8bbd6b5126edb7e87f18ba1279c09a5e12073f2
SHA512 0564d7372beb2b437813726b1b50dff37b2f12dcdef5382cdad8328e2d4d6ada0fc687ce2dfb747fa5e24d2ac52b9bc95a102f597f1c03acd3fc005ade176ec0

C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\CFCharacterSetBitmaps.bitmap

MD5 714a4d047d00f16c28e33759cf6abff3
SHA1 f04b92b9bb6ab7de4a601a4cc9875ba8071c91a6
SHA256 abaa23c79ee3ad152875f3f68a7c57fb3a70cdd9536884f896ce70ba86eb70e7
SHA512 241e62e42f3c6988994f3b0e84f3934fb5c728fa5ea69e7c96e87f5d50165f2f8ea1c3c014e9c32c38289280e74e944e3ab13a3be981b5a7f405b7ded04a8d21

C:\Program Files\Common Files\Apple\Mobile Device Support\icudt62.dll

MD5 f99eeeab85f45e61c0b538b35dc01063
SHA1 6e008639fe0a477cc4ccc01fa0d36d2e4b292fbb
SHA256 374302eff32578d3d412332d3d50478fa770566d24d056e3c5bfb2019503a1bb
SHA512 239685c607ed67d46edc7a43d0c477550a19c1b25600b96cd4c77850f8d365cee9fce06538e77b8f7051d8de90da2617292d22044fbf39a2bc6bef37a9fb4c85

C:\Program Files\Common Files\Apple\Mobile Device Support\SQLite3.dll

MD5 ddf9ff916f6aa24b15f564cc3338f375
SHA1 d8ba1948d577216838b5088c762877c052db7c1b
SHA256 9acaf722c300fc27d007e3ddad7108559d5b0107653211f5add14989f87d004f
SHA512 c90a9adb2acd92571ff563a79abd4f0ac20e566a55e381945bd8b95f9ac236debd2eb3956165abd89b95e1f2945ed5b7a6e9cd35ad4a716ec058afb262d74e25

C:\Program Files\chrome_Unpacker_BeginUnzipping5148_743406193\manifest.json

MD5 59e5d162c3a5d96b7ebd23712271b96d
SHA1 f48585f462ede55730df40a762f5234dbf67d664
SHA256 b88eec9977c596dc8adc22e39477392f808ebdc61220bfcf373dee09f87e764b
SHA512 1b1924164338dde0a51b852de40b4c422ea69a56c0f7f2d0e87f0c4d861416e1f9f922ab04aef0b808df4f372c4bf12edd147ec34872b97e8aff92d823a695ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.6.30.1\typosquatting_list.pb

MD5 981943717a2f6eec151e0981f42afffe
SHA1 7b96d1970f4137632264395dad561e541d0dce0f
SHA256 10d399c6b6ac4cf794b498459cf7926cc4bf6f862b78baf790c036c63b922a56
SHA512 360feb97c12ba3db31df8b8f7e11cc6aa362b4c704f531df1d6de77d74468d7118d030048251b9ee336682bb6cf97b577f319266fbae609fdb28f6d46bcefa08

C:\Program Files\Common Files\Apple\Mobile Device Support\zlib1.dll

MD5 047648e2fb7bf17228a27f15a9c07fe2
SHA1 50f4278e1254742927882bd5d191ae408b3e32fb
SHA256 c90da799fdd677c1854d609b84a76a2624feb5b855dfb97488e6db7967b8d7b0
SHA512 7eb9df1cbb6c70015477e8fe3fab6414aced334a1993577c842a1faa37645c10c1bebb39c9d58522230a5ad6dc7322695cf2238a2c91e62ae31063e5701c97c3

C:\Program Files\Common Files\Apple\Mobile Device Support\libxml2.dll

MD5 304dc99d4343b93366aa50e2bb5a9429
SHA1 46c44dec6cc0b70f7e391b714dc6f6aa3a20095b
SHA256 1e8a6553c7ec397a206f11cac2eb3b2dd4ae4bee1b165cbe9b2080f346c27ffe
SHA512 8aa9b16d42b6735ff451c8e51a733ec300be4bb32184b749dde0add377752736743bd38eda63a66f766dda5be5f4aa555a4663466d798fe0fd882008b999e1b3

C:\Program Files\Common Files\Apple\Mobile Device Support\libicuuc.dll

MD5 d92a2a91263f2163057e54b9acfc0605
SHA1 62c42367346159840ea9f8e651a4b5ec627bf79e
SHA256 d7f4db0fcea1086da4ff27d147f47c32e367f237b6fb807a548971132bbdbf66
SHA512 f6c4b39cf12344bafe272ef763963340ec5ed41654ceaeb575b2e6f51013b2fb980aa93d87493920f11606ce8915b8a86af26cd772be5923ab8bb2f57340eda7

C:\Program Files\Common Files\Apple\Mobile Device Support\libdispatch.dll

MD5 72805ed1349e2e76421881568a8d7a02
SHA1 3a30d8db3113f45e520ae6e2ea9f9c197861c3f8
SHA256 385a7961ffa20718f30768efcf85fc9f7d67b86dbd9d4591bbefdf69f7165aad
SHA512 de2ad650652e654e20e27bf55d7532dc35f29e95492169bfb8a1bdd7ec8f1f120e279f8098e1e7771859f6536eb4f8aed094894dccdde6da2910c4752c3352d9

C:\Program Files\Common Files\Apple\Mobile Device Support\ASL.dll

MD5 4fb181e09e6325ab98149215bf5aa63e
SHA1 7f45abb4e51034c540ef3bb3dde1c4b7b9ba9c48
SHA256 fc244a5316e5af521f6188115090b5ed22d8ca3f3d7f7bfbd53d0cbbf27ab341
SHA512 edd93632e87f9d84f7bdeca6f6e87f911b02113eaa8fd9d5de2c397dc121ef9874ac5630fcb05a7ca7ca07a8186fc267ec67016a5358c77ffd124130de3fc3e8

C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\Info.plist

MD5 5596ffca74c5aace74655135b7cbdef5
SHA1 062b0eeb23e8bd5841afc93681db96dc5c5168c9
SHA256 2d4a9e1a4b85dfc33b0393fe0a24f838f9d91771977a430d046d910227fc4935
SHA512 27b5bd9416296a16557d6b64ebff3d4ae99065038fd4e5082af1955737e4127b95b5089aa72eb8139d73a43f2f2b9c64a44c9e1fe6754914ebad2760ce06e3f1

C:\Program Files\Common Files\Apple\Mobile Device Support\libicuin.dll

MD5 1eb9ed6b90831685af199a9480ffebfe
SHA1 18e7b798a36dbe04d5964d670bfe4d6e066d5caa
SHA256 ba770ced35ce16468b278e07f85175be4cdc78158d85e3acf1a3f2e834d8c177
SHA512 8e780ba76c9c82ca4b3e5dfdf6f17db58b501abc2ac47b3b2815641f08ec25ed6a6c8d0ed105a421fb1e0a864c2875752510e43beab6720fea3cd85bcb8e42a9

C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.dll

MD5 5f4ec9c2c1cfa04d012c1b43d791f029
SHA1 66905957255241f79273c960e7745050eaca15ae
SHA256 5fda9c96ee55d54e9bef2d3ea0c8102a3269b73742388ab07a030a9756145b7e
SHA512 2171f8893a32a67e8f4034ca1c470f6e83fa052a85639c530f27a2e4986553e08306e7305726dd42cf728942c0da4b4565ab197d7e4dac2169f1014f49f4c646

C:\Program Files\Common Files\Apple\Mobile Device Support\pthreadVC2.dll

MD5 bcef1bf5c4bfe7ec96177f8d573f7513
SHA1 3a3ae4dea406f46b54f358ac3a2d25f4f15efc98
SHA256 6abafd58fb7b5c0450bc411342e2e83fc98f73b68ee8da3d8695b131d40facdd
SHA512 05f2d0295cca9bd7703e4738189925fa844dfa7ec314d18025cbdba9f81cc6065bfeb16f4b566af75d264453a8f33df3db98834f98a4234aed2c9d457017b7d9

C:\Windows\Installer\{CA8EDE78-7A08-4F27-9B31-D6161C095986}\Installer.ico

MD5 42a57b57da632e3ffcbcd946d377fb07
SHA1 7aad7f9fee65e7e217dd27c175f802a33650c405
SHA256 13a6db9efb786bd94d24f11a8be391c5e67c9ea3a5d6824b1db3b7d64405e83b
SHA512 fcb257fe7b5153037d7dcf1aa70021dd416ce48db596cbf407a8b79e8022b25a60079ce489d4af0cf3de4bcf0fa3570134f91c4d323fa9e28ef0037ea1f23987

C:\Config.Msi\e5a1a34.rbs

MD5 84d9dff67da479d299d73ec133ed72f9
SHA1 c4eb22c62ad9a2a742887e11272ba2a993a1f716
SHA256 b8efb6ebd893b6311a63ab526f8b41c632dc07bd7e173f46d4f8306d1945c49c
SHA512 5e3cf383b954299854b39ee695ea7edd60b809c35ccf820178603cf3708ed5e805a8b3c8dab22c7b098517a00a40e0b66f2b794edabd4edf19c6ed6103663e8f

C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico

MD5 278886d870b8fff6092dbfac68a2f619
SHA1 638cea2ef489aecb0fa0e3289ac11b7f54166e1a
SHA256 d291f80d1c5e4207ed3c67a996f5590fee4b747776c6a7bbb1f41d05b4d772f1
SHA512 81b782347a59f6ff78cdfc529697c86b26bf7d1c2faa2629357c9a5e5e91855895d8119be5b979bd8d74cf9c35857621ebbd6529e7bdd24f4d316a4676e671d6

C:\Config.Msi\e5a1a39.rbs

MD5 6a6e37bf3a3efb50aa21ac86576a2e44
SHA1 3f6d36cd4047bff82b9231ef3569d523c920c7fc
SHA256 8c6efb1d1426fbd965568d7e79563ff6d9a137cd2520bd89299baf600ed05dcb
SHA512 e45bd6ceceb0ba45a5b10fb2588acb20f4bc6a3245c828d1b311de43f5badc4b0767a7f178b2c0e1e470d15520418af0f95f03a7ded81f6e5e1971d1169b20f7

C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\0eb0b2da-4ea6-48c4-980d-f2ebca56a48d.tmp

MD5 c9d13cb52b68a92160a269ea151b197d
SHA1 989b3ae882d689e66d15a620cfcee91b589be675
SHA256 64751ca2cebfdb4835433c6ef833ce0ec120126484fa4fe76ff24bf5beff90e5
SHA512 baf1e67294650d5162332713cc2ccda2fbdd81573ccfccadf642d10f2fd4a6781ebf911bae92ae2458051f18e1c2992b8937301201582769c30b83253bbe92c3

C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\Network Persistent State~RFe5c8ae2.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

MD5 9f351aed0e571277fb7e37e620ab0795
SHA1 920d299fbddfc4b73843b906eb4e4f7801d2036d
SHA256 6550a62f16e486286739b2d08ec13b1e5863e76714fbf92b6f8e5b9ba2ed0ccf
SHA512 bea67e2aa65fc628fb037f53f371ea3ab3cbf5a693c162af6cab0b8de280e221357d728cfe0cc2bd38a3928ebfb32ea6fa1f9159c34958cd921a733ab5059eb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e2ddfb3d678796ba6b3270b33134cf1b
SHA1 217442a3bf1df5c74f399d22d6a25d4e17083fd7
SHA256 a3938abf57366b3b39f22b5f8d271bc952761d491d464f615e96daaaa07c3f54
SHA512 d08cd8ef00c7b8394e8d75cc9dc89b513fbaae7d6ae5c4a8e6602c3bd1b11e9f3588b69f9d0b074e81768e957ff4976c12c17be33991e2382d65cf30ddd90c78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1937fba478e1850e6e92b5d5ebaf33bb
SHA1 8e78c06808c6e7df4956d6e5871073da1c440811
SHA256 2652df445cd2ea927a2555688e5207fe51e9259adcdecdc9ff11edbf6558fa6c
SHA512 c50d9c644bb9ff315371125d3049063a73c6db9c72e726914e13c30f3c52a43a3452af744c9e4d8cbdf9d01d7db9537cb523786e35e6d9d78f72e3927d9d10b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73773a42004497d4bec1002a0105bdbe
SHA1 ff2d471f5c37ebe6355bf05f75a6a4cd046cbf2c
SHA256 6a8ec98ef6b40e4e02f0bd2521af949e6446f6a17803aec696f93ad6267d6d8b
SHA512 40df51624daec8435b503fc1d1f681756cfd56f32eb96baed006ccb6eddb849892565cf5cae1d055967df988d930f742011c200ef6ef1944d709fd1d5a0d6992

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5ce98d.TMP

MD5 431b86167168e824cfeb9ef6561ac211
SHA1 bd18e28912bc9b8d715c075010e8649ae719ef3c
SHA256 b6bc9cfc833c8012f0b50dae1298edacf9f4b028171039cdab47b892dca894ad
SHA512 d7eed93172bd5586128c9471b9f30c2559df7198c5a0e81a72767bb93354333211d7bafe7bfcdd5c93df4d371e598a30be8b87ce2f6a46bf6b4b0a1c6dcb0976

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73523ee7d6317c37a79085bb64df669f
SHA1 dc04a2e86c191d92dc656329c56d98586ae8e42f
SHA256 98d6eb460033e0ca39b3e816015a8f7663667d1488b0f1fa4cf721c2e4c88c22
SHA512 449f56fca84d4046252538d84383b7d3ca7258a2d596a79c1e02ad75afa440729cbd908643f304eea0ccbe353d0e11b62ad99d32dcaa1710f4eb1cab1eba3cf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 1a60da62f2e3e71fd44d20da6b157827
SHA1 0643ba99ef6321dc563ab105d84817789e92cf4b
SHA256 eb231e4753e75ffe4ffb8a63bf3e68362f231688ec535fec53cbf4f0d15c820f
SHA512 ce1cfa1c7b39da1ba29186d0a0d91fad43e05150e5a06da05ba8717eff16e74f99a9a3787d5975630614a06ea2ee00e078f9b71d4da5040d38a88d6b48586422

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 82e166485bb0c2ef70b18df1359914cc
SHA1 1e5bd63ac96f6c0df770e6f156f22dd151c0d8fd
SHA256 b881cc33c521cfffb92bf99a7d38d08c992581b3c644f3d206ae9d7859b06baf
SHA512 081c24d5d3a3356c09d88782e94a9b6c7464c2927e3c906b5ad6d5977648aa329e73abe79052f57927b52e56dfd151504f71f82a8fbc0069b2109202b67348d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c8537fd4a32a4f5d50e170319aa6acaa
SHA1 73363b70d15d6a4c5c0888aed8ef7571a96cbd46
SHA256 a42ab8385ec443b9fa1b4edb907e02595c9237ee59583c5a384f5de5b3d3745c
SHA512 4175e9e509bc2d5e173abd518f77288070c78859f5af2e1b929cb99d2c880ccff2557917f0d51a3986849e2148919cf36c91109c587799540672a467f5a04d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c6feb5e99b12b860c190731a8c68365
SHA1 7fc0c14ff1bae5a87af8ae39dd9882809681a354
SHA256 7cf06b353b9650222a4c0c96a3f5b71f1a9a07f803a205825fbd9b6b29ef10b6
SHA512 9c4775e698e977ce699255cea2f561cf7c538a27038df77d65922149a10256108632f77037b3810abed717247feeab5f3005405a631210fd282661c3376cb440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fc0fb702e94dc80194d1f8f28a57a704
SHA1 d15a6e0d72ee1ffbbcccbf54e68aaab1ff4e430b
SHA256 72f70b8a12839c26de8f6bef6513f6c833c2533d419d1814d5a167009a01dfe7
SHA512 69070561194bd9e8c773e9c2c7fc10d5e5ecaa5ccc80eb0982c5cb736edc6567092ca32d78b1f735aa79e46472768ac38a5d8eeabb8037ec9839f689c703cab4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 ba53e3c4b67789d2d53a68ef04ebcc14
SHA1 6d6ee089cf1ac806a3c39f751e51161aaa20d3aa
SHA256 2c58d088c02b52abced5dce183751377599322143a85e74da206feacccd9248e
SHA512 b999d611d8421ed66dfaf17e507d225bf331659c9cbf38033737d37601173e19756947f84a2b2de3ade1d99d11d5d0e0df3f6e2b29b857ecc506ef55bbefdaa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 0a18f4d6eaf368b2162230eb8206fe67
SHA1 6d487a83132a79927a3c20af6bd6df7d8cef196c
SHA256 adbfb083377d24156eccb3881e48c1bcaa09b078f3c3abe019fa09c5f9d36f1a
SHA512 92e114c18715070f3da66ccd166ddacd1f7c7686cf92b2217b400cb1218fc84b0e92b795b1944619cd4657e21712316ce886545a8bc3c2f8ee78dd55c55282e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\06a90874-b797-479c-addf-1899f599e5ae.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b77e1c8fbaef2312aca1dbb879dd1cc
SHA1 ff31318b3e7e86f9333664ac35ae63be757709c6
SHA256 5a66d23770f5fb053c7cf6659ad8acdddf0616e18af0f237b248f71b53cdd450
SHA512 1550f6924b1e2386cb63d9890da7e7b50757f0a4084101b48ff543dac9be1a440b54b26fecc9374dedf4d639b81881f72a1ce486e17710c22049fca16153da04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 b43985e3d21864bb1bb221c5f1007022
SHA1 055e4ba86d3c646134009bf8ea74c699639133a8
SHA256 87f442476d9c55e12e37113157baf61b0316b0eb9544d84c78670577032b314c
SHA512 03814fa0539a2f7e2d17d48c14e2da286d193e61e97c95d2d925583ad0fb25adaab13613ec78e867b7d6be9d0e3b0d9005871de18b8e3a6e15fe84e2d47a743f

C:\Program Files\chrome_Unpacker_BeginUnzipping856_1330262655\deny_etld1_domains.list

MD5 eda89a2b55db30e05fa86cfe82dea445
SHA1 e5a6d07b82fc5c0f45f609d8e4eca85b1c76f57d
SHA256 5bf6736f4862211a3c667c23ac5d2ae8b5eb15a56b86881ad465d5724509b224
SHA512 940f4ee0b01308d99b4f98b8a298bd39c36b03f622ac6dc9bb87c7632ee9f1cb01e553468a797c3c40b98e1f72c0f9ad131041a356ae68fcc4983f0e0f37d6ef

C:\Program Files\chrome_Unpacker_BeginUnzipping856_1330262655\deny_full_domains.list

MD5 e0cbabe7207e6710bea35bc182665fbb
SHA1 46c04020f294f113e94a277de99e680fd7de0d5a
SHA256 e7a7f70035de47b8ae0d121e42ca871c54783659411d6f3f94d7b4cade72631e
SHA512 2a9e920a588c67896a898b760fba251362ab9012dc3808a7c823323abd64d8ece17fec97ccbd2e96f57ad2d557d9e0376a38ecb134800f5b290ee2974429c223

C:\Program Files\chrome_Unpacker_BeginUnzipping856_1330262655\manifest.fingerprint

MD5 0bd617df54405e6f6019ebe868d988f8
SHA1 4b357979a82373ae8b20742a40489a153fcbb291
SHA256 e0f256b077c4989cad038f22caa9e515d5e0c32741bae25de8139cb76a6a4058
SHA512 72931ee616ca827fdaf45887189f82cd995c666c0a2cc8e7c9f964b2af231655d1cea44b9909e4b71d98e6b0e18f7125aa952a30e7f1ee55eb792974ccbb98eb

C:\Program Files\3uToolsV3\cache\hometmp\03.png

MD5 1eeb44c3762821c39029fd3c995f8235
SHA1 93cee74f8b7a3080309bf61cae6fd1941951cdf6
SHA256 0400ac19d5cab765c8d86cfb534d3d9ea1d21aa84d292b0b66df36c74783e388
SHA512 87976a2120e7954b165ff5945117ef68c1a1e8d1b33eab474a6583e173159418352932ab12a6772bf691f642f2a84de71308c3f87b540211b3d562dcd2319f20

C:\Program Files\3uToolsV3\cache\hometmp\02.png

MD5 89b459877cb148ead13c042f5b1fcd85
SHA1 af426847b9c272af61656512595d07e7e8455249
SHA256 dae5faf25413f844510cddca3f4122e5a3865949d37b22e9110d478cb7f754f0
SHA512 163abd457ba0fcdc0ce3ff9f78835a667179c5191969bf435e7f34f9020721d1be1e2a5c40355f5b436620436fce7270999f8eaf5ad1dbe396c941f57b86c165

C:\Program Files\3uToolsV3\cache\hometmp\01.png

MD5 d710d74bdc74c1f91d625813dda872d5
SHA1 a66ff93b665fed4a621b0e23e7617c8ac9cfe75f
SHA256 dfbd40304b86dd6bf025b35a3b8654a38e6fe6f6d1dceda89d3eb491b23d84cb
SHA512 faef92b1e690af017ebdba07419ef2796ef5646b8e356b3a4f125692120ef5f55b5fdcd83ae463ed3c3fd47bff5b2262a734f8d2f43044a94135772d54a926a6

C:\Program Files\chrome_Unpacker_BeginUnzipping856_1685977745\manifest.json

MD5 b0e549dcc425951a670808d628ab5181
SHA1 63c37e4fd9193836f0100cee2bf76585787ae94b
SHA256 b2c8ee75956c3bb7ea6865137c441b916badfb99c922c17785875e784c96e29a
SHA512 d6dc7c7ddd5ad8ca06a831faa6bd399c8af77e0b21cfd039c608f366fb54b8d4553fc8f947a070544f472966190cf1ca5a236d1084be824b06684b6c6e8de0dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\kp_pinslist.pb

MD5 563bdb2192acf2c106832f696df5d84c
SHA1 898eee38d08e09254c39dd0d1707c98f95cb2fa6
SHA256 2efcd280779456d767025a4f2915012cb9b11af2b8e199d3f32152232bf09460
SHA512 550e3dbaa0a5d74763465318b6f14035e16e1d70602ca36a5636d159875b527fae51f0c7f81e380797b4871283dbddb964017e7a16857228a621284d7aef00f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\crs.pb

MD5 916f38644626b7201f29c01bc659525b
SHA1 c259bfd1ccbf1347b6a0bac43e7aead100ca7092
SHA256 8ba4acc8582041e5caa5dc4c73ade421b52a8b018e70f12b7a1437f74c6a955e
SHA512 33539525ec8bf13ee832365994dd6b3bc2162ef64e032baa1ab6e45d701125d08009504c254e85b763b69abd93f10366a4b44e5e62f7705c988c089aea447d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\24.0.0.0\ct_config.pb

MD5 4fdf7c8ca48768f459c97b25fdd10d9b
SHA1 d1f0ac34a53294875dd7bc03dfbdf5c7ae65a4d0
SHA256 6a350094ab9a19b758f6660a58afdecc44e83b3ce8c3521fe3b831d5945a3911
SHA512 7322c942946b83ed8cf8875613f72ab5fa5fcb4ca1671bba22bd02404546f8ce099b2941cb0897b3209aecb85b6ac2f1b98f2d11678e5304b55ae3974192042d