Malware Analysis Report

2025-08-10 19:58

Sample ID 250630-w74q2stp14
Target https://url2.3u.com/MNBBfyaa
Tags
defense_evasion discovery persistence privilege_escalation spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://url2.3u.com/MNBBfyaa was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation spyware stealer upx

Modifies firewall policy service

Downloads MZ/PE file

Reads user/profile data of web browsers

Modifies file permissions

Checks computer location settings

Checks BIOS information in registry

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Blocklisted process makes network request

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

UPX packed file

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Launches sc.exe

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Program crash

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies registry class

Uses Volume Shadow Copy service COM API

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-30 18:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-30 18:34

Reported

2025-06-30 18:40

Platform

win10v2004-20250610-en

Max time kernel

331s

Max time network

332s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.3u.com/MNBBfyaa

Signatures

Modifies firewall policy service

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules C:\Program Files\Bonjour\mDNSResponder.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\iTunes\iTunes.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Program Files\3uToolsV3\3uTools.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Program Files\iTunes\iTunes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\updater.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
N/A N/A C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
N/A N/A C:\Program Files\Bonjour\mDNSResponder.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A F:\3uToolsV3\Other\iTunes(12.12.9.4).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesHelper.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesHelper.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesVisualizerHost.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
N/A N/A C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A
N/A N/A C:\Windows\SYSTEM32\takeown.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper = "\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\F: C:\Program Files\iTunes\iTunes.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files\iTunes\iTunes.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF38.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKISInterface.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC3.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE03F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\dnssdX.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAB2.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC4.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\AppleUsbFilter.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\dnssd.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleKmdfFilter.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\jdns_sd.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\AppleRSM.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE041.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF3A.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\dnssd.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\USBAAPL64.CAT C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD034.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\AppleRSM.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE052.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE052.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF4B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\AppleKIS.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleLowerFilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsbFilter.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\AppleRSMInterface.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\AppleKISInterface.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF39.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD045.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE041.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSMInterface.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC3.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD033.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD045.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF3A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsb.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\SysWOW64\dns-sd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\dns-sd.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\dnssdX.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\AppleKIS.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\AppleLowerFilter.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC4.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC5.tmp C:\Windows\system32\DrvInst.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Protocol\InspectorObserver.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\de.lproj\PrintingTemplates\16.Media.PlainPaper.DS.xml C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\files\SMS\images\zz.png C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\hu.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\ViewLineItemiTunesExtras_dark.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\ScriptTimelineDataGrid.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\3uToolsV3\locales\images\vn\Connecting_trust_img.png C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\3uToolsV3\cache\devices_table\border_16_white.svg.tmp C:\Program Files\3uToolsV3\3uTools.exe N/A
File created C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\pl.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\cs.lproj\Error.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\CFNetwork.resources\Japanese.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\DeviceCapacityBox.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Workers\Formatter\FormatterWorker.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\CPUTimelineOverviewGraph.css C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\Sidebar.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\sk.lproj\PrintingTemplates\10.Insert.SingleCover.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\PrintingTemplates\01.Playlist.Songs.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\it.lproj\StoreViewButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\da.lproj\iTunesExtraGridView.png C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\translations\qtmultimedia_zh_TW.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\BreakpointActionView.js C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\translations\qt_he.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\DOMTreeElement.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\cs.lproj\ViewLineItemRatingE_dark.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\3uToolsV3\translations\qt_zh_TW.qm C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File opened for modification C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\CFNetwork.resources\sk.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\cs.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Models\Script.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\nl.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\BoxModelDetailsSectionRow.css C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\locales\images\ru\Connecting_text.png C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\RecordingContentView.css C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\es.lproj\StoreRentButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\ja.lproj\PrintingTemplates\15.Media.PlainPaper.SS.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\ScriptTimelineOverviewGraph.js C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.MobileSync.client.resources\ClientDescription30.plist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\it.lproj\StoreBlankBuyButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\sk.lproj\genresLoc.plist C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\ro.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\MediaAccessibility.resources\he.lproj\ProfileNames.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\id.lproj\PrintingTemplates\12.Insert.MosaicBW.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\fr.lproj\StoreBlankBuyButton.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pt.lproj\PrintingTemplates\09.Insert.WhiteMosaic.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\LocalJSONContentView.js C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\files\Openhiddenncm\ncmdriver_win11\iOSNcmDriver.inf C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\3uToolsV3\setting.cfg.Vxjwjt C:\Program Files\3uToolsV3\3uTools.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\ar.lproj\iPhone License.rtf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\id.lproj\PrintingTemplates\09.Insert.WhiteMosaic.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\da.lproj\ViewLineItemRatingC.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunesUWP.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\translations\qtwebengine_locales\ca.pak C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\pl.lproj\[email protected] C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\CoreAudioToolbox.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Images\Image.svg C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\3uToolsV3\files\bonjour\Bonjour.msi C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
File created C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\CFUniCharPropertyDatabase.data C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\id.lproj\ViewLineItemiTunesExtras.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\iTunes.Resources\th.lproj\DeviceCapacityBox.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\el.lproj\Localizable.strings C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Controllers\TabNavigationDiagnosticEventRecorder.js C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5a9fe0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD94.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vcruntime140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBD53.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\Installer\MSIBD93.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a9fe6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\Installer.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI528.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\Installer\MSI9C04.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\e5a9fdb.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA520.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBF3C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI55A1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vcruntime140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a9fe6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{B292D163-23D2-4523-A699-1ABEC1875609}\AppleSoftwareUpdateIco.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9C93.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAACF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5a9fdb.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5a9fe0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SYSTEM32\pnputil.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\iTunes.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\SourceHash{CA8EDE78-7A08-4F27-9B31-D6161C095986} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vccorlib140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vcruntime140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA491.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA705.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBBCB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\RichText.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CA8EDE78-7A08-4F27-9B31-D6161C095986}\Installer.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A
N/A N/A C:\Windows\SYSTEM32\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\3uToolsV3\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Program Files\3uToolsV3\3uTools.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files\3uToolsV3\3uTools.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Program Files\3uToolsV3\3uTools.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Windows\SYSTEM32\pnputil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\SYSTEM32\pnputil.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\SYSTEM32\pnputil.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\iTunes\iTunes.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\iTunes\iTunes.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Apple Inc. C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4p\shell\play\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /play \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mpg\PerceivedType = "video" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.wav\OpenWithProgIds\iTunes.wav C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\TypeLib C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}\1.0\FLAGS\ = "0" C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.aifc\OpenWithProgIds C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mpg\DefaultIcon\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\",-133" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rmp\Content Type = "application/vnd.rn-rn_music_package" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.AssocProtocol.itvlss C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL\AppID = "{16D99191-6280-4B33-A2F5-04805A0FC582}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.m3u C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-itunes-itls\Extension = ".itls" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.itpc\AppUserModelID = "Apple.iTunes" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Apple Software Update" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{995E123A-2A19-4E52-872F-774C5589459C} C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.m4r C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.wave\OpenWithProgIds C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.italss\shell\open C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunesAdmin.iTunesAdminInstallIPodSupport\CurVer C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ = "DNSSDService Class" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\0\win64 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunesAdmin.iTunesAdminEnableAutoRun\CLSID\ = "{B8DF592B-DE05-49f5-BB21-084F548F12A9}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunesAdmin.iTunesAdminParentalControls.1\CLSID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2CB0246788A03844DB1BD09DD7FF1336\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord\CurVer C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.wave\Content Type = "audio/wav" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.mpeg\shell\play\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.pls\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\italss\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}\InprocServer32\ = "C:\\Program Files\\iTunes\\iTunesAdmin.dll" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B}\ProxyStubClsid32 C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E93C96F-CF0D-43F6-8BA8-B807A3370712}\1.d\0\win64 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mp2\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.BurnCD\shell\burn\command C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mov\shell C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\itsradio\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2CB0246788A03844DB1BD09DD7FF1336\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8BFDDD6597F70844985D521E5FA22BF8\DotNetSupport = "Bonjour" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0515ACBB-7296-4F73-8958-EB1CCF5EFD83}\ProxyStubClsid32 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.itl\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mp2\shell\play\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /play \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ProxyStubClsid C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cdda\ = "iTunes.cdda" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BE75F4F-68FA-4212-ACB7-BE44EA569759}\ = "IITEQPreset" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\itlss\shell\open\command C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itlss\URL Protocol C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9D58BF1-0070-4fcd-B722-A0EE5A3ABCD6}\Elevation\Enabled = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DF3A0880E1A25C340B029039E070D543\2CB0246788A03844DB1BD09DD7FF1336 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4r\shell\open\ = "&Open" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\iTunes.mpeg\shell\open\command C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itals\shell\open\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /url \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.aax\OpenWithProgids C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.aif\OpenWithProgIds C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.ipa\OpenWithProgids C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\SourceList\PackageName = "Bonjour64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DC0C2640-1415-4644-875C-6F4D769839BA}\TypeLib\ = "{9E93C96F-CF0D-43F6-8BA8-B807A3370712}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iTunes.exe\shell\ = "play" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SYSTEM32\takeown.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
Token: 35 N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeSystemtimePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeAuditPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeUndockPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeManageVolumePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeImpersonatePrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uViewer.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\updater.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files\3uToolsV3\QtWebEngineProcess.exe N/A
N/A N/A C:\Program Files\3uToolsV3\3uTools.exe N/A
N/A N/A F:\3uToolsV3\Other\iTunes(12.12.9.4).exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A
N/A N/A C:\Program Files\iTunes\iTunesVisualizerHost.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe N/A
N/A N/A C:\Program Files\iTunes\iTunes.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 6124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 6124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.3u.com/MNBBfyaa

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff993f4f208,0x7ff993f4f214,0x7ff993f4f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2288,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2324,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4812,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5632,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2428,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8

C:\Windows\System32\ildjt0.exe

"C:\Windows\System32\ildjt0.exe"

C:\Windows\System32\ildjt0.exe

"C:\Windows\System32\ildjt0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=ildjt0.exe ildjt0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch "https://www.bing.com/search?q=ildjt0.exe ildjt0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=4024,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=704,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3876,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6932,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6960,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6888,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7140,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5212,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6836,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7080,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6764,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7500,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7200,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1

C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe

"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"

C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe

"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2060 -ip 2060

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 2392

C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe

"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5236 -ip 5236

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 2248

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7352,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7352,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6800,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7380,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7456,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7816,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7812 /prefetch:8

C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe

"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7620,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files\3uToolsV3\3uTools.exe

"C:\Program Files\3uToolsV3\3uTools.exe"

C:\Program Files\3uToolsV3\3uViewer.exe

3uViewer.exe /reg 1

C:\Program Files\3uToolsV3\3uViewer.exe

3uViewer.exe /reg 2

C:\Program Files\3uToolsV3\updater.exe

"C:\Program Files\3uToolsV3\updater.exe" /background

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\AppleKIS.inf" "9" "4639b046f" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{64a9f068-05b3-4d4a-b910-45858907811d}\AppleUsb.inf" "9" "4ca0613ab" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64"

C:\Windows\System32\SppExtComObj.Exe

"C:\Windows\System32\SppExtComObj.Exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5672,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5156,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8

C:\Windows\SYSTEM32\sc.exe

sc start DeviceInstall

C:\Windows\SYSTEM32\sc.exe

sc start DsmSvc

C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe

"C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe" x "F:\3uToolsV3\Other\iTunes(12.12.9.4).exe" -aoa -o"C:\Users\Admin\AppData\Local\Temp\3uTools\iTunes(12.12.9.4)"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 270CF57EAEBD66B0BEDCE6C272AD9FEB

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding F3A39AF7088C53C30F9F577AD9AF3782

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 31E64CEE8BE1ED320BA99A05684BB97C E Global\MSI0000

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding D0346C3C7C9B1A8975F1556A491C7B20

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9C56AC726067DB2B1E181D357EBB3456

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 61F4DE0C422AAB0B2AE796DADB84262C E Global\MSI0000

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"

C:\Program Files\Bonjour\mDNSResponder.exe

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{de4d3bb8-b344-654f-8ce2-840d531ef2b8}\usbaapl64.inf" "9" "452eabb2f" "0000000000000148" "WinSta0\Default" "0000000000000164" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{904d7584-bbc8-c048-8961-63ea7a4eeb72}\AppleRSM.inf" "9" "4c7809927" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64"

C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe

"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"

C:\Windows\SYSTEM32\takeown.exe

takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A

C:\Windows\SYSTEM32\cacls.exe

cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F

C:\Windows\SYSTEM32\pnputil.exe

pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"

C:\Program Files\3uToolsV3\QtWebEngineProcess.exe

"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --no-sandbox --application-name=3uTools --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=4204 /prefetch:8

C:\Program Files\3uToolsV3\QtWebEngineProcess.exe

"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=4228 /prefetch:1

F:\3uToolsV3\Other\iTunes(12.12.9.4).exe

"F:\3uToolsV3\Other\iTunes(12.12.9.4).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:8

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\iTunes64.msi" INSTALL_SUPPORT_PACKAGES=1

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 3DC9FBECAB739039B21F7B89F0940CDE C

C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe

"C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe" /evt E516 /pid 6732 /mon 788 800

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B1503F520ADBD5305513B9C61E446A65

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Apple Software Update\ScriptingObjectModel.dll"

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" /RegServer

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D7159FD527C9B1C198594E862C60C1AB E Global\MSI0000

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding FBD1693348A612B53293D63F687335C0

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D13E3255EFBD49C34F5B08C8CF61B695

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding D943E4EF0B17CB18DADF8C23C38E007F E Global\MSI0000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3916,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=4044 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 92C4E89ED6F8DE2DFCA7A747E0C67FC5 E Global\MSI0000

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7924,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8

C:\Program Files\iTunes\iTunesHelper.exe

"C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files\iTunes\iTunesHelper.exe

"C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files\iTunes\iTunes.exe

"C:\Program Files\iTunes\iTunes.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x500 0x2d0

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\31189486162541112443642464 --parentPipe

C:\Program Files\iTunes\iTunesVisualizerHost.exe

"C:\Program Files\iTunes\iTunesVisualizerHost.exe"

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"

C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 url2.3u.com udp
US 8.8.8.8:53 url2.3u.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.27.11:80 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
GB 38.175.44.20:443 url2.3u.com tcp
GB 38.175.44.20:443 url2.3u.com tcp
US 8.8.8.8:53 dl.3u.com udp
US 8.8.8.8:53 dl.3u.com udp
FR 43.152.186.225:443 dl.3u.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 2.18.27.76:443 www.bing.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
GB 2.18.27.76:443 www.bing.com udp
N/A 239.255.255.250:3702 udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.76:443 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.3:443 login.microsoftonline.com tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 84.201.209.69:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 8.8.8.8:53 answers.microsoft.com udp
US 13.107.246.64:443 answers.microsoft.com tcp
US 13.107.246.64:443 answers.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 csp.microsoft.com udp
US 8.8.8.8:53 csp.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
US 8.8.8.8:53 answers-afd.microsoft.com udp
GB 184.25.193.234:443 www.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 13.107.246.64:443 answers-afd.microsoft.com tcp
US 8.8.8.8:53 uhf.microsoft.com udp
US 8.8.8.8:53 uhf.microsoft.com udp
GB 2.22.138.173:443 uhf.microsoft.com tcp
GB 184.25.193.234:443 www.microsoft.com tcp
US 8.8.8.8:53 filestore.community.support.microsoft.com udp
US 8.8.8.8:53 filestore.community.support.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 consentdeliveryfd.azurefd.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
DE 51.116.253.169:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.14:443 login.microsoftonline.com tcp
DE 51.116.253.169:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
GB 2.18.27.89:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 13.107.246.64:443 lgincdnmsftuswe2.azureedge.net tcp
GB 2.18.27.89:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 url2.3u.com udp
GB 38.175.44.17:443 url2.3u.com tcp
US 8.8.8.8:53 static.3u.com udp
GB 79.133.176.219:443 static.3u.com tcp
GB 38.175.44.17:443 url2.3u.com tcp
GB 38.175.44.17:443 url2.3u.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
GB 2.22.144.102:443 identity.nel.measure.office.net tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 tools.3u.com udp
N/A 127.0.0.1:52369 tcp
GB 79.133.176.184:443 tools.3u.com tcp
GB 79.133.176.184:443 tools.3u.com tcp
N/A 127.0.0.1:52403 tcp
GB 79.133.176.184:443 tools.3u.com tcp
N/A 127.0.0.1:52406 tcp
US 8.8.8.8:53 url.3u.com udp
N/A 127.0.0.1:52428 tcp
N/A 127.0.0.1:52430 tcp
US 8.8.8.8:53 app4.i4.cn udp
US 8.8.8.8:53 url.i4.cn udp
CN 47.99.89.159:443 url.i4.cn tcp
CN 120.55.197.60:443 app4.i4.cn tcp
N/A 127.0.0.1:52445 tcp
N/A 127.0.0.1:52451 tcp
N/A 127.0.0.1:52453 tcp
N/A 127.0.0.1:52455 tcp
N/A 127.0.0.1:52457 tcp
US 8.8.8.8:53 url2.3u.com udp
GB 79.133.176.184:443 tools.3u.com tcp
N/A 127.0.0.1:52460 tcp
N/A 127.0.0.1:52462 tcp
US 8.8.8.8:53 ios-pclog.3u.com udp
N/A 127.0.0.1:52465 tcp
GB 79.133.176.184:443 tools.3u.com tcp
GB 138.113.149.153:443 url.3u.com tcp
GB 138.113.149.153:443 url.3u.com tcp
GB 138.113.149.153:443 url.3u.com tcp
GB 138.113.149.153:443 url.3u.com tcp
GB 138.113.149.153:443 url.3u.com tcp
US 8.8.8.8:53 d.updater.3u.com udp
US 8.8.8.8:53 dl-image.3u.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:52474 tcp
N/A 127.0.0.1:52476 tcp
N/A 127.0.0.1:52478 tcp
N/A 127.0.0.1:52480 tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
GB 168.235.193.210:80 d.updater.3u.com tcp
N/A 127.0.0.1:52504 tcp
N/A 127.0.0.1:52505 tcp
US 8.8.8.8:53 d-updater.3u.com udp
GB 138.113.149.153:443 url.3u.com tcp
N/A 127.0.0.1:52509 tcp
GB 138.113.149.153:443 url.3u.com tcp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:52518 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:443 d-updater.3u.com tcp
N/A 127.0.0.1:52523 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:52526 tcp
GB 168.235.193.210:443 d-updater.3u.com tcp
GB 138.113.149.153:443 url.3u.com tcp
GB 38.175.44.18:443 url2.3u.com tcp
GB 168.235.193.210:443 d-updater.3u.com tcp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
GB 168.235.193.210:443 d-updater.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
N/A 127.0.0.1:52529 tcp
N/A 127.0.0.1:52533 tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
US 8.8.8.8:53 www.zzzplay.bio udp
N/A 127.0.0.1:52598 tcp
N/A 127.0.0.1:52613 tcp
N/A 127.0.0.1:52681 tcp
N/A 127.0.0.1:52685 tcp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:52758 tcp
N/A 127.0.0.1:52766 tcp
N/A 127.0.0.1:52775 tcp
N/A 127.0.0.1:52806 tcp
N/A 127.0.0.1:52834 tcp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
FR 43.152.186.225:443 dl-image.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:52976 tcp
N/A 127.0.0.1:53045 tcp
N/A 127.0.0.1:53064 tcp
N/A 127.0.0.1:27015 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
US 8.8.8.8:53 www.3u.com udp
GB 138.113.149.153:443 www.3u.com tcp
GB 138.113.149.153:443 www.3u.com tcp
N/A 127.0.0.1:53102 tcp
N/A 127.0.0.1:53110 tcp
N/A 127.0.0.1:53162 tcp
N/A 127.0.0.1:53168 tcp
N/A 127.0.0.1:53182 tcp
N/A 127.0.0.1:53188 tcp
N/A 127.0.0.1:53192 tcp
N/A 127.0.0.1:53197 tcp
N/A 127.0.0.1:53203 tcp
N/A 127.0.0.1:53207 tcp
N/A 127.0.0.1:53213 tcp
N/A 127.0.0.1:53219 tcp
N/A 127.0.0.1:53224 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53230 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53237 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53242 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53247 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:53252 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53264 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53269 tcp
GB 138.113.149.153:443 www.3u.com tcp
N/A 127.0.0.1:27015 tcp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
GB 138.113.149.153:443 www.3u.com tcp
US 8.8.8.8:53 dl.3u.com udp
FR 43.152.186.225:443 dl.3u.com tcp
N/A 127.0.0.1:53334 tcp
N/A 127.0.0.1:53333 tcp
N/A 127.0.0.1:53339 tcp
N/A 127.0.0.1:53347 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53351 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:53357 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 138.113.149.153:80 www.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53362 tcp
N/A 127.0.0.1:53366 tcp
N/A 127.0.0.1:53370 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53374 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53382 tcp
US 8.8.8.8:53 secure-appldnld.apple.com udp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
US 8.8.8.8:53 identity.nel.measure.office.net udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
US 8.8.8.8:53 yfv6ssx-pc.i4.cn udp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 23.49.173.57:443 secure-appldnld.apple.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53396 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:53402 tcp
N/A 127.0.0.1:53407 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
CN 121.199.63.222:14929 yfv6ssx-pc.i4.cn tcp
N/A 127.0.0.1:53414 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:53441 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:53449 tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 168.235.193.210:80 d-updater.3u.com tcp
GB 168.235.193.210:80 d-updater.3u.com tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:53469 tcp
N/A 127.0.0.1:53473 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
N/A 127.0.0.1:27015 tcp
CN 121.199.63.222:14929 yfv6ssx-pc.i4.cn tcp
N/A 127.0.0.1:53524 tcp
GB 163.171.129.134:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:56554 udp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 sf.symcd.com udp
GB 2.22.142.222:80 sf.symcd.com tcp
US 8.8.8.8:53 sf.symcb.com udp
GB 2.22.142.222:80 sf.symcb.com tcp
N/A 127.0.0.1:27015 tcp
US 8.8.8.8:53 ios-pclog.3u.com udp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:54289 tcp
N/A 127.0.0.1:54333 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:54824 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:54827 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:54832 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 app-pcres.3u.com udp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
GB 163.171.129.134:443 app-pcres.3u.com tcp
N/A 127.0.0.1:54837 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 is1-ssl.mzstatic.com udp
US 151.101.67.6:443 is1-ssl.mzstatic.com tcp
US 151.101.67.6:443 is1-ssl.mzstatic.com tcp
FR 43.152.186.225:443 dl.3u.com tcp
FR 43.152.186.225:443 dl.3u.com tcp
US 8.8.8.8:53 is3-ssl.mzstatic.com udp
N/A 127.0.0.1:54853 tcp
N/A 127.0.0.1:54856 tcp
US 8.8.8.8:53 is2-ssl.mzstatic.com udp
N/A 127.0.0.1:54869 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 is5-ssl.mzstatic.com udp
US 8.8.8.8:53 app-pcres.3u.com udp
N/A 127.0.0.1:54872 tcp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
US 8.8.8.8:53 url.3u.com udp
GB 174.35.118.63:443 url.3u.com tcp
N/A 127.0.0.1:54875 tcp
US 8.8.8.8:53 dl.3u.com udp
FR 43.152.186.225:443 dl.3u.com tcp
N/A 127.0.0.1:54878 tcp
GB 174.35.118.63:80 url.3u.com tcp
N/A 127.0.0.1:54890 tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:60119 udp
US 8.8.8.8:53 ios-pclog.3u.com udp
GB 163.171.146.42:443 ios-pclog.3u.com tcp
N/A 127.0.0.1:59976 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:56575 udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:56577 udp
N/A 127.0.0.1:5354 tcp
US 8.8.8.8:53 albert.apple.com udp
US 8.8.8.8:53 c12850432.mgr.gcsp.cddbp.net udp
US 17.32.214.169:443 albert.apple.com tcp
IE 54.75.69.128:80 c12850432.mgr.gcsp.cddbp.net tcp
IE 54.75.69.128:80 c12850432.mgr.gcsp.cddbp.net tcp
US 8.8.8.8:53 c9854976.mgr.gcsp.cddbp.net udp
IE 54.75.69.128:80 c9854976.mgr.gcsp.cddbp.net tcp
US 8.8.8.8:53 init-p01st.push.apple.com udp
GB 2.22.144.23:80 init-p01st.push.apple.com tcp
US 8.8.8.8:53 6-courier.push.apple.com udp
N/A 127.0.0.1:5354 tcp
N/A 127.0.0.1:60088 tcp
N/A 127.0.0.1:60090 tcp
N/A 127.0.0.1:60092 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:60109 tcp
DE 17.253.15.196:80 crl.apple.com tcp
US 8.8.8.8:53 s.mzstatic.com udp
GB 23.219.192.23:443 s.mzstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1b325eec68122a129405f717109c544
SHA1 d5263350ede2a2be4113af74acdd28734353498b
SHA256 732087aa8065bb54ca266817418a5dd814c81ecf6e35d57084ce4c7f71131274
SHA512 1dba87263890fc1b010a9feedcf3ccef58cec4a5824c7ff5a0986a95613248c2c77a2af183ba401096aea62fd97cd1e60634b8b6cd1e19306fcf1d608d35e36f

\??\pipe\crashpad_2940_TOGGRCTWXEPDJMVI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37ce022f0541808e190165127ef74e24
SHA1 25c13f622316359dbfb4270b30463cccec6daf9c
SHA256 3e16b1e599311209f195e48392fed916c277781b017c55901a1b3a6162bcd6b1
SHA512 fca35a8857bb5ee5339b63248d28bd5d534a14187fd53be395e9284a8ba937e3000de870f64cf3f2c0c5fd93c44484971b800802be8b72dd54bcfcf28c7d32ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 2cead3cb7e98eebafcbb9e04e1816ee5
SHA1 36e325bd85ae1dacb936b449ce303a05e61e1835
SHA256 cc22df2c6623cddc22f5b59e105431261f130293a82e3f55de7d8e60a0d813a5
SHA512 392e283f155a04cc105f13fa3341c0172e246f905ccae8024e99686f0420a741305401d8575eadbc1684c3f962308b2886945f3a03a426d86a4428018c5c3201

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 0c2e59d4189dbf8a52020a00f31c0b5e
SHA1 042aa4759f169fcbb4da17038cfcf0ab9f4459c1
SHA256 5d4a8bfd91be88586d3584e622c6d83c60a6260ca19f634f947fed1566a032c6
SHA512 c06297dca44f47495154da17df3b174438ef1a9f8bfbcce546d8a1502d9a3a58d56e203c0779187844549579476b042243421643f306a5f33a89ff504d210682

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9814a9d879421e8abb2d63e66ca99261
SHA1 1ee692c1e04433a152858c68641a14b596b4b9fd
SHA256 756048c18f276873699f5d152b2cfbd25243adee417df3e6dc6a019b39731212
SHA512 263ef1f01f23b0024d2869a71349917f45532bf0a1e5a73ad44300c936b1cf22a1962cf9d146b20762219255bf772741f5b5c8cd6ebc85f78fdc1ea3d3c0f0cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

MD5 b384b2c8acf11d0ca778ea05a710bc01
SHA1 4d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA256 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 faf27cbea09a5af0dbfa885977043d36
SHA1 5fad5e2fbd69152e98fe5fa4dd26ef7f0e3e986e
SHA256 23ba3796750988717a23d7d2e598dc0213355dd7764d6f926c2eaf3d4238d12b
SHA512 e4edc8cbe602fde4323c74c64219fca1b2d3d0e772c912af1d66e4f2454fbf6a6675b63b64e27f65e2063b1e5d463ffb4b5cb502e93dc5d57ca3693ce8bedeb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d679d2399d68cbe4d581ffb7a596fd4a
SHA1 b1dd95d5fdfc1b21b8c2b81a43ab23be9cbdda34
SHA256 bdbc3ce961ed03d16edc86a3d9b27f733f463555543e66985721d1f2fb2858ee
SHA512 fc1589d0319df5d6d1a4748d8d082991253ecc5ca470f8978290a7dcb6e674a9660c815faf918cfcf6d9b2e73b9b03c25e2f79912da40af7c1525c5ac951c4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c1a0cfad8f6b178f1bf5d6c44b5e9a5
SHA1 24c29c25c4227cd5c57874f0756e2f49086c8342
SHA256 d77ae498f5e4d86294e782a41dcee6e9f9d22a98990883efdbb0138cb29dd711
SHA512 1256e84122e8dfcf02cccfa796238de06d036506d25bc7a5ab8928e20efe65c7b2d3f7752a3c68602a82c2e97861af11a92f2565c1307cdbc9cbb0d4d959a9a1

memory/4076-464-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-463-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-462-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-471-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-474-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-473-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-472-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-470-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-469-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

memory/4076-468-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2d2097b7f4fb50314f7e0c92d6076bce
SHA1 ee9819edfdf752acd282a65bbc69dadaced0c29e
SHA256 0bdc0736eb575c72db718d5f8d09f8c6c8df08d17ff6eb949c52b000982149e7
SHA512 c82f00f9ca5ec213062e4047f38589982fe12baae227351efacf6a2f94094401252b173781d1c7d708aa58dca5c1837b866ce0f74657d4d6efdfd2b524b1df55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16324da0c0a1b56bd84a6d4456ba0b3d
SHA1 875d47d776c8d7f6a0867bab057837462854213d
SHA256 e4460250a9f9f3434a37414ce63047277af68b7c2bbab0ab6b7c2ef62e4b3b02
SHA512 846e7ac37bc78886b0930169fccd6669bac3f6f0b50ba5315f519b34a065cde449ddb1e9e5395685a362394ee80e6b0754fd86dfe5735604e8307a2d993afa78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 caa2851e8c3c99faf6110cf0773fee57
SHA1 e26908b59861ad0f22eca2f340fa8018853d19ed
SHA256 315f8fb2fcc5d235cc007c22725be2661c88f04691b840a4cca1c71f32fc3057
SHA512 48bffb914964cfd53bebd7808af5e00af2393c27d1b0e452bd4ae807999f24699752f7d8a32f6b7a76763768a1bfb6897ae89cab074f962f17f15b1130d97e4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97aeafbcf6082fa3a0e26763c60e82f2
SHA1 4446b5583622eb01c5c8f5ce16523bad382ebefd
SHA256 c60971aa953620436930c00ff1417e71f393da270975eb49d1dae488e1f22553
SHA512 02cc5aed1662d39b04feb587f4182d73a6cccea95a0245cd9c998fa8c921bcaf1f6d1e22a9f87ef2952d286cf5e7d15a4443ca84a1cd24b9563ce157d29c6e0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ebf34dea6e4d2f2eac840b628f56b93
SHA1 2cbc1c51620c00d1c77411cdb5621cd09264dd9a
SHA256 4255e97761f7174a3aa18f08467f12d0113907b3fc0c340e45bc030f8c0f4c70
SHA512 79225a4500b504bb9ca297bec9d99377ba0d6c2435cd111b2613378b7e09a91d13cf65ab1550c77232c7e582ab471073ac6c62953146c0c5e27fb346cc1530bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 e40090d259facaf6401019ce10d11a00
SHA1 e668e76e569aa3bbd9eb64d1b02a96fe03f1a978
SHA256 132a04563643db8d3550b388a1320c0212456fc53bb71d5ebc39561ef6fcc439
SHA512 4181423264bb573ec326798691183f3a64767febacfe9c796914551eb5be8f1d6ea5412c4c22ab18001e15e435ed8f28af1d9a65b942e02dfb0de15ba69517b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 b67e386619fb3e6429053655cde6c4db
SHA1 00f03066c1154c2b10e67ac93ed9ea75967dc4a6
SHA256 1ec9a7479662eff8312878bf3cc3941f32fbf141875514a86d304dd17e7c0e4e
SHA512 1db349878981082b3dc896259648140efc9f8f92e800b44c9e6530cf5729ba87f3b3ab8314591962dabb2e9dfe3633fe4a6f187e63fff9e4ae86b0d45ca48bff

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_291045783\manifest.json

MD5 e0909520982fc48e47a6451443b11741
SHA1 0e46425274933c153ebf5a03f25e693267a8cea2
SHA256 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654
SHA512 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_291045783\LICENSE

MD5 ee002cb9e51bb8dfa89640a406a1090a
SHA1 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA256 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512 d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58b34d.TMP

MD5 fa5d78ba8141abd69e18cb00921b1f11
SHA1 d069900efae0b57cfa3472102401459015632a03
SHA256 dbd8f63ee07b24f59e242863b2c9c1be1018814e7ec42a2ba659e5e56442aeb3
SHA512 9d38e6279621d5488af6a645529c8fa1ac77460842123e840ee95b144ad34d032afcb42484b450c192a45c750fb89a81e83aba1fe7751babd948ce6bd332f222

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 7bdcaa29608e523d0b766ac29d420057
SHA1 22c6eea15548697b572b697b1d3108e71a900828
SHA256 539570075bcd6a38067bbf50e9d6496feb01a6c03276c80610e8d8d545b45104
SHA512 3976aa9759b8f176f910ae4976de72db56e80997e8e0a944c501fc91b66f33f3a7addbf44b5fe5ebc442034dd6bac624911f30a267b24de772974c7d224f5058

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1314552361\manifest.json

MD5 e7314184e67b4501f5048c2e5f181d96
SHA1 f741a8a1b8c18c8d4974f937ef589b134dde5419
SHA256 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a
SHA512 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b2668f524b7f7b7878c804d7d3cc6f2e
SHA1 db36f5a7105324351651a9bd5b18732546cd52cb
SHA256 f1403f32d47cb41af5f47c4111f70b9c84c52c5c509e49ef8f45d62fb80a90a7
SHA512 76c5a1a6285795481ffeb8fa843c6ed7b486071c4decd28ac66d089aaa803f0f2de1ad88422c9bdd9e72fba28a02b5188c7f3cbd3dfa3e45d988b0b4e528d099

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

MD5 4587d52babb585a6c764b03185519360
SHA1 74b2bad738d94519e33e97d2713bcabb08d7f4da
SHA256 b66fdb3918a39f784976c41c0b94f0fdf59217aade0d491e22c84928e99589d5
SHA512 490a908a47a2c04252dea7abacc4a12a8f7317fc01cea6ecdd958b8bc013955c78e63348749623bfb071cb8f207758c98ca7ff1d184436be2a2cbb6bd9ca3570

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_A81BB8DEFA061C43E51385B3AAAA57B8

MD5 9f40ec3cc0cbdb5d14eade113ee34f57
SHA1 735e3b522294e2442d3db73bd37e23043c00ff74
SHA256 1f8ff22e930f94ab44c6b4987922e0ed21a38cdee2b7fdb881ff2eedcb736aed
SHA512 21a139757a0fa15dd17654c6570e6977064738ffba3c45b96e12945c73e4744bf1a850c88a41a28575d37879873772654854ab0c7f7e1ba64bf7acdfafb002a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_A81BB8DEFA061C43E51385B3AAAA57B8

MD5 0d1fe868708d7530b6da83cb3863cd8c
SHA1 434e5c9091c78c7b8cabeb3f54b1e67999cd368e
SHA256 90784aaae4da76c39c2fbe732b39efdc15812175e84ebb4b88647d50be80030e
SHA512 09bc631710aacab1b713f731ef8e02894202e4c3e4522a569fb191976b51b12ac2866554b60518e2feb7623af2014e720a92ba57bb0bf7c079cae957b0dc6f01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

MD5 7901f11dcf2992896b9a5548c7eee1a8
SHA1 b02b1dc353b5e462c2e65e39119cb130bfb766d3
SHA256 b2385a0aedd9ca8fac8dc9597346be20586995b1821117070e4b291b3527aa4b
SHA512 a511db3fe08a0d93381117cce6182b64ddaf4aaebcabf0fd98ad64a3ff5ea37b510099f676871e894b1f8551f80ece6b6917dce2e0dce81c1904195069295e09

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0MYGPINR\agreement[1].htm

MD5 32d4112f03de2020a43731fb71f6ebef
SHA1 8de582329d8b5bf794f80cb5827857a8800cad8c
SHA256 96d537101c7f381f21c9d07254a11e817b66c84d002c5ec6bd80fe6ca3c8dc3f
SHA512 a19cf51eaac57c72691507267c3b9bb8aea09cd0c92b5d5bc88fbf19beac352c76d2e9bb3f6c3448caf42670b5a4f997f3df816fd25b80cb09c7ec6ad44a4a7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d700db306a74710084f266223f97e67d
SHA1 133150c6f5572e9fee0150f13f53a7eefb2d11b2
SHA256 52fc38565e5debdddf9e5ccf9d22a235ecc6095fa505ac4237128a90b50dd2fc
SHA512 09b7b5408697ddd1eb41df88bfac9cf941858c5870d06d7a8b7793c89ac4f399c0c470ddcbd35d06311827aa17eb0dfd811ae8d2fc595118874a95fe89deeed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json

MD5 1c865471f98902a3818e8bbf46360342
SHA1 932497309e942f67080b84dd37dbd634117135d4
SHA256 b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d
SHA512 d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_97463467\manifest.json

MD5 01cb8b111843d1f1dac11d249c24c8b7
SHA1 c4f1f6f219f325caee6363df7f459323109f2f6e
SHA256 b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a
SHA512 075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json

MD5 8060c129d08468ed3f3f3d09f13540ce
SHA1 f979419a76d5abfc89007d91f35412420aeae611
SHA256 b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA512 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json

MD5 c1a0d30e5eebef19db1b7e68fc79d2be
SHA1 de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256 f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512 f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4214f6270241466e0fd46287f77a6f30
SHA1 63ce9c62428ec84a248f533e2808af37e2f8fd65
SHA256 51db7f75f698328c49ec0e1d3b3da2bf596c700334f03d1a56147745330014fc
SHA512 06b695f82b0f031b3bfcc05444437a8cc0ba13e844a5c9b9f2513354784ba3f086211a4fe24e677acaa4250ecda21cbc06f2def0a9db28ac8d59c63cdad0ca85

C:\Program Files\3uToolsV3\files\bonjour\Bonjour64.msi

MD5 86e2b390629665fbc20e06dfbf01a48f
SHA1 d9f4697a6f4eceea24735822cb1df501268ca0b0
SHA256 46e31e284da64d6c2d366352b8a8abcf7db28d3e2a870d8fcf15c4a6fe0a6dd1
SHA512 05ecd3be5779f39db09329dda4dce0e3c49ac5d3950e92833031622b53542dadbe9e2948df35faeb4c41dbc8e01992935087c4a2975c797bd008ae177f7c3fea

C:\Program Files\3uToolsV3\files\OpenStreetMap\search.png

MD5 a73bcc83dc2729d19d9d0e1eb36bbd96
SHA1 9d15df65438cab48d07ebe7e9359258ff1011423
SHA256 29739779fd76b21175d4ea24d7ded3e057233127062d05c164b9ab4df9e11a3f
SHA512 c37de466294c22c9b3ed6587c639a7d53ae6f5cc8d352931035885191a2fd329dae3ff28d1bdeb363c2c12243505584354acc5f88bb8e21da9c2942d03cacf03

C:\Program Files\3uToolsV3\files\tutorial\ios9trustapp\jquery-1.11.1.min.js

MD5 8101d596b2b8fa35fe3a634ea342d7c3
SHA1 d6c1f41972de07b09bfa63d2e50f9ab41ec372bd
SHA256 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
SHA512 9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb

C:\Program Files\3uToolsV3\translations\qtmultimedia_en.qm

MD5 bcebcf42735c6849bdecbb77451021dd
SHA1 4884fd9af6890647b7af1aefa57f38cca49ad899
SHA256 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512 f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

C:\Program Files\3uToolsV3\translations\qt_gd.qm

MD5 d512456777500dc13ef834ed528d3704
SHA1 90a32284052c3fe12c18afec9f7ff56735e2e34b
SHA256 c515dd2a2e00765b5f651aae124a55d617b24777138019abc5a7001da7417561
SHA512 babef929ac600c117967b42389623f352d219a466c484ae68ef3c9da9ff61555875ffb0dafc3e5eada6fb43d37f7afe74a6b6c73458a93ffb42819e1068c9a3b

C:\Program Files\3uToolsV3\translations\qt_he.qm

MD5 26b777c6c94c5aa6e61f949aa889bf74
SHA1 f78da73388c86d4d5e90d19bb3bd5f895c027f27
SHA256 4281c421984772665a9d72ab32276cfe1e2a3b0ebe21d4b63c5a4c3ba1f49365
SHA512 8e02ce06f6de77729aefa24410cbd4bfba2d935ef10dcf071da47bb70d9c5e0969f528bdb3db5cab00e3142d7c573fcf66ea5eb4a2bc557229ad082c0eb1dbcc

C:\Program Files\3uToolsV3\3uTools.exe

MD5 d0537f91590c1122e5aaa5e08de565d4
SHA1 d57923e88709be706b87cbdde7b1053b16e75a2a
SHA256 06cac5a360c086197ffa6bd223b3a9cc18949780c11a888e2b6122f4f7e2d689
SHA512 a721ab6adf39f390cb8ba4a0db5dbdebd9891f3b8d0a3d11a31b57c1da768e0d7f4266dcadcfef2d9bcdbe63d35e6fc6136332c4d4d8bf5c36d4e01d5e010fd7

C:\Program Files\3uToolsV3\Uninstall.exe

MD5 196421661e24c59bd11536f3ad9bd243
SHA1 a59eeed11cf849a76e69c52b35c56fbcfbdde074
SHA256 f1b74d97c627f30df80f2615726561b103659a93e5c9c718bb4ed5b96344d7e6
SHA512 7a358d504b74abbae0a7fa502ee85c87ba528ef01679af6a5fb591e75780cc8b1b4fb9afa11374ce7850d3c195f982a754319a015ee5bec4b4f0ba9a17ed095b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa851f0ba24ad6d6edc63e0d8939edc4
SHA1 b60b691902a1b699f9700ef29985b02f709aa2ef
SHA256 0acd62a09f10b6fd77a46f0339cfe8e4b36d2ca6b9bfaa56f88d41dafad4ceb1
SHA512 2e9eb36bb595d5641080f0ffd4406f163f204e02b1adafdc25c9cf8a9033a68ac8f6d020980ef9334fc72f9bcb45c9522f19aed403effee732e248687e641227

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_906627306\manifest.json

MD5 59e5d162c3a5d96b7ebd23712271b96d
SHA1 f48585f462ede55730df40a762f5234dbf67d664
SHA256 b88eec9977c596dc8adc22e39477392f808ebdc61220bfcf373dee09f87e764b
SHA512 1b1924164338dde0a51b852de40b4c422ea69a56c0f7f2d0e87f0c4d861416e1f9f922ab04aef0b808df4f372c4bf12edd147ec34872b97e8aff92d823a695ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.6.30.1\typosquatting_list.pb

MD5 981943717a2f6eec151e0981f42afffe
SHA1 7b96d1970f4137632264395dad561e541d0dce0f
SHA256 10d399c6b6ac4cf794b498459cf7926cc4bf6f862b78baf790c036c63b922a56
SHA512 360feb97c12ba3db31df8b8f7e11cc6aa362b4c704f531df1d6de77d74468d7118d030048251b9ee336682bb6cf97b577f319266fbae609fdb28f6d46bcefa08

C:\Program Files\3uToolsV3\Qt5Xml.dll

MD5 6f8898d2285d5466ec54bda8af8d10b4
SHA1 7238804242aff57aec15acf2351eb507b0111a39
SHA256 2cad1733f9efc647fda9fcbe8cbd188e71e3cedaef0c3c1be07b6530d5727f9e
SHA512 200b2a62ead63232a7753c4b19813209951bdd00a151135a914c121077eb22c9a38ed550ac8842434758be4bbae4b14ba8096417f46ee8c051e589c0c4ec1e80

C:\Program Files\3uToolsV3\Qt5Multimedia.dll

MD5 8ca625fd879fffda74779b0af552e465
SHA1 6c6941e688136d22d72beaffcfe7cf541a62a6ad
SHA256 42a532132a7a04c0421f697eb023c54d791d3a8a3b2f82209120292073aca622
SHA512 2087fa205916db22434f83f213419d88969bbdd48dc3908f1069df15996a4aaea9fc19eb572442c180c63e01824c3a9fe45e256318e588ca66eea2b40da6e1b7

memory/2392-2378-0x00007FF96F010000-0x00007FF96F400000-memory.dmp

memory/2392-2380-0x000000006F6C0000-0x000000006FFE7000-memory.dmp

memory/2392-2379-0x00007FF684130000-0x00007FF684E29000-memory.dmp

memory/2392-2377-0x00007FF96F400000-0x00007FF96F93D000-memory.dmp

C:\Program Files\3uToolsV3\Qt5Quick.dll

MD5 2577d3423d0f29aa70a78450b28b5ec5
SHA1 418acd19a9535bb5536487b3bdb7b73090511b2d
SHA256 98307b0c701b2a9886de24eff369e22714fe0aa3404e6a58591c8afc3719813e
SHA512 b9e82136596263a36a6bd37564d6649205c4e66e19e9ae3ef79a31bde57c3ed9a8219ab0ed71e6a6c208e5b6b2e3d29cee437c6fca7cc1e2634fc9364908196f

C:\Program Files\3uToolsV3\Qt5Widgets.dll

MD5 2c3d30abf2f9cf6ab33107e8bebdb181
SHA1 9569fe1092aa2c4bda74548e44482e852b7a0167
SHA256 f9c58b3f883ce8e969fbeb2908f4a95589122c4574666d75dea6f6a835e3bc59
SHA512 1cb5e3c2e960b992c8030d38c2f76307c06f2f1e7eff25ae99fbd304b32b590cfec5615dfcd05b1b1f8bc740db4360cc78a669b513cd94ba82b55743d0df57d9

C:\Program Files\3uToolsV3\Qt5PrintSupport.dll

MD5 47a12398c7cecfe9ff5556e0dad8d8fc
SHA1 15e5c03a91d887b59a76634690d6d20efa9230e0
SHA256 10f3f980b25d8d28747931f9c8b903beb0cb4e01ac5c4639c4757ad380c57b12
SHA512 17b790185d1d24617f07c36091bc8db1df971376fa30643d205e7d5c3e82dd5bd7a4046a64da31d0bf25f052992169447e74a3827d8e54fae0e9e0cd6ae15927

C:\Program Files\3uToolsV3\Qt5WebEngineWidgets.dll

MD5 febd0bc442a26588adafd4bc3d59e7c3
SHA1 efc0b54962de01ba8a7db5254a14c3a1e584586d
SHA256 6f925a98067394119dee637365c7426bc011f3790a6ebd1209e0941ac7d8a7ae
SHA512 ad0cc1f77af94ee83683eda0b45992652370faae6625a4476f8fa962e553183dd3a1d80c9b9b81b4bb20db7fa51d4b9418c5c27f37885c90553cbf6e2b7541d5

C:\Program Files\3uToolsV3\Qt5Svg.dll

MD5 5455034a118445adabb7a2dba0a5c240
SHA1 6ba6563d7709dbddbcf94ed2501235febe2385ad
SHA256 99fdcb49199d843659c4570df27670f12b33f659e3d080f8052c417fb468fb8c
SHA512 86c2834d5582edb79d01c1be508bae4f67947a1b291b512b9641715cdf6ffb6b6e4177ee3fa906c06f6c8775b3ec18b3edeb145566ff500c72532601c6f93f44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 9fe7f8ecaea5b51a9ad46840e96ee14f
SHA1 35f93a20d601e5b309513e22ac470bb9c8627cf2
SHA256 baaef36abde9bf1306f50f2e4e844df3206d18852016b25e243de3b01e5eaa28
SHA512 745038aae5022202128c2ba045e2ead1d854938e4d01b461428b823311bde5eeb7ec6072e841f6f3ae942344783740bd6500dabc8fe91f65a8b88bdfc325fbaf

memory/2392-2381-0x00007FF684130000-0x00007FF684E29000-memory.dmp

memory/6092-2402-0x00007FF96F400000-0x00007FF96F93D000-memory.dmp

memory/3496-2403-0x00007FF96F400000-0x00007FF96F93D000-memory.dmp

C:\Program Files\3uToolsV3\setting.cfg

MD5 20597c1917af28d7129d6d23ed5cf8db
SHA1 5587f3f873f66de2c534c6f71fb54b6be9f48ca0
SHA256 78a095c2205d3d1389eae26f6f08d90ec7cae79836d200c7f844c049cc01017e
SHA512 d22851cadd90f36b2cefd7abe0f2b8fb2166bafa3109c087bef2febac2f79963d4977fed9e30b11ff9ed8bd2a0430a363dc1f808f76bad89e9d1e481ca4c1686

C:\Program Files\3uToolsV3\setting.cfg.lock

MD5 9b70a249faa11ba4df10db8cdbea98d8
SHA1 ade180ecaacf953ed71de7c2c5c69bc6302044d4
SHA256 fbe8833c529861267bdcf94227c2a63bd969ac33b850a66d4c4864f4430dd058
SHA512 94741379f7d73d0431dd2455fd02e29d0dd9b6b83e281becf772e30c6216b469525af5e3235ebc30d3cb55ec1c3e3b8f4ddf88072097e844f31107d61778b362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 07bba96691ff18808b46b3a9aec8a78a
SHA1 dd2d34893c759cade4b78a5474b3f69a515a90b3
SHA256 e7b94b5bdfc91cdbed5a329a4c77c122376b274a4ca811850aa0c9a3126a747f
SHA512 c90a2ead87862a17ba3cd5fdff80ddebbf488785206726624faf289ca03a03fa9101beab7f0c209304fc347b01d69122d06c2adb9289230d1d21654bc8cae603

memory/2392-2488-0x00007FF96BE20000-0x00007FF96BE4A000-memory.dmp

memory/2392-2581-0x000000006F6C0000-0x000000006FFE7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaaplrc.dll

MD5 1428a8b3dbf4f73b257c4a461df9b996
SHA1 0fe85ab508bd44dfb2fa9830f98de4714dfce4fa
SHA256 5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20
SHA512 916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7

C:\Program Files\3uToolsV3\setting.cfg

MD5 295378b509925b097268cfc33042ad0a
SHA1 89fb9cafb2b95563c600e4dce8a3e523d357ab55
SHA256 ba6eade872ca4b90cc2207c54f706d461a3a3e268fb0ec9bce2dc1bfc7710f53
SHA512 cf0f1305b63f16d21b5ef3bdb104d34f9a8872cbdb9c065ee25a724152d0ea3cf2a746576c2ad3136a1e2591e2b75a0e3710b75d7fb08a0dad7e5003ab06de2a

C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEEBB.tmp

MD5 97bc3bb77be14d66bafe247e5c46b0db
SHA1 4a78bef761020aefc50adbf894eb02666dac6db6
SHA256 9a160fcae82c933fe3930830782b7458707defbf2200f46d370f6bf1a699c376
SHA512 2379eaa10def39cb5286aba3ba7df558de48e91fdb112aa8e4463ed009fd880fd4d46481d6aafa8ee84577331cbb79689ba4bfe4451cb017df5e31d7e95c83ab

C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEECD.tmp

MD5 a31656d224232177d4049bdcf6d2a34c
SHA1 432483c57d446b2ef2bcbb1a8fe5826cd60d7011
SHA256 b385f6d5839e6a031451947f8ce57a361b2866ba888bea58ce37f425d36c020e
SHA512 b403e8273c7076470cd93af76bd8714d1eecf14104b362971c6af84758d1ced73ff10a0bfc2c3f0e01f11716d77b21b01b0d660c06b0773734a961f7e7830bc3

C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEEBC.tmp

MD5 2ebc04e384f237d2b32caca8a3f901ba
SHA1 1f3638c5a94668f3877f046b6df2fc4ef6f2cd08
SHA256 32a07ee9313ae0b4bae928e5ba0e2eb9d99a5577946fb44dcd0e81d8062859ac
SHA512 8c142a0eaed394f742e824ff41d0ceb927572d291fe20278d5c09ebea3d69467ea91db3befe72f550dfd6efa526836f7241d70589ca2ee5f8c097d3ad83ba601

C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEECE.tmp

MD5 b2e9926bef29e3d5fa62928f0c7a16f8
SHA1 5325f3761554b960e00ada65478cfe2967334768
SHA256 97830acae22500125bb9fd2c0ad39471ac97bf95eb6787bc368c1365dc608390
SHA512 288bddb5bc4495ca40fa2ad5d2e9f9aa49c0ce05f7fc464d759e7b529b748c6f0726b24ff69416acdce1dfbff3453362da40f4eaaed67ecfc3c2526935be4232

C:\Users\Admin\AppData\Local\Temp\itunes_fix\driver.7z

MD5 238c5c261745b85ae717bc49df6f8170
SHA1 04d2e17652e4f5c9aca9bcf756672df34db2da6f
SHA256 16fc810b7a9df820e9544a517cba3c455fe68d2b4934172f98d184e94c37cb34
SHA512 17504743c90bbf6f0c8724ef439d317c4fc1e668e19c3445d7a96ab5915c4527ac7366fd951fb9232cd8c158ee5136b7563da9b42b02ded6378b05fd036ac7c4

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\applersm.cat

MD5 8dab3e4d8e271f17696cdbbd638f28af
SHA1 c4b3df527a77303785ed28a5cf1ac00d729ee83c
SHA256 df42e6ae66f82785552cbe1815246128cea10029e9dbb463e211590941a81bc1
SHA512 0a52bb023cf6d33faded6eb2829e0706f021be76217f050a77f65b09142f20b37675877ce8911cdb3bc8349357e0630a1e36ec60b3855097ede1c803a60a5880

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf

MD5 6db0394609c92e266a16bfd93b1eb597
SHA1 2d77b73e0ee0cf5f891dfb527991ead8cb39f22e
SHA256 10aac2d96e5b2c8f55605fd6acf6a39c7ef3d092018a5bc622011ec46c139a7c
SHA512 d1e160e507d5f4e2a561226c5ed4254562ac1599481f22d39d6f3b9560312f42d85247017db3b8b710677559327ac71badcf2473696a14dbd2244de6cb48c4ea

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\appleusb.cat

MD5 70e09f54ea9a321c80359bc9493fd9b5
SHA1 440f5acf4b12bdfb052bc2e079e80a8ec6feae1a
SHA256 775e43292702903d1f3991b655dde23ccb378052d28f7e0e8f89e2f4580a7387
SHA512 46bedf56160b17fa9fcf0c707d88b6539e4acab7c76e74bce31d4875c0f5d1f8ff0eb177f94aa0dd11b47c13d39a637f96a81af064aa79886259082be79b6ead

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf

MD5 a150a24f14aa40de4c18a868993c84aa
SHA1 b239f3995efa3018025a8b59bd7617f6ae06fadd
SHA256 71ef7dbef3e7b2c1bdc32c1a4400aa5f92c5c7eee9ef6261385c54cd9d0e26a6
SHA512 953cf9074a00267be108d4fcd8626bfd56fcc7e1df5116a39564cfca4cc472f15ba1f4731dbfcfc92f2a92aacaccb186e9e552bf2115e68f07699854194b1010

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.cat

MD5 168c4256eea6a76983d79d45f191469f
SHA1 2f4e6d8db4bcfeec816d31a70045895a3e6158e3
SHA256 2b8a6ebc3e10d06a6ebbcb4ef89992978836eb52d2ad1c09e19b137b0963c2f9
SHA512 743f28589f4357594c4490c6bdc46b6ca6e3164ab58495d686316ba8effc004e68507b26cb07032f3232ecf21045078a97aae0fad9ac78acff48ec2ae0c26585

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.inf

MD5 2428e7f81420a9d7e81dfce9fa0613b3
SHA1 96605444de2721d553530179ea96024f29b32827
SHA256 6db20d1374088a64b5a435189e3cbf1c0f30496d4a2c80346bc904605f3d0261
SHA512 fc98a3010d5a71ce4c9ec2ef16914cc6fabf531fdbf1cfc487d42dc352111e47f970565a011cc6ebd18b2632af5bc107e5c0e784127b789b68e6cb3f214aaf5b

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.cat

MD5 98b045f42f67bb602d8b768318a86018
SHA1 a04dd80cb60abf2dd73aae417b0a34e10c321346
SHA256 ad62ffdfba01af7222d95193d23bef0084115ee3aaba3ca1bcd808056dfe2437
SHA512 5d3295eb28685cd16e7da047d708f3f0d7fe0b2ea56fbe87d671fdb8371ae9d0e8fd18e3c456189954c8938ca96b4dd5937f21716348b27449d9eafdea104d83

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.inf

MD5 2e21c73e279f7d39222d038cb711d7c1
SHA1 493f1339c2dcaf82ad589158fd2f1b134cadbf8f
SHA256 7d256f65ad5b0a2767f9cdfdabe80ff9fe18c00be93e7df0e08c6508f309d519
SHA512 f5118e029fb911108eae967bd175a30eeee4a3898897120c38e92b92b43009b21f3810805b7a92ef68d2b8cdd84ff3a11d554114c0c4290e5bd9edb0c47e35d3

C:\Users\Admin\AppData\Local\Temp\itunes_fix\path.txt

MD5 8629beec6d2d530f4b06a816c78358a2
SHA1 e4fc314491e7af7783d82d452bad1cad6d535246
SHA256 348b6816e84c4ee4cfd6cd69d340df2e9a7129c25c24f385e58a06a3bd2a7834
SHA512 8d3887345d7389def047296613f1de77cdd8d925f94652c80d5b4b909a693838cbd09bc0df95458d25c25f1bf5b80d71bc030840da2c1ea5979d86677fbf7276

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\USBAAPL64.CAT

MD5 26eee7af8aa1ef8c1bd7c9327c602844
SHA1 990a56215aac7000eac9371f489a0fc57d560078
SHA256 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30
SHA512 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf

MD5 2da3a91b71919d035d8fd17b6b90bbc2
SHA1 c2c6a29f3abc80fd992777a92df30699124d37c5
SHA256 edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b
SHA512 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\USBAAPL.CAT

MD5 97f4158a43852869de6ba9f1c754bbc8
SHA1 0565f0874d623268529b86967b93a7ae8d57dab5
SHA256 1daa9a80eaf692e1c1490afafcc435e37cafa94e9a9dfe453a82b1b472f3b1ba
SHA512 ba75a483ac75deab29c4174f1991dbcf4a76857dac23c99065e07585a5958e49f1ade0133fabdb3c8a28ba35e8df06fb529f81c756ae549b35543ad39817a44e

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.inf

MD5 ca3a369e3993295e11d5fb6b7663f3b9
SHA1 7771a0176a543725d7bbf70a546c096a4ee2dd40
SHA256 4494c8af156d9dc7deea76491d73716e16b42e3e8b5b4555b0fd247b6cacab8b
SHA512 650b0f23b6470ad84a001821bd5ba6fc906db0e6fd616d734a87b9777ac1f5f6d6d0dc52f5aef223bf362109b77cd89c5b4e93562c1168fbd049756d714b64cf

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.PNF

MD5 e70b88763cbd6ea996b231f2d1f22b77
SHA1 fa42e09d3bed60f7ad90f46ef142699ff6a376ca
SHA256 0cdad698563e00f2f7fcb88d8260428630f2cac3bd8f4a60b6862c1db0694961
SHA512 6c9c46fda2d6dc9076333981c5baada87a711d09394a4faa02d3c8d7dc40e08464c37e5439f604846f758684cacf7f78bf944dfcc84506b0ee709dbf4cdaa0cc

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.sys

MD5 39fbeae7efff3b0859b3d467e906a81a
SHA1 de04f243e6837394f141897e6df98a7777a05d46
SHA256 30bebe8d26c16e1d22d776e641f7a68b9ccd1c70a3804964db6753b821eee4b6
SHA512 f565684b27a92dee7b748479631af3f1a201fe9e6cf3b76346f83b59b1755fa3483c97c95b65e7bdd7d2bfcbcb973c4c1f0a2a6859d17e73b249e75f9a6c1058

C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSMInterface.dll

MD5 cfdd6b37070699bf9ac287fa4fdebf0f
SHA1 bb6d98979e0577229beae7607a92d5caadf45113
SHA256 35075c0a280d7544b402c1f030ae9acd3c917fc1bd6a52145fae9b2a55320ecc
SHA512 793151eb8ab8c35eab2a4e4d66b2dcd4827fef53080b5c0be7fa359e7f4cc7377998d7f222303d93233b09fb76859c16f6c47b3ec3b0e88081a8d1cffa8b4978

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleKmdfFilter.sys

MD5 201f083b80cdbe930d78fe72f1123e22
SHA1 6a368a4665e0e56c3f32973c679258ab6c4fc35a
SHA256 72fe475d8ada0cc2e26a4e659ca7d03bdb8d3061b4a689016a54eb52b18773a3
SHA512 3fa61fac2127efbcadff25c17e055f32ee8ec65e82f192cb87fc3390dac322d5d24b611ac3b665b5661beb1bb0e62929e6912c80880b2187540298bb6eeb52bf

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleLowerFilter.sys

MD5 dbd000cc3ef170bd3e5d26b7349a7039
SHA1 1022aa866910aeef33a711f5a6d1de77a5dcffb7
SHA256 ac3469ac659287626b05cda0da457b63ed78241d4f20c60778f6292d6e158346
SHA512 6342cbbd7864494ca22b9a5eb26badbedbf800d094cb0343ff441c1b6db49b73e87d37377ed9029c386cdb4e60debe9e24cd34d0f3733ae55b42f6bcd7ce5f3f

C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsbFilter.dll

MD5 c1c5b35fff1e13816718d6c30e15e2c4
SHA1 a75a49857418f8915d27df08802555e9d2f65274
SHA256 17fa26ea576e98f40eb2a353123d27232335e3a20c8d91465ec83710bc1a8eae
SHA512 6725458b4b99d330d49c2499659eb87c9cf7c623fb5e9d1660c2dd13104e169ca1cfd242dab1ed601ff9902691d7875fc7f5fb6bc9851c336b41d20c0b66ab3d

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.sys

MD5 ee00c544c025958af50c7b199f3c8595
SHA1 1a9320ad1ebcaaa21abb5527d9a55ca265deec5d
SHA256 d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1
SHA512 c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\WdfCoInstaller01009.dll

MD5 4da5da193e0e4f86f6f8fd43ef25329a
SHA1 68a44d37ff535a2c454f2440e1429833a1c6d810
SHA256 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e
SHA512 b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.sys

MD5 9213aa35bca94eb79d366da254e4bdf5
SHA1 e05ee5138270ef09bdaee37b31ddb57935e55cbb
SHA256 5e1c71beb6cfff5a6f149e9fe6e169d087a6cbe63a504fee8d42170284952f85
SHA512 51f147b5822b1adbc524712575a0d77cc28cdf69e3c6e01a81136043fe6fe57c64783b47d59f8e8dc0235abbbeefb658f9dc123ac104666a8f232abc121a6e5c

C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\WdfCoInstaller01009.dll

MD5 a9970042be512c7981b36e689c5f3f9f
SHA1 b0ba0de22ade0ee5324eaa82e179f41d2c67b63e
SHA256 7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77
SHA512 8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.sys

MD5 f957092c63cd71d85903ca0d8370f473
SHA1 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d
SHA256 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf
SHA512 a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc

C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.sys

MD5 a176718f0df45f60f545cf3e14f4d108
SHA1 fb03c1b53709f65712df5a8318130d9788bc3cea
SHA256 5e767cb0b51b3ba05b6f99a7e46bec275489dcfe874343c9b992843aa1f2334e
SHA512 7af3e0b90cd175b6b6c24abf237dc4395e6b9d2f360ee2cc3721d3184811fb5b086199d4a27f36bce8d6462c2717b3d9e2e1814a9d5a24ea4dc4fea32e6ae427

C:\Program Files\3uToolsV3\cache\devices_table\border_14Pro_SpaceBlack.svg.tmp

MD5 7f2390f5032c2a01f2af2efd2fbf0fe6
SHA1 155dfa69d939cbba1a6f147d608a102347af3509
SHA256 65d4e961734340bcc372fb5789c5ee02070239e6209b9cdeedae54623ec2b7f3
SHA512 7cfa63e91cf4f6569cf37fd49134cdc417758fefbf9720560bba36f7e85263954bc3979750213757550b7794f5d588bb2583273334fa44161248e2e36fa78a6e

C:\Program Files\3uToolsV3\setting.cfg.lEHaQj

MD5 4580d28ce81683110f6b8f192559f4d6
SHA1 b45ea89da23af0d32d44862cc3df06f0dd7f5a84
SHA256 dd1168b4e604e5526025ee6f72a658f60fda90c0fa66bc5d26206c0c83c72c38
SHA512 52fc5c1803676182683ef960a2fbf101c75693888b292195efc373f38225cfb55a88ca3350ec746d26af79c0d5060b33506a6667cd80d7413243e87de81f8666

C:\Program Files\3uToolsV3\cache\hometmp\1691646971451_957085.png

MD5 ddcce3bb78f7afe368ae73dc3ea96ac7
SHA1 adbc9d45e15c436b494a3141beeacfd94ad5dc46
SHA256 e8cae30319ecbd47cc171f1b594249b475ee6e21b3be7f647b8b498140fcc4c9
SHA512 70243d9e576e73797664e3abbf01aed97d8c74ebd5fb73d63e37222131f8f32a65aec7676d4357867d969adc30eb1037bf3841dc63a6b0bbc8468b3b9ceccbe1

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1437024510\manifest.json

MD5 b721bdf2924d658186ac8868dbd2c008
SHA1 914aacc65bb7933bd73aa06f8bd2ca0b04de3858
SHA256 dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3
SHA512 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

C:\Program Files\3uToolsV3\cache\hometmp\1691646872461_895937.png

MD5 417a9a266186eba0b5c0e7fae060d5b6
SHA1 cbedf7bd71f7737c076069565fcab54cd040cf3a
SHA256 fb536ebf3436a353ca42d3efe03204d9bd13f6d073887f8f38b875896d1b51eb
SHA512 bd6fd68e74312501cfe4701ed8627e341d53cb59c6f5bd23a86ee3ae7310762e0dbabaf0f96c5dd99e60a616242d4410e30f3ee083d9b54880ce3073c63a3c62

C:\Program Files\3uToolsV3\setting.cfg

MD5 908dd478504c22b31876523fd2ab71ba
SHA1 588e8c648db833f55b26bc0476152c19724a2c37
SHA256 7194abe7c90cd230420ded5a60056aa2ab82636d5a654df9b00e3f9a4555d25d
SHA512 ab0f215cb9e37042017a477814ba3d3b8b64c748028e1dd70c6978180fc57803786db641789628c800f2a14233257fadf750f4ec681144d969ba7bb672c7d1e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb38c2f13966a1b5f85a0bf1b5d7c83b
SHA1 283a121056651b69c993fefcaf4b528ee59ef0ce
SHA256 90557cdbecd2187f5e05a16e200c924dd940382bc2e612949b6da35b91f424f4
SHA512 d12b5959471884fd578dace2d455dc33fbd85b7178ee6b5a4b442207fe7b206fca2418c8fe7b5f6ac16d8ddce784ec82e36465d007a6d983bf58bff84d2fb045

memory/2392-3237-0x000000006EC90000-0x000000006F6BB000-memory.dmp

memory/2392-3275-0x000000006EC90000-0x000000006F6BB000-memory.dmp

memory/2392-3288-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1369925633\manifest.json

MD5 ba25fcf816a017558d3434583e9746b8
SHA1 be05c87f7adf6b21273a4e94b3592618b6a4a624
SHA256 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11
SHA512 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

C:\Windows\Installer\MSIA461.tmp

MD5 fe11c4804b99dc5328b62f266a34546b
SHA1 b9e4b99c71d01a5105263b1b351325ad60ac31be
SHA256 774992b8ffbb893475392387ff449532c9d75ef65b1e45718a03967bc526c739
SHA512 29f9f52f36de3501c60a9c41f5f16580c4f2b1c30bbbb2fbbc002b21ff514b3fdf5f1ad809fb84c9927c48a1cad9322ad92fd0a40522e115be8443946332a6a7

memory/2392-3357-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Windows\Installer\e5a9fdb.msi

MD5 5fa31f33afa76e4ff8387d526abb70e5
SHA1 c45e907c6189429b231579988cbe1010dd7f0f9b
SHA256 b6accb2caf4f4668f130eee803387588d31cb9e8d16c9e02ea010c554c1193e1
SHA512 6e2221ce35ee00b86ca4494ea41eefe9174290119f0798a351a2ffc51f3c8a35af3181c3d366f6232d5b2cada6729a265fdbc6de42ac56d8598516b2c9722072

C:\Config.Msi\e5a9fde.rbs

MD5 85b1ba52b4c17d704be2101f078c651e
SHA1 32121e5b185c41dbd2c2dd22562c87491a4b2d9e
SHA256 bfa2975e1c5dffd99617b4fb165b3e926030914bae01d16cca90b45572f8c6c0
SHA512 ee6a0ef58c387abd94fca5d5460c8a9e09b1e4be68b5d6f3421b25438afa9dbeb9f65b6e17bdd021987d3ab698b3a8f393f08416ed171e742a239f42b7dd7bd9

C:\Windows\Installer\MSIBD93.tmp

MD5 950087e828e1b7426f703678e446c799
SHA1 c9f28be9b9f810132ec8d78c161e5a232491e60e
SHA256 8a41eaa0d699f48661c2560aeffe4b0432cf755f1b15e31ac9aff667d498b3ee
SHA512 9ab24bf84a4534e219df132a0b43874c1d6410ef802c69e65c5aaf3d0c46085470690851ef23303f9a48076e8ae552d816903e02c43c1af83e6fc3457d2acb93

C:\Windows\Installer\MSIBF3C.tmp

MD5 6f8e3e4f72620bddc633f0175f47161e
SHA1 53ed75a208cc84f1a065e9e4ece356371cac0341
SHA256 2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e
SHA512 80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869

C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar

MD5 ce9a2f5a7fcfff341d6d901ad919a2ab
SHA1 341f9d9a0b3fd8cfbefe0169b148dcc55688ee93
SHA256 cc36a44467f41cf2dc91c126e368e357b28a0d57101472d2dfd1c06a4091cdf7
SHA512 1f53e652b042ee27fe05b11ccda2ed9ae9a8f44b948b8658aa7a2d7ad2f5bd94ea16f3d9a92e65a8c65b7480517f1d05a066a4fb8d961b927d0d305399ca4e8f

C:\Config.Msi\e5a9fe3.rbs

MD5 b42a077188287e2079f32003a943c6d2
SHA1 879946897ee28b52ac65e99c04dabbe86b34a3cd
SHA256 e798a1dfc4443227d4070e430490b9a8d04d59b47d4d64d91649d6ee7b657c73
SHA512 116a4bb088c4f886ffa69f0503b9a0cdb75c42d9fe843eef215220c0dbe2a31f33c8fdf999cc793ffacfeacc2fd5419472496531cfb5e6015e7cbe820c202661

memory/2392-4025-0x000000006EC90000-0x000000006F6BB000-memory.dmp

memory/2392-4577-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/2212-4581-0x00007FF96F010000-0x00007FF96F400000-memory.dmp

memory/5836-4585-0x00007FF96F010000-0x00007FF96F400000-memory.dmp

memory/2392-4591-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 57df952b92059832895da8dc1e95eafd
SHA1 acaa2089a51d1ec1aac0f12a758e1f1a8bff4c32
SHA256 e90aeb07ef7894ba94302956d1fee93bd7b154900c09619525bdfaa7c932f446
SHA512 5d24744bd3f6b209e875a03c0aa4930a6d250515aeeb8513ac448a9b28bdb6f6f93c386cf09f2561cd0d7b962deb5018255ef39f015d122ee6d608d68f1d992f

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\manifest.json

MD5 2617c38bed67a4190fc499142b6f2867
SHA1 a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256 d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512 b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\hyph-nb.hyb

MD5 677edd1a17d50f0bd11783f58725d0e7
SHA1 98fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256 c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512 c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\hyph-hi.hyb

MD5 0807cf29fc4c5d7d87c1689eb2e0baaa
SHA1 d0914fb069469d47a36d339ca70164253fccf022
SHA256 f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA512 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\hyph-as.hyb

MD5 8961fdd3db036dd43002659a4e4a7365
SHA1 7b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256 c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\AppleSoftwareUpdate.msi

MD5 adf71b16f66b235268c5d894bb7c46a5
SHA1 b44a713560477c1ddc0be33bfff1a21cba714bc7
SHA256 0610ef6e01c2ba53f57035545f2c61e85b1bafa6334a47f6de8a63b060f9a130
SHA512 4564dba8763a165b582e0ab785fbf658f50fe07469716d0b840261a8faa9b1b9ffba54cab14f674b46bb22445128a1f56e36491421c8ca0b7dab1d933e0dcbd4

C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe

MD5 6a0d9995affa10fd6d842828c9420206
SHA1 2c011c5ce86139bf35b72e017dff67b2fd54270a
SHA256 8ed8fff282adfb2f025b9d789577cccff5aaf426731615ef16dd99728f0f51e4
SHA512 879439b4840388bb438f6359c458f61d8373632207ae57ac37c45d74060f5337dda7f0b2b45fa0534c305d5ea7fc8eb5de9fddc57fca513796d0ffc754ebd3bc

memory/2392-4903-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\MSI4A17.tmp

MD5 6ad6ed5ec87f3e15b9ec07752d4f0390
SHA1 4ab03a717d114ad88207ad808661d7f009156bd4
SHA256 fd762fdae46d1430ceb28887ac092e430003f3f09d45c294a49fb37c831a87ab
SHA512 cc96928bbd249dfe6567469a5bb06cece2fe49b7479887434c3d2fbdca33969c2b05e5217be38eec4b5afa439bee3e3aeb9f7a9bfa015be17c31b2a0fff04770

memory/1420-5013-0x00000000029D0000-0x0000000002A0F000-memory.dmp

C:\Windows\Installer\MSI5D83.tmp

MD5 928f5dc7a304a78d8687b16618ae7808
SHA1 b75a22cbcce356cdaf39ad2315ac8974f4ee62d4
SHA256 d1727467b076e59abc58fbc6a4355a9d238fc5b1842644e33a0f920aab449e28
SHA512 c85167a58195261cf71c528e4877618fc7183fe04284abf7cc1b50bb74add5bff81d53371d881771bc96302b0be35c2aad9696a7cb3292c3c3ab3cb8e4712900

C:\Config.Msi\e5a9fe9.rbs

MD5 f07a3879f355deac9a8a01274a60b32d
SHA1 1cff2b1296e1199457579ae81c72b30e76b89664
SHA256 2b20e176c8341d8d898cd361af953ee249c447df79ce5cde93c6cafc975293ee
SHA512 915384bb7d2ac325a101004f5256c59fa39cdc661f913fc384991b66cb12a2a84598c39fbe09e9ed5af6747b31d8dcbe2977bdb5aaddd9f654754fea9d9f698b

memory/2392-5040-0x000000006EC90000-0x000000006F6BB000-memory.dmp

memory/2392-5049-0x000000006EC90000-0x000000006F6BB000-memory.dmp

memory/6908-5057-0x0000028EEB340000-0x0000028EEB373000-memory.dmp

memory/2392-5064-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\[email protected]

MD5 59d4281f0f7f665c809f2a68434999ff
SHA1 1c71204e311646a1b367860c0de11ea5e60e06ed
SHA256 57b642737825507373c0b192e3431f7a15848c1fb061b51b262b8d2438551e43
SHA512 e38edd4b53f950b8c3202552d38a6a56ee726a239527a1aec064b9a3a66f06a3aced67c0b6bc3c240994d006d8dbd5f2e2ec67bdd4e76c181e9331891d1d0154

C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ViewLineItemiTunesExtras_dark.png

MD5 589bbd384b604e83cadeba1d59f8fd90
SHA1 ee6fe62fb935e9f1007f31eea754e3cdc315d022
SHA256 096343c9ddc34fead4232f182085ceba66907446657257969f3916ba991eb58d
SHA512 369b8d35ee411971f1dfd02fa065ce2badca714a0046cd26d098c15a8f55185178206516a62de59f81bfd285d4a8804a29b64d98f51f4e4a543bdb2eea993736

C:\Program Files\iTunes\CFNetwork.resources\en_GB.lproj\Localizable.strings

MD5 11d00b701160c1244899bc1647e3b756
SHA1 866c9acf31291a1459e6719dff2764af41eddde0
SHA256 47be7f1aea7eba3fe98080713b1c4414ed5018aee75ee7f6453ae2ff95aa76c0
SHA512 f1e8727fa33b70bd146d71aa782ef8000b6824c06b936b7584057ca77cd082a001398bc5ef2202e12b50bd86687f3a75ba3a6b028d14c7ae3d1a21d868cb756b

C:\Program Files\iTunes\iTunes.Resources\id.lproj\[email protected]

MD5 11b4d45789544050871f75c0fb3b5e3b
SHA1 3362722a15fdd5a67d0c7e1c643c64a3630e89df
SHA256 f03209b2a8826502acf29e9769c73e1fabb923f4ac11057299cf8fea57a13def
SHA512 51854f9a9961224dac3fab303d2e39e0a30d3f52b9d5e561dc07c69950733e6a9c6f585e001a3f9453fe0a7932a74e9b53fea0e87a691787cd11cb009017a794

C:\Program Files\iTunes\iTunes.Resources\he.lproj\ViewLineItemiTunesExtras.png

MD5 59ecde9c26c45850d5d42fefd0a2fad5
SHA1 6bca0dc1fb62c293f30bd7880d91cf96835ed4e9
SHA256 2f0e9c34845db2353f8798bbd7ec23ef4fc151cd61b3383b0a3280b7de78309c
SHA512 9b9744414188aacbace2bfa37561266f7aa6426c6e61bece4990601f0a57c7c41302dcefe1757e3da86947baac2ebb06c266f18108448ccee41d205680822994

C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\[email protected]

MD5 ff602a53d097a0d42fae257d6cd2fcac
SHA1 57ed476c7c88b7c231ec9e4d6acbd5c04808d78c
SHA256 8acad76c6c4eb0c023664b845a7492adc2e418cefa48aba7e99496125a06e5cf
SHA512 a5f0d07314040fdbc614d09e2d38bf87ad0a1286c472f8c7403dd488488124e769d436ec1b01ff1b47825455f03aafadcac5722f4367fcdefb13ec3de0ec8def

C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ParentalAdvisory.png

MD5 d947d2a1018ae12438bc118af0a04215
SHA1 c816253a5341d804712b8fe00967cbc887f99907
SHA256 041204ca5fb90b0d19d0f8b5bae858bf4022d9c794990e8fa4a0bc7eae093ed7
SHA512 bf7192cd4f137311d4696a0dfcb5fec66df5ad45e301fff3f8d4104163b0c64d8abf2b2d3f4100802f75aa55b435cc890005d5836c1350702473b0359add46a8

C:\Program Files\iTunes\iTunes.Resources\ms.lproj\ViewLineItemRatingC_dark.png

MD5 b52bc951d0c8f8dae4329368388dbb76
SHA1 ae408ee6f2d946aaddb8be466f7de2b99c7c4c58
SHA256 befb8ccb14ff090ad56345786c9f367a8cb2d14516ccb52dcda123df5e5dfbe4
SHA512 144de7bcef6fc1be493229c84c2038e2c6b6719c5ceba95d7abbc14539c5222a3bd1e65eb00e0c0f3bfbe6e0be4ddbc9d2876dcfdb9f1b3372cd3361d7f58d98

C:\Program Files\iTunes\iTunes.Resources\hu.lproj\[email protected]

MD5 02185d025965988b87c6b4748cdcd745
SHA1 e110b97b7d669361a0f2a2cc38c4a62f3d5deeab
SHA256 ce8aa4cf4ded795fbf1c10fc881978746ce6c76f13accf566e7ba0e98f5af774
SHA512 f1b6617eff4a584a760c24423226c844e2ceec8df8023bc9a53da69b18f76d2226ad24d0d1b2bf61cb2da9711caf4c23ff7905298edb309cf771cca1797a2c48

C:\Program Files\iTunes\iTunes.Resources\pl.lproj\SortPrefixes.plist

MD5 e4f62c535e191b6d40912f32c60e1eff
SHA1 37203bd8a250fb9b7471e1a4b8b2dd4f727aca2a
SHA256 800cb75b9347c5142edc9094c9c829b10b6a280271f19e8ef3b4673a1cc48484
SHA512 2b64834f62de68efc971bf59e36d7cc0a29c3e7dc4c2c987ae6840488f6fb94e88ca73276fd0968f2f6b68d427a5f87a97faa0821f0cefb533deab38a58f3630

C:\Program Files\iTunes\iTunes.Resources\cs.lproj\iTunesExtraGridView.png

MD5 94eae9dc7a205de2ee0a17effa21b60c
SHA1 54f23cb71ac3a62680bd22a3b2b8ed5c6c86d5a4
SHA256 a33f1e4d73943a77e6471143d263aaa53a871f7534e27435beeea19e75c82fbb
SHA512 5601cb432d92697a630dfa9c5403b7ff1210f517c51eb84a4036d7c14192af287eb86782a8036b0da72ff39f827d118d276a43cfdc0019f40b85147948d3d99c

C:\Program Files\iTunes\iTunes.Resources\vi.lproj\StoreBlankBuyButton.png

MD5 ceeb4e2a8deb651b69a973f5d671d92f
SHA1 3fff59aa350cdd2cfea69c08b55540b63122bf26
SHA256 51edab4204721531caab3a704e86d54445db4b4ddca70ef2c4b1012fa6bb3d5f
SHA512 9112040b761b90b93e89249986e6e75d55038fc1537293d7eadd02e181effd601ea15aff7a3100cf2c72de610b8b4cfefb433ae8bd75499e4a3dbbccf8410493

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]

MD5 e85fcfa0b73018404b29d4fa04f047a8
SHA1 2c7ba150c3fd101231563ffec9a7fd5ec5ae02a0
SHA256 55617519bf037182dc93082300e162933c3771996607aeb605079bb834a182ef
SHA512 141c92030b58dea61e29020b1792cc2a8dafd306af2a9130b105721a026b81a05d0d1621d4a76f6b6e5509dfffd47506885579279b6a098130b542df60b0f884

C:\Program Files\iTunes\iTunes.Resources\pl.lproj\[email protected]

MD5 010e5869f100573199acf50905ba17b3
SHA1 da950fbeb52dea27dc393ad4a113422238bd6002
SHA256 f533c5ca2a6bdcd1a9c7f757c0c9a17d894b2717c3493bd7ced8f36a722eecc3
SHA512 83c30c0291ce0540a41f07a6566eab12b784efe5a7a8dabe29dee67fdfdc0e53e89026511476d0abd46a267bda76e179892a249be46619c7b6fd621d1ce753ca

C:\Program Files\iTunes\iTunes.Resources\he.lproj\[email protected]

MD5 8875b575ec840a83ede84ca27762761b
SHA1 7463b50c8483598dc6ae4889633a11edfcd3a5ad
SHA256 6529e898923292f4163ad09594682cb7fa1c32c6c71baac0e4405d9996dda509
SHA512 9af764d681309781353504d270d78ee59798154c94292e8eb73b07e78f077a52cecc9523ee088d68fc08de353541c6ed34fb2d73eabd1316e638485ceec6a6bd

C:\Program Files\iTunes\iTunes.Resources\cs.lproj\iTunesExtraListView.png

MD5 5e93c7b6af1f907359091cd0c629b3dd
SHA1 4aba4ecd7b1b5d7937e7c7faaf7ac1629c0394cc
SHA256 b21d24670a44bea7c5c86c2b87d356e66006cfeaebb8e6b7d4ebf07974ac3f66
SHA512 492683e196bceb4f80d2bf07dc9031fd8f1667b0d8e3da877df1666bc419276bde0a6af8a1dd983a0b5594d5e0143eeda09ad2b87378cd221fbdb3e45291772c

C:\Program Files\iTunes\iTunes.Resources\ro.lproj\[email protected]

MD5 6cf4cedb6b5148b103fc91a2d057888d
SHA1 23e873c7d60c21248eb9f8381643a295dc4fb12a
SHA256 dae1592358924b99a4363cf20fc4a6dbcaeffb5af2f7a248a0fb687e95336597
SHA512 4847a96925aa568c6d523f84e760b35d0f4abad4b6df70c3ed6003289b776b3327bbc41dda3da96221113e41b0097a2275db5bc562c77117db6c04e4275fc583

C:\Program Files\iTunes\iTunes.Resources\cs.lproj\[email protected]

MD5 236216d5b66e7e9f48715b953b465c56
SHA1 7ad8425770aeb398922005b2649c4764c5b6dc5f
SHA256 ebdb9147c9b509b923fbb4e1e7903c84f67b42542b0055b2f8356a16c456191f
SHA512 6da4821957d52ef729cee2c6436f75b8581b702efeced430e99abc81be11f8cd2f2b2c374a88d68ee177b46b0cf34f723341a78d642dd4c81a8b5f09e8c77bd1

C:\Program Files\iTunes\iTunes.Resources\hi.lproj\RatingCaution.png

MD5 22b6a916115477a43ce634ea820a6304
SHA1 a34138e73bae3a62d745171d62f9f05a6dc07276
SHA256 138d6ca25775eee1f0ea7001f694a5b286224372aa168a09578a1a9af7eb76bd
SHA512 97502dcec76353fd69ffabf398b53777bde50d08cc998a6213410596fc42eade86f717eef60bea0d5a4f193fbdd18b33f09fe360b043246b9c96d3316c7a0347

C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\[email protected]

MD5 755eb418266342b17633f1615a1882b0
SHA1 df51fddb36717426da15d38f4edd48f74c140364
SHA256 f5f639656493f65e4a5462f6c4e280fdd54a7a4e839c2c0f52c8b5b1840fdab2
SHA512 8bd4b9879f1899c2a5e5f9de80897882f262252260c69767365634f9a97e281020176613c58a9d22ffcb510f1cce66dcf26903092c455d7b17f951ba0876f116

C:\Program Files\iTunes\iTunes.Resources\fr.lproj\ViewLineItemRatingE_dark.png

MD5 ef859a036759f6f29c3dc14928a75c76
SHA1 45f8c4450757f2ec653ee0845f5ce497b6832598
SHA256 c5c8219de48b954849bf19b716dbba8358c66b02836417d8d729dd2a672935c0
SHA512 93aae547f72edf6c466b4f6c1a43f7f0fe0393cc7f7ea87818b462a4938cd86903017a12cf4eb1f3e05492b312e8826c5fea1935388a168e1f0278cbf3fb505d

C:\Program Files\iTunes\iTunes.Resources\el.lproj\CleanLyrics.png

MD5 357922d796c4ab56acb274ec1c89ed4b
SHA1 4f29801424d33877426dc21cf02bdbabaa321120
SHA256 66e1fc581446d80a7f64afeae19273cef7d6a10001e3e7d3127ade5842c754ff
SHA512 e0c7b23cec3ba61f83ba3a9675ce078d4fd36fed08f8e1c20be6e9b7891c1d4175e5ceca9ec3797419b22806d82d86fa4fbad314565d000a36fbe92905c9e36a

C:\Program Files\iTunes\iTunes.Resources\fr.lproj\genresLoc.plist

MD5 17d011dc9b1de5a0dbcbe11f5dfa4dda
SHA1 22b3182f41bc4a322f162832b4dfa92a46a71859
SHA256 a0f0336ccbb2964f1b6534fc1a59a04896bc104473812ce0f407496648eaa93c
SHA512 99193d05842ff4debac4d1c1ae772d3fa6424f5c097eea557095a9bbbcec044a18c3557afb1d2f474a2b86db7a8ce24d44d2b70d1c5a989258ad9f70d6561452

C:\Program Files\iTunes\iTunes.Resources\ar.lproj\genresLoc.plist

MD5 093deba2a9db087a0cb01a676bff1c9b
SHA1 9c7d3070d1fef593731dacdde8cf38e7f96962ab
SHA256 2950ef6f4409f89b8513f2bb787f9070c2983b698b35b678088c59cd83246bce
SHA512 dc3860ac3d87ad8f28988b2c7e694721757a43367ce6a1333205cf335de1c29e739a8468a70bc305a60c4d0587aa062fe01f3762d608c9bc4d76867f2d381c1b

C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\[email protected]

MD5 e14f8e390a9c489b10eb23306d27824a
SHA1 e33831e12fa5092ca15e7d8af7b01afed996b30c
SHA256 0775705d7637f7173ec31f22e324af8160b43d4cc6a47a2f199b3751963252b5
SHA512 63c3e261ea445de5d7eaab326e0168db054b4d953e81f89f16446a1ef5170a96aa32db5d7cf42181f990a8028e9a67764885a6d94f74d1d1c9910dcebc4f8a4d

C:\Program Files\iTunes\iTunes.Resources\fr.lproj\ViewLineItemRatingE.png

MD5 30aa67b32a3542874bcc88e146e17b46
SHA1 6d86b94d2c71ae27504ce8b3ad000fa4ef532a6b
SHA256 2ece6d0b0fc97dd6deacfdbaef44458a4b96e43319c78cb74c55d4f7ea79d9b6
SHA512 dfd082a54a13c5d2fdfa66ee9db8c893bbc6b32108308727665267f0a9e9fa9610c174082c0ca7a34832cbba768a1e2d8f6218b4c5a538a328a6159be05f3cc3

C:\Program Files\iTunes\iTunes.Resources\it.lproj\ViewLineItemRatingC.png

MD5 71062ebf3a5a9b5c578387aabb2e7fd3
SHA1 410d43bb43f7ddc7ee7cc225963303326485bc0a
SHA256 5c751b7f4b96d07b22971ea4977566ed88c3297ab7d0b2853e7e9baec00be1a7
SHA512 0ad45440a3e77a4ea2d1ebc8531c91fcd663e596a90f5cdf1d0a57384c54d988c0759dff51f5231d973f9886c80c16feecfc16da84579a0cad53ba70b984a865

memory/2392-6077-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Program Files\iTunes\iTunes.Resources\id.lproj\ColumnWidths.plist

MD5 8490f8bf0576147ba7cd139446e6cf20
SHA1 48a557825885bea1a6afcb662b07113e99a20136
SHA256 bf81225b2c30aabab43beb74142693ba800af85f88025446aaed2dcfd5068ffa
SHA512 86f0896fa6ad25a9550cbb3d0746eb413c86832986165e0824eadd917bb902b1f13c9aa60db78d477c3c5921fb7fe1465025765429b6a5a7e638da8063487753

C:\Program Files\iTunes\iTunes.Resources\da.lproj\[email protected]

MD5 b8f2462ffc91bd1956cb2607c1c9df31
SHA1 b4d4a46fd481f23268fce6b63496e753ec1c8a25
SHA256 b58b3ac76194b282833d971e2e2379cb25e7149f29f4a585e9405daf810a3d50
SHA512 6814101aaa72a241e4f9d37594c666016a36bd4d5e5ef50623e23590ccf94bac80d2b8c062213b557ebbef5e007fe0400ed9c84422df8f5a5486d2c9bc4516c2

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]

MD5 784f871663195e678f524f4aefccc28a
SHA1 ee8a70134370ce17ce49bb31e92cff252958d202
SHA256 efab63103f90135001658bac9c8724da424e81fc05c9385953a7555c6ce1ace3
SHA512 7e1b0f1f74abd674b09443b835da35b9b1855a0d7ac15e60670c6d3ffa1059fb13ccc579f069e444d073be0da76b65b4dc1d517c2ffef654a99ba9143fda6f7b

C:\Program Files\iTunes\iTunes.Resources\hi.lproj\ViewLineItemSubscribe.png

MD5 d4eda1881d75dbd2b0d9336e9a5108da
SHA1 fa2264a591a47e42b7cd581b9e0a3ada33874746
SHA256 a9ccdc7553e6cf9095d3760e88a3c9f76c0817ea6596337f21ae748828ce3532
SHA512 4a953a46684569c02fa447f46ebc5d8c8445a045703f36cc17df708eb53b2c324bf83c4c71a72f35d96f4655e5159b919f4eb631df598d4888d40a73d675f527

C:\Program Files\iTunes\iTunes.Resources\hr.lproj\[email protected]

MD5 5132ff3c2935630e2f54ccc9a360b742
SHA1 58a0b7d8667d625d8e0c9267bfbab88551c6524a
SHA256 5501b7a0c2af99684fb58c1acd227fe53bf07f4028382aca136607ed9459fc8a
SHA512 816d16f9b37c52f97a64a5a1f4c4b6c1bd2705231703416c7713212e1cca2753e3bc5e3352439a0cebc89a5ba0de584edd1183603cd387e7c7fdea1f023b1f85

C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ViewLineItemRatingC.png

MD5 471584f30a8dbce0f8e4ab7a781d3705
SHA1 1d4ec7b6ad3ae1ccd48056c84d05f2d684db85b5
SHA256 ec0e0c2e51cf0c587bd8cd8842682ed78becd0cdb76ba06cb1c8cc1d98c710c1
SHA512 b6370cdbf9430cccb041c21641409e43bfd2a1b78836ee38fd0a706f26623ea1cc84e645fe6b501fed06b4222173055c101bee5de2cdd012c0cf5451cd3031d5

C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\TextStyles.plist

MD5 7f9f90998dbb72a12f12464fffd40997
SHA1 01a41b41e92271eea01f31b208a2c2b47b496b59
SHA256 503b82910c0a98e3509cdf590dfa8f722ef149390b260068675fae09c3cf12ef
SHA512 7c293a39681c386002107aeb852c15ec8b4acea037f8abcef601cc76380f3487f421d267a6ae856df90b10fe8d032852c3650d5feb36f675a524163314e23a98

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]

MD5 d9eb252906d8d98e592ef01034a94c76
SHA1 5fd847136846bba1957e2ace9e1d3ec482de2e5a
SHA256 6f231775671c67eaa458a6a2d1405f3e5c52d56882f5620aa435166f4bfb7529
SHA512 7bd132759532496ca864cfff7ad411ff48e3d2a9ab28e3b50afdabe5782d853da52a09f093b25c0d7c60906ce42ae8a28634df363fc6a435962dfdf3ae9faa71

C:\Program Files\iTunes\iTunes.Resources\en.lproj\[email protected]

MD5 498055b7ec8f362e71a988ff8c79b517
SHA1 4b28c12932e86c68c7acea45303be3900bf987ea
SHA256 065261151f732d9f8391b0bfc00e71d3dd8e47c84331aa94b58e295782d74a30
SHA512 0b7c4dd87fed1ec01b14334e129ac43c598c30a1141bc9831f7b0ad106704072112b36ff4688520d675eb72652ef6a1dc349c95f55f6a59a245c5c151771f0f7

C:\Program Files\iTunes\iTunes.Resources\nb.lproj\[email protected]

MD5 c6beffb1568071b2fab6f19bb9c875c2
SHA1 137ada0e83cce6b784a8d4f345430c28d61944a3
SHA256 f1b5cce0aece4f65441bb7cbbf86155ad2d4e90b8bbba8252de985ae02d751a5
SHA512 a1e811646642fbfd11ae794e7c764a3bff39e285f1724deddbf9ed516cfa7929e8ce10611b9d0cc11f6c1944728f4aedca99df5badc72f2878209c3d24b28758

C:\Program Files\iTunes\iTunes.Resources\tr.lproj\ViewLineItemRatingE.png

MD5 18109ed593d861bd659055a5bd9db831
SHA1 3b2596e909633ca509e857650d7d7c9693987a4c
SHA256 1c28554bca95dba35ce291c0a42e0810e2ceebe805d63f916b6b7505e057752e
SHA512 1b8bb8ce363f7b5db7fe6648f518d0d528cb47bc90f5c80e66d8928b79f7912879b1c35ec6944d9ff91cb70c84547b9e46758cdd315e299453016da3cc24bed9

C:\Program Files\iTunes\iTunes.Resources\sv.lproj\MasteredForiTunes.png

MD5 67f1b4232079935a9998b0395a6b7c10
SHA1 ac4bfc88ed92cb526720f9cc9b4a377ae6a7a787
SHA256 95f0affa39a202e292a5f630a2524c8de31b6478304e040ef06488d9dd1e9f0a
SHA512 410e56ec048d2033e7e05202fc09575758d5c5e441146bd89070106108f1332e3ed3b8868238c78f18c0d641898607ecf1c704f51234d741f0693868966b0219

C:\Program Files\iTunes\iTunes.Resources\hi.lproj\[email protected]

MD5 7676be0b698ae5a36b25772f547142bf
SHA1 4f5ab9344fc8cc6de692bce6881878185b96bd4b
SHA256 946361d40f1b68a0cc29004ad4f55522c648023004e6adc9975e90b6e382657c
SHA512 09f77f33a281a5d4ab712b2f43f01da729085cbc27a973c8f34e3fe0cab1fc515f9dbc45ef35ed9d0a04aa76cf26e98d0c78e8b1805f12560e2866239bb9248c

C:\Program Files\chrome_Unpacker_BeginUnzipping2940_544673917\manifest.json

MD5 a4edf901d950a9758ffe578ff1b03212
SHA1 cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5
SHA256 aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd
SHA512 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE

MD5 aad9405766b20014ab3beb08b99536de
SHA1 486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256 ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512 bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules

MD5 faf01ed2c0020f8fa512ff379d82c211
SHA1 233d104dfe718231837e33c5543085b6dba5cd8b
SHA256 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750
SHA512 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31

C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\DeviceCapacityBox.png

MD5 8246496c258d58712c0a972bece0d69a
SHA1 65f4a403895354702552e2769cfe7f480a70ea6f
SHA256 f930036e7cae52b4022d979fdd6274d8604ca4c7e6f14495223dd78c17bc19a7
SHA512 b1dc4bfc186762e414ece274b158f10fefaa86ec373c732c804381733a7c17cd56e27331ca7381e7e9fb795c04a4a09ac75642684f36f99d4c2ae2871dd8d447

C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\iPhone License.rtf

MD5 cb4f512972b12e3b783e89704cccea3f
SHA1 e64cd7091224e3449e15e4ea664aef256534183c
SHA256 b636c8c51b01fd142af1134448763dc526041f3fbf635e841b0c2882254d64f4
SHA512 8b9abc21f291f53ae89b16f1cd9403bb881f9fa9140cb919e0fd5f4ef8544dca0359b7d5e45f54e3ff74eeccd4d9f0b62494992a58c6e230e4467015a1092988

C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\ViewLineItemUnsubscribe.png

MD5 001e313e3be5e546cb50d86cb65dec8c
SHA1 e7feac3aa8b53b2670077ae0254a2900ac579467
SHA256 59a9ffdd81daf97ceb9e66f1e29b292dcf78373eef8df94038df3845d3e6d5a5
SHA512 26329e02aba9b0ed9295dcdc0834a7b2a75aa05843365490ae0d86f787159967943a8040ab425c10266523e15308c6c52673cd2ac5db7073369bd76c0777278f

C:\Windows\Installer\MSI528.tmp

MD5 93394d2866590fb66759f5f0263453f2
SHA1 2f0903d4b21a0231add1b4cd02e25c7c4974da84
SHA256 5c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b
SHA512 f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk~RFe5c05e3.TMP

MD5 aa37a45a141bd140766ea9e0b790181d
SHA1 5be27321fb8765d7b9e00a495295d470abd7fa4b
SHA256 db7cdc489871e795ea12e0859fc0a37740d51fdd789997ffba2797c686354db3
SHA512 56710e615e68f2a2b25927fbe67663ed992cc1c6b117aebcf2dd223b640f28628a0a5a5f234007dc2f2bdc1a0318cab629d5f70d58741845e66c16fff4409436

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\~Tunes.tmp

MD5 58ac609e9bad28d310049ecf63e14828
SHA1 dd37a7dd78ffbaf104727cc298c5901e656a9675
SHA256 e49bbc40398f8f0e608d50f2ae3f0b102c074515aa43efbbbe40343e9583ded4
SHA512 e59c4dd978c05e9f46ddd54a735898d4661f92a80fac7399c1c97af813663f6c84282630ced5281cbddd1b79638e71d5f99a3fbc8f7334ef23369b36b529afcd

C:\Program Files\iTunes\iTunes.exe

MD5 f76984d6a5d80ead9c597ed723a3a4d2
SHA1 161b2b74aded0e27d60ce71e8e1cb81d20caf527
SHA256 985fb377ba59ef405cd7591b646cb17ee6cbebdb8fcfa33f4510c6e9ae7dd16e
SHA512 c43903add9fac4a3b1628b32fe173c5a3d9ae2aaec85b3a4530a86b798a5a1db58923750f3da36736b0f04f5180a48a13036a4f4ae66312838feff360b800a83

memory/2392-9633-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Config.Msi\e5a9fec.rbs

MD5 43f4a4257d8e8b410543b842de0bc042
SHA1 9a2bf42540560f15fad60a45780fc48425661974
SHA256 a80ffb0784ec1a77cae110736c3b32a5e0500f6b18ddb02505b25520d108d1ee
SHA512 74bb0040cab14cd9182efa04f3cd8b83307aa80706aa04af4eb266dba770ff7732be13f7e924092900c60af0a426f9453de004b98cb2a1059982e139a4cc450c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 a915b97fb518ddf13fe605d3695a8a65
SHA1 5b509a7c5dc097011bf2b179c5960a68ec99e031
SHA256 46e04e8b0cddedb1940e5e9892ea9e628588f103ed7321992825b186894dd26c
SHA512 95321a9494c654ddcb23cf4f66618d8ab3ac9e6fa7bf8c67553cadf8d9179ad7d5691ae8b0ccf1562d8691feeaf0ec8ab10e9ad2240f8724d323a364965d3a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

MD5 6567f9952f3ce901f4f7d902f5ecce4b
SHA1 0324ef45eb1b0471c2934838d9dad03f4e3e5624
SHA256 d412734531c594078722a99f7779e5524c440ea35c9617ee3cffc4e58dffb367
SHA512 5b3073340162825937675ff4a04d9f478cadfa2490b9ace87e6bed5c128544d818105c72d85d180df6f7d9d2802ab8ba82368fab0a83fcaf827ca9490c0c0fc5

memory/2464-9676-0x00007FF753BF0000-0x00007FF7561CC000-memory.dmp

C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\Network Persistent State~RFe5c30db.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\7d57e5da-c031-469c-9130-76b90448db8e.tmp

MD5 c9d13cb52b68a92160a269ea151b197d
SHA1 989b3ae882d689e66d15a620cfcee91b589be675
SHA256 64751ca2cebfdb4835433c6ef833ce0ec120126484fa4fe76ff24bf5beff90e5
SHA512 baf1e67294650d5162332713cc2ccda2fbdd81573ccfccadf642d10f2fd4a6781ebf911bae92ae2458051f18e1c2992b8937301201582769c30b83253bbe92c3

memory/2392-9692-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist

MD5 8f770dbbe853e44d5b119b80dfbc62ea
SHA1 6cee85554518d7a001a00d09f8c9fd1b7b979eee
SHA256 5ffd48bc774b10ccd5150d2fea0fa472bad76cdc0b59ba06962256f512281b60
SHA512 54f36264fb27fb800eb09d6f39adcb3f9da21a89e8e9f586e3f28b96c7dde75fb8a0a8a4bba69ff72a1147e901df16c96b47f7d99defbe4d06cafd1e646271af

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.iTunes.{d7ff5c23-4699-11f0-92eb-806e6f6e6963}.plist

MD5 b7bb7d7d30820631d98427582bbd08b9
SHA1 9c5d31925b4fb8708519f0b2605e280e0280c4c1
SHA256 edf6fbfcc5791e27a928cce556f778cfe4f018218af0042b28e29827f20e24d0
SHA512 81dc86ea0687211bf3a0fb3dbd65de6d8c0ad3a2ff7fe5b5607256747d71ebc29a4cd2a0b0f22c8cb9ea06449bc65281a95952d67ebeadc2fd0806d3e3609c06

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist

MD5 04010aa78ff3594ae7d857c0889f888b
SHA1 700fd1b029c521308353da53d45b997d87f917a0
SHA256 ade9ab297aa240cbde4859da8c10fd0afb558f1a45bee54cbc6760c26aadb151
SHA512 620ae78a7c86e720ce9eef678af833c7820570a31e1cf3d5ed97c0a738c7d6900b6d86391412bdb6aaf6032f9bbe0968ae45e8704d7747ae48f72f8dce428c95

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa07016

MD5 6fca230932b0014e9bf81efd117d3562
SHA1 b2f5d4572f20d7fd0126c48c7426808546c384a0
SHA256 a79d6e66ee0da602d4abbe79a4097953aaccfff60389cd21b6bf966b4d48a56f
SHA512 31a31550c37c3e2ff813b2458101b2bff1c47bb07f100421bf2059a84fa0289f26e2ebbcf7366a349c48637622f047a4b914b76533e4afbaaf26e79d670e5651

C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C76AC8E10E6A4E6C23E89A2528578CC3DBEB129A

MD5 2bf42b3c6a9b05b410ef0ea68da65b55
SHA1 8c4ba5943e8f400a48174d3d4abb7a47c23d91a8
SHA256 89c22d3d49c0dde18fe5d5af3bed6d31a553ce2c1f9287c1cfbad41de17cc78f
SHA512 d747b6f60da01b09e8573f3b876a2c000b6f513d3c3344beb7f8be58d79c55fd45295e4594159d99b2c04acba7d5acd1f56fe9749b09be806c2831d42b344f70

C:\ProgramData\Apple Computer\iTunes\adi\adi-A0F89D8E.pb

MD5 ce0867b34ece588aefb8a1a6803b6115
SHA1 09415182a23d780bbf1d0578e484d9ba23b05457
SHA256 20487f9dbcb87c0889c35f5d642367470ffef0d1b08b5e702d8e4fd95638557d
SHA512 7f189837057f13162b384425f673d80ee63581404aff1d01304ad798ce4a32ab9d0f836405030a256655215f2029de90e473c92be5c4cbf582cba9524cf291b7

C:\ProgramData\Apple Computer\iTunes\adi\adi.pb

MD5 03dca35d88c4928191a2388914efc8eb
SHA1 a99908cdc112d4f7b03536c97e4c6c2675c4e0bb
SHA256 0f971d39764ac2a152018cb156797318dcccf881c4e861aa882c2fb0f44ef8a7
SHA512 e8852724c3b44b9fc18b1e3b9dbfef0f05404090891c91449603930dfcabdcbcbe10dfbdcae00be368390f7a1ad327f77ddedbb121c6eab62e2412bbde30bdc2

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa06592

MD5 84327e37f7eefa3f9dd09273473633e8
SHA1 b433d89fc99b010c0728233db9b075b82c5f29b4
SHA256 832f0c636d358c7a9f11195a842adefdaca394a1e5f6bb85bfe17f9f7af1150c
SHA512 d0cf14111a201b6722ad88d38f0eadf44c206c78c3dfd817a81b8f3d496374eb4978816f200a607aa8ea4108e9b39d8212f14d06c976a1b66b4b921b20688029

memory/3276-9894-0x0000000002A10000-0x0000000002A4F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.iTunes.{d7ff5c23-4699-11f0-92eb-806e6f6e6963}.plist.Xa07016

MD5 357ece18256302fc7a2c2a8a02ea285b
SHA1 b846738435393a2ab34db655c353cacb5f6541c4
SHA256 52f7a44fcf01502d64f66e0b640bbebed43ecf06920a5c73366f7fbfcc9f42ae
SHA512 640980e2034fd94c8f07daeae9cdfda6afc57f5e015112bdd329922a1466d7b51639076dfe30b28801b074dd7c77663976b0439fa36d0034d946bc4fb4cc3536

memory/2392-9914-0x000000006EC90000-0x000000006F6BB000-memory.dmp

C:\ProgramData\Apple Computer\iTunes\SC Info\SC Info.txt

MD5 b57780f56b4c4b8a2df27c3a4181bde4
SHA1 6678066a428462808c92fee74ce2004f835179b4
SHA256 b6b33ee8d99f0c1278122e9e50b6a9ee47db07881500c11923120a4543df1db3
SHA512 f081952e0550b23f7156f309a54b9a952f28c2d91b2cc774cd15eb6b496f1888bb050413595d2570224d448a25f9be733860d6b3001c276dc6cfb6cd116bdb65

C:\Users\Admin\Music\iTunes\iTunes Library.itl

MD5 0a7f3c59eed45b9f22e2a9efc6b3aef4
SHA1 475d45540da8fb6318e59699588cd7d585c0e12d
SHA256 7681982eb51c0e2e1d36d38e71e8ee4cf9937076efbfa5603603665987c3673e
SHA512 5f6fc63b9141f13a581b58d4753001ee993f9a75b16e79fe2b64599aea44e045c347c68eb164e2fa060691507d3232366e5aa937664cc74b7d9199a7edc6973f

C:\Users\Admin\Music\iTunes\iTunes Library.itl

MD5 bcaedf3d3c600d13fc7f631e534ec1bc
SHA1 06c325115f166543596b19af7966ef365b7af4df
SHA256 f17fe485e2d3f3d94b614c07bd4dd1deeeac8cc7490fcf1829847f711093b8d9
SHA512 cab4dbb054e5a0129861022dea06959b892014f8374120b587e07915df53bed90c2d324d81ea476c3e0a71ef194ef91394c0f73d0a95afbd3626549ae678285d

memory/2392-9988-0x000000006EC90000-0x000000006F6BB000-memory.dmp