Analysis Overview
Threat Level: Known bad
The file https://url2.3u.com/MNBBfyaa was found to be: Known bad.
Malicious Activity Summary
Modifies firewall policy service
Downloads MZ/PE file
Reads user/profile data of web browsers
Modifies file permissions
Checks computer location settings
Checks BIOS information in registry
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Blocklisted process makes network request
Adds Run key to start application
Checks installed software on the system
Enumerates connected drives
UPX packed file
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Launches sc.exe
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-06-30 18:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-30 18:34
Reported
2025-06-30 18:40
Platform
win10v2004-20250610-en
Max time kernel
331s
Max time network
332s
Command Line
Signatures
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | C:\Program Files\Bonjour\mDNSResponder.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\iTunes\iTunes.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation | C:\Program Files\3uToolsV3\QtWebEngineProcess.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation | C:\Program Files\iTunes\iTunes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2012121138-1878458325-808874697-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iTunesHelper = "\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\iTunes\iTunes.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files\iTunes\iTunes.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF38.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKISInterface.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC3.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE03F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\usbaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\usbaaplrc.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\dnssdX.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAB2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\AppleUsbFilter.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\dnssd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\usbaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\applekis.inf_amd64_0d321f6593083a69\AppleKIS.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC2.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleKmdfFilter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\jdns_sd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\AppleRSM.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE041.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF3A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\dnssd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\USBAAPL64.CAT | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD034.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\AppleRSM.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE052.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE052.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSM.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF4B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\AppleKIS.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleLowerFilter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsbFilter.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\AppleRSMInterface.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\AppleKISInterface.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF39.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD045.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9cc4eff5-a221-a148-b10a-6998986c8ce4}\SETE041.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\applersm.inf_amd64_22734d1c46db7f66\AppleRSMInterface.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC3.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD033.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{752fd5ae-6459-3446-9ea2-655af4cb2e05}\SETD045.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\SETEF3A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\appleusb.inf_amd64_58854158183af679\AppleUsb.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\dns-sd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\dns-sd.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SysWOW64\dnssdX.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{cd0a7cd4-829a-2142-a914-6519b8d03bb9}\AppleKIS.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\AppleLowerFilter.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{182f699d-d953-6a42-9c73-aff00d782464}\SETFAC5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Protocol\InspectorObserver.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\de.lproj\PrintingTemplates\16.Media.PlainPaper.DS.xml | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\files\SMS\images\zz.png | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\hu.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\ViewLineItemiTunesExtras_dark.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\ScriptTimelineDataGrid.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\3uToolsV3\locales\images\vn\Connecting_trust_img.png | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\3uToolsV3\cache\devices_table\border_16_white.svg.tmp | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\pl.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\cs.lproj\Error.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\CFNetwork.resources\Japanese.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\DeviceCapacityBox.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Workers\Formatter\FormatterWorker.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\CPUTimelineOverviewGraph.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\Sidebar.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\sk.lproj\PrintingTemplates\10.Insert.SingleCover.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\PrintingTemplates\01.Playlist.Songs.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\it.lproj\StoreViewButton.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\da.lproj\iTunesExtraGridView.png | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\translations\qtmultimedia_zh_TW.qm | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\BreakpointActionView.js | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\translations\qt_he.qm | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\DOMTreeElement.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\cs.lproj\ViewLineItemRatingE_dark.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\3uToolsV3\translations\qt_zh_TW.qm | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\iTunes\CFNetwork.resources\sk.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\cs.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Models\Script.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\nl.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\BoxModelDetailsSectionRow.css | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\locales\images\ru\Connecting_text.png | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\RecordingContentView.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\es.lproj\StoreRentButton.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\ja.lproj\PrintingTemplates\15.Media.PlainPaper.SS.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\ScriptTimelineOverviewGraph.js | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.apple.MobileSync.client.resources\ClientDescription30.plist | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\it.lproj\StoreBlankBuyButton.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\sk.lproj\genresLoc.plist | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\ro.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\MediaAccessibility.resources\he.lproj\ProfileNames.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\id.lproj\PrintingTemplates\12.Insert.MosaicBW.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\fr.lproj\StoreBlankBuyButton.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\pt.lproj\PrintingTemplates\09.Insert.WhiteMosaic.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Views\LocalJSONContentView.js | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\files\Openhiddenncm\ncmdriver_win11\iOSNcmDriver.inf | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\3uToolsV3\setting.cfg.Vxjwjt | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\ar.lproj\iPhone License.rtf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\id.lproj\PrintingTemplates\09.Insert.WhiteMosaic.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\da.lproj\ViewLineItemRatingC.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunesUWP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\translations\qtwebengine_locales\ca.pak | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\pl.lproj\[email protected] | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\CoreAudioToolbox.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Images\Image.svg | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\3uToolsV3\files\bonjour\Bonjour.msi | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CoreFoundation.resources\CFUniCharPropertyDatabase.data | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\id.lproj\ViewLineItemiTunesExtras.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\iTunes.Resources\th.lproj\DeviceCapacityBox.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\CFNetwork.resources\el.lproj\Localizable.strings | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\iTunes\WebKit.resources\WebInspectorUI\Controllers\TabNavigationDiagnosticEventRecorder.js | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5a9fe0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD94.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem6.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vcruntime140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vcruntime140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD53.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBD93.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a9fe6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\Installer.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI528.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C04.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a9fdb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA520.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBF3C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI55A1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vcruntime140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a9fe6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{B292D163-23D2-4523-A699-1ABEC1875609}\AppleSoftwareUpdateIco.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C93.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAACF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5a9fdb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5a9fe0.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\concrt140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{76420BC2-0A88-4483-BDB1-0DD97DFF3163}\iTunes.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\concrt140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{CA8EDE78-7A08-4F27-9B31-D6161C095986} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem5.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vccorlib140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\87EDE8AC80A772F4B9136D61C1909568\16.5.0\vcruntime140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA491.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA705.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIBBCB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\RichText.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CA8EDE78-7A08-4F27-9B31-D6161C095986}\Installer.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\msvcp140_codecvt_ids.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\$PatchCache$\Managed\2CB0246788A03844DB1BD09DD7FF1336\12.12.9\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\3uToolsV3\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\DllHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\SYSTEM32\pnputil.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\iTunes\iTunes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\iTunes\iTunes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28\52C64B7E | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Apple Inc. | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4p\shell\play\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /play \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mpg\PerceivedType = "video" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.wav\OpenWithProgIds\iTunes.wav | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}\1.0\FLAGS\ = "0" | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.aifc\OpenWithProgIds | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mpg\DefaultIcon\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\",-133" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rmp\Content Type = "application/vnd.rn-rn_music_package" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.AssocProtocol.itvlss | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\SoftwareUpdateAdmin.DLL\AppID = "{16D99191-6280-4B33-A2F5-04805A0FC582}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.m3u | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-itunes-itls\Extension = ".itls" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.itpc\AppUserModelID = "Apple.iTunes" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0AF768AC-4FBD-4914-B847-F4E13C984926}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Apple Software Update" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{995E123A-2A19-4E52-872F-774C5589459C} | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.m4r | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.wave\OpenWithProgIds | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.italss\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunesAdmin.iTunesAdminInstallIPodSupport\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ = "DNSSDService Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\0\win64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunesAdmin.iTunesAdminEnableAutoRun\CLSID\ = "{B8DF592B-DE05-49f5-BB21-084F548F12A9}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunesAdmin.iTunesAdminParentalControls.1\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2CB0246788A03844DB1BD09DD7FF1336\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord\CurVer | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.wave\Content Type = "audio/wav" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.mpeg\shell\play\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.pls\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\italss\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}\InprocServer32\ = "C:\\Program Files\\iTunes\\iTunesAdmin.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A52621AD-E10F-477B-9ACB-B6181610788B}\ProxyStubClsid32 | C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9E93C96F-CF0D-43F6-8BA8-B807A3370712}\1.d\0\win64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mp2\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.BurnCD\shell\burn\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mov\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\itsradio\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2CB0246788A03844DB1BD09DD7FF1336\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8BFDDD6597F70844985D521E5FA22BF8\DotNetSupport = "Bonjour" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0515ACBB-7296-4F73-8958-EB1CCF5EFD83}\ProxyStubClsid32 | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.itl\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.mp2\shell\play\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /play \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ProxyStubClsid | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.cdda\ = "iTunes.cdda" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5BE75F4F-68FA-4212-ACB7-BE44EA569759}\ = "IITEQPreset" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\itlss\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itlss\URL Protocol | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9D58BF1-0070-4fcd-B722-A0EE5A3ABCD6}\Elevation\Enabled = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DF3A0880E1A25C340B029039E070D543\2CB0246788A03844DB1BD09DD7FF1336 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.m4r\shell\open\ = "&Open" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\iTunes.mpeg\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\iTunes.AssocProtocol.itals\shell\open\command\ = "\"C:\\Program Files\\iTunes\\iTunes.exe\" /url \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.aax\OpenWithProgids | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.aif\OpenWithProgIds | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.ipa\OpenWithProgids | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\SourceList\PackageName = "Bonjour64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DC0C2640-1415-4644-875C-6F4D769839BA}\TypeLib\ = "{9E93C96F-CF0D-43F6-8BA8-B807A3370712}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\iTunes.exe\shell\ = "play" | C:\Windows\system32\msiexec.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\3uToolsV3\QtWebEngineProcess.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\3uToolsV3\QtWebEngineProcess.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\3uToolsV3\QtWebEngineProcess.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\3uToolsV3\3uTools.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url2.3u.com/MNBBfyaa
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff993f4f208,0x7ff993f4f214,0x7ff993f4f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2288,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2324,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4812,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5632,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5956,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2428,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8
C:\Windows\System32\ildjt0.exe
"C:\Windows\System32\ildjt0.exe"
C:\Windows\System32\ildjt0.exe
"C:\Windows\System32\ildjt0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=ildjt0.exe ildjt0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch "https://www.bing.com/search?q=ildjt0.exe ildjt0.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=4024,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=704,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3876,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6932,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6960,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6888,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7140,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5212,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6836,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7080,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=2528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6764,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7500,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7200,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1
C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe
"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"
C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe
"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2060 -ip 2060
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 2392
C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe
"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5236 -ip 5236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 2248
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7352,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7352,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6800,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7380,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7456,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7816,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=7812 /prefetch:8
C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe
"C:\Users\Admin\Downloads\3uTools_v3.26.007_Setup_x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7620,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files\3uToolsV3\3uTools.exe
"C:\Program Files\3uToolsV3\3uTools.exe"
C:\Program Files\3uToolsV3\3uViewer.exe
3uViewer.exe /reg 1
C:\Program Files\3uToolsV3\3uViewer.exe
3uViewer.exe /reg 2
C:\Program Files\3uToolsV3\updater.exe
"C:\Program Files\3uToolsV3\updater.exe" /background
C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe
"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"
C:\Windows\SYSTEM32\takeown.exe
takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
C:\Windows\SYSTEM32\cacls.exe
cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
C:\Windows\SYSTEM32\pnputil.exe
pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\AppleKIS.inf" "9" "4639b046f" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64"
C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe
"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"
C:\Windows\SYSTEM32\takeown.exe
takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
C:\Windows\SYSTEM32\cacls.exe
cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
C:\Windows\SYSTEM32\pnputil.exe
pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{64a9f068-05b3-4d4a-b910-45858907811d}\AppleUsb.inf" "9" "4ca0613ab" "0000000000000158" "WinSta0\Default" "0000000000000160" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64"
C:\Windows\System32\SppExtComObj.Exe
"C:\Windows\System32\SppExtComObj.Exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5672,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5156,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
C:\Windows\SYSTEM32\sc.exe
sc start DeviceInstall
C:\Windows\SYSTEM32\sc.exe
sc start DsmSvc
C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe
"C:\Program Files\3uToolsV3\files\patchtools\7z-64\7z.exe" x "F:\3uToolsV3\Other\iTunes(12.12.9.4).exe" -aoa -o"C:\Users\Admin\AppData\Local\Temp\3uTools\iTunes(12.12.9.4)"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 270CF57EAEBD66B0BEDCE6C272AD9FEB
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding F3A39AF7088C53C30F9F577AD9AF3782
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 31E64CEE8BE1ED320BA99A05684BB97C E Global\MSI0000
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding D0346C3C7C9B1A8975F1556A491C7B20
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9C56AC726067DB2B1E181D357EBB3456
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 61F4DE0C422AAB0B2AE796DADB84262C E Global\MSI0000
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
C:\Program Files\Bonjour\mDNSResponder.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe
"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf"
C:\Windows\SYSTEM32\takeown.exe
takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
C:\Windows\SYSTEM32\cacls.exe
cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
C:\Windows\SYSTEM32\pnputil.exe
pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{de4d3bb8-b344-654f-8ce2-840d531ef2b8}\usbaapl64.inf" "9" "452eabb2f" "0000000000000148" "WinSta0\Default" "0000000000000164" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64"
C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe
"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"
C:\Windows\SYSTEM32\takeown.exe
takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
C:\Windows\SYSTEM32\cacls.exe
cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
C:\Windows\SYSTEM32\pnputil.exe
pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applekis\x64\AppleKIS.inf"
C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe
"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf"
C:\Windows\SYSTEM32\takeown.exe
takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
C:\Windows\SYSTEM32\cacls.exe
cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
C:\Windows\SYSTEM32\pnputil.exe
pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{904d7584-bbc8-c048-8961-63ea7a4eeb72}\AppleRSM.inf" "9" "4c7809927" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64"
C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe
"C:\Program Files\3uToolsV3\files\inf\InfInstallerx64.exe" -i "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"
C:\Windows\SYSTEM32\takeown.exe
takeown /F C:\Windows\System32\DriverStore\FileRepository\ /A
C:\Windows\SYSTEM32\cacls.exe
cacls C:\Windows\System32\DriverStore\FileRepository*.* /E /G Everyone:F
C:\Windows\SYSTEM32\pnputil.exe
pnputil -i -a "C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf"
C:\Program Files\3uToolsV3\QtWebEngineProcess.exe
"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --no-sandbox --application-name=3uTools --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=4204 /prefetch:8
C:\Program Files\3uToolsV3\QtWebEngineProcess.exe
"C:\Program Files\3uToolsV3\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --disable-gpu-compositing --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=2 --mojo-platform-channel-handle=4228 /prefetch:1
F:\3uToolsV3\Other\iTunes(12.12.9.4).exe
"F:\3uToolsV3\Other\iTunes(12.12.9.4).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:8
C:\Windows\system32\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\iTunes64.msi" INSTALL_SUPPORT_PACKAGES=1
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 3DC9FBECAB739039B21F7B89F0940CDE C
C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe
"C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe" /evt E516 /pid 6732 /mon 788 800
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B1503F520ADBD5305513B9C61E446A65
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Apple Software Update\ScriptingObjectModel.dll"
C:\Windows\syswow64\MsiExec.exe
"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll"
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" /RegServer
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D7159FD527C9B1C198594E862C60C1AB E Global\MSI0000
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding FBD1693348A612B53293D63F687335C0
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D13E3255EFBD49C34F5B08C8CF61B695
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding D943E4EF0B17CB18DADF8C23C38E007F E Global\MSI0000
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3916,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=4044 /prefetch:8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 92C4E89ED6F8DE2DFCA7A747E0C67FC5 E Global\MSI0000
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7924,i,13510798284121901530,1619352638505433618,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8
C:\Program Files\iTunes\iTunesHelper.exe
"C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
"C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunes.exe
"C:\Program Files\iTunes\iTunes.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2d0
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\31189486162541112443642464 --parentPipe
C:\Program Files\iTunes\iTunesVisualizerHost.exe
"C:\Program Files\iTunes\iTunesVisualizerHost.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\distnoted.exe"
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | url2.3u.com | udp |
| US | 8.8.8.8:53 | url2.3u.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| GB | 38.175.44.20:443 | url2.3u.com | tcp |
| GB | 38.175.44.20:443 | url2.3u.com | tcp |
| US | 8.8.8.8:53 | dl.3u.com | udp |
| US | 8.8.8.8:53 | dl.3u.com | udp |
| FR | 43.152.186.225:443 | dl.3u.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.200.1:443 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| N/A | 239.255.255.250:3702 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.3:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 84.201.209.69:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 13.107.246.64:443 | answers-afd.microsoft.com | tcp |
| US | 8.8.8.8:53 | uhf.microsoft.com | udp |
| US | 8.8.8.8:53 | uhf.microsoft.com | udp |
| GB | 2.22.138.173:443 | uhf.microsoft.com | tcp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | filestore.community.support.microsoft.com | udp |
| US | 8.8.8.8:53 | filestore.community.support.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| DE | 51.116.253.169:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| DE | 51.116.253.169:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| GB | 2.18.27.89:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 13.107.246.64:443 | lgincdnmsftuswe2.azureedge.net | tcp |
| GB | 2.18.27.89:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | url2.3u.com | udp |
| GB | 38.175.44.17:443 | url2.3u.com | tcp |
| US | 8.8.8.8:53 | static.3u.com | udp |
| GB | 79.133.176.219:443 | static.3u.com | tcp |
| GB | 38.175.44.17:443 | url2.3u.com | tcp |
| GB | 38.175.44.17:443 | url2.3u.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| GB | 2.22.144.102:443 | identity.nel.measure.office.net | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | tools.3u.com | udp |
| N/A | 127.0.0.1:52369 | tcp | |
| GB | 79.133.176.184:443 | tools.3u.com | tcp |
| GB | 79.133.176.184:443 | tools.3u.com | tcp |
| N/A | 127.0.0.1:52403 | tcp | |
| GB | 79.133.176.184:443 | tools.3u.com | tcp |
| N/A | 127.0.0.1:52406 | tcp | |
| US | 8.8.8.8:53 | url.3u.com | udp |
| N/A | 127.0.0.1:52428 | tcp | |
| N/A | 127.0.0.1:52430 | tcp | |
| US | 8.8.8.8:53 | app4.i4.cn | udp |
| US | 8.8.8.8:53 | url.i4.cn | udp |
| CN | 47.99.89.159:443 | url.i4.cn | tcp |
| CN | 120.55.197.60:443 | app4.i4.cn | tcp |
| N/A | 127.0.0.1:52445 | tcp | |
| N/A | 127.0.0.1:52451 | tcp | |
| N/A | 127.0.0.1:52453 | tcp | |
| N/A | 127.0.0.1:52455 | tcp | |
| N/A | 127.0.0.1:52457 | tcp | |
| US | 8.8.8.8:53 | url2.3u.com | udp |
| GB | 79.133.176.184:443 | tools.3u.com | tcp |
| N/A | 127.0.0.1:52460 | tcp | |
| N/A | 127.0.0.1:52462 | tcp | |
| US | 8.8.8.8:53 | ios-pclog.3u.com | udp |
| N/A | 127.0.0.1:52465 | tcp | |
| GB | 79.133.176.184:443 | tools.3u.com | tcp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| US | 8.8.8.8:53 | d.updater.3u.com | udp |
| US | 8.8.8.8:53 | dl-image.3u.com | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:52474 | tcp | |
| N/A | 127.0.0.1:52476 | tcp | |
| N/A | 127.0.0.1:52478 | tcp | |
| N/A | 127.0.0.1:52480 | tcp | |
| GB | 168.235.193.210:80 | d.updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d.updater.3u.com | tcp |
| N/A | 127.0.0.1:52504 | tcp | |
| N/A | 127.0.0.1:52505 | tcp | |
| US | 8.8.8.8:53 | d-updater.3u.com | udp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| N/A | 127.0.0.1:52509 | tcp | |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| N/A | 127.0.0.1:52518 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:443 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:52523 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:52526 | tcp | |
| GB | 168.235.193.210:443 | d-updater.3u.com | tcp |
| GB | 138.113.149.153:443 | url.3u.com | tcp |
| GB | 38.175.44.18:443 | url2.3u.com | tcp |
| GB | 168.235.193.210:443 | d-updater.3u.com | tcp |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| GB | 168.235.193.210:443 | d-updater.3u.com | tcp |
| FR | 43.152.186.225:443 | dl-image.3u.com | tcp |
| FR | 43.152.186.225:443 | dl-image.3u.com | tcp |
| N/A | 127.0.0.1:52529 | tcp | |
| N/A | 127.0.0.1:52533 | tcp | |
| FR | 43.152.186.225:443 | dl-image.3u.com | tcp |
| US | 8.8.8.8:53 | www.zzzplay.bio | udp |
| N/A | 127.0.0.1:52598 | tcp | |
| N/A | 127.0.0.1:52613 | tcp | |
| N/A | 127.0.0.1:52681 | tcp | |
| N/A | 127.0.0.1:52685 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:52758 | tcp | |
| N/A | 127.0.0.1:52766 | tcp | |
| N/A | 127.0.0.1:52775 | tcp | |
| N/A | 127.0.0.1:52806 | tcp | |
| N/A | 127.0.0.1:52834 | tcp | |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| FR | 43.152.186.225:443 | dl-image.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| FR | 43.152.186.225:443 | dl-image.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:52976 | tcp | |
| N/A | 127.0.0.1:53045 | tcp | |
| N/A | 127.0.0.1:53064 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| US | 8.8.8.8:53 | www.3u.com | udp |
| GB | 138.113.149.153:443 | www.3u.com | tcp |
| GB | 138.113.149.153:443 | www.3u.com | tcp |
| N/A | 127.0.0.1:53102 | tcp | |
| N/A | 127.0.0.1:53110 | tcp | |
| N/A | 127.0.0.1:53162 | tcp | |
| N/A | 127.0.0.1:53168 | tcp | |
| N/A | 127.0.0.1:53182 | tcp | |
| N/A | 127.0.0.1:53188 | tcp | |
| N/A | 127.0.0.1:53192 | tcp | |
| N/A | 127.0.0.1:53197 | tcp | |
| N/A | 127.0.0.1:53203 | tcp | |
| N/A | 127.0.0.1:53207 | tcp | |
| N/A | 127.0.0.1:53213 | tcp | |
| N/A | 127.0.0.1:53219 | tcp | |
| N/A | 127.0.0.1:53224 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53230 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53237 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53242 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53247 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:53252 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53264 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53269 | tcp | |
| GB | 138.113.149.153:443 | www.3u.com | tcp |
| N/A | 127.0.0.1:27015 | tcp | |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| GB | 138.113.149.153:443 | www.3u.com | tcp |
| US | 8.8.8.8:53 | dl.3u.com | udp |
| FR | 43.152.186.225:443 | dl.3u.com | tcp |
| N/A | 127.0.0.1:53334 | tcp | |
| N/A | 127.0.0.1:53333 | tcp | |
| N/A | 127.0.0.1:53339 | tcp | |
| N/A | 127.0.0.1:53347 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53351 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:53357 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 138.113.149.153:80 | www.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53362 | tcp | |
| N/A | 127.0.0.1:53366 | tcp | |
| N/A | 127.0.0.1:53370 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53374 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53382 | tcp | |
| US | 8.8.8.8:53 | secure-appldnld.apple.com | udp |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| GB | 23.49.173.57:443 | secure-appldnld.apple.com | tcp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | yfv6ssx-pc.i4.cn | udp |
| GB | 23.49.173.57:443 | secure-appldnld.apple.com | tcp |
| GB | 23.49.173.57:443 | secure-appldnld.apple.com | tcp |
| GB | 23.49.173.57:443 | secure-appldnld.apple.com | tcp |
| GB | 23.49.173.57:443 | secure-appldnld.apple.com | tcp |
| GB | 23.49.173.57:443 | secure-appldnld.apple.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53396 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:53402 | tcp | |
| N/A | 127.0.0.1:53407 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| CN | 121.199.63.222:14929 | yfv6ssx-pc.i4.cn | tcp |
| N/A | 127.0.0.1:53414 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:53441 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:53449 | tcp | |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| GB | 168.235.193.210:80 | d-updater.3u.com | tcp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:53469 | tcp | |
| N/A | 127.0.0.1:53473 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| CN | 121.199.63.222:14929 | yfv6ssx-pc.i4.cn | tcp |
| N/A | 127.0.0.1:53524 | tcp | |
| GB | 163.171.129.134:443 | ios-pclog.3u.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:56554 | udp | |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 8.8.8.8:53 | sf.symcd.com | udp |
| GB | 2.22.142.222:80 | sf.symcd.com | tcp |
| US | 8.8.8.8:53 | sf.symcb.com | udp |
| GB | 2.22.142.222:80 | sf.symcb.com | tcp |
| N/A | 127.0.0.1:27015 | tcp | |
| US | 8.8.8.8:53 | ios-pclog.3u.com | udp |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| N/A | 127.0.0.1:54289 | tcp | |
| N/A | 127.0.0.1:54333 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| N/A | 127.0.0.1:54824 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| N/A | 127.0.0.1:54827 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| N/A | 127.0.0.1:54832 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| US | 8.8.8.8:53 | app-pcres.3u.com | udp |
| GB | 163.171.129.134:443 | app-pcres.3u.com | tcp |
| GB | 163.171.129.134:443 | app-pcres.3u.com | tcp |
| GB | 163.171.129.134:443 | app-pcres.3u.com | tcp |
| GB | 163.171.129.134:443 | app-pcres.3u.com | tcp |
| GB | 163.171.129.134:443 | app-pcres.3u.com | tcp |
| GB | 163.171.129.134:443 | app-pcres.3u.com | tcp |
| N/A | 127.0.0.1:54837 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| US | 8.8.8.8:53 | is1-ssl.mzstatic.com | udp |
| US | 151.101.67.6:443 | is1-ssl.mzstatic.com | tcp |
| US | 151.101.67.6:443 | is1-ssl.mzstatic.com | tcp |
| FR | 43.152.186.225:443 | dl.3u.com | tcp |
| FR | 43.152.186.225:443 | dl.3u.com | tcp |
| US | 8.8.8.8:53 | is3-ssl.mzstatic.com | udp |
| N/A | 127.0.0.1:54853 | tcp | |
| N/A | 127.0.0.1:54856 | tcp | |
| US | 8.8.8.8:53 | is2-ssl.mzstatic.com | udp |
| N/A | 127.0.0.1:54869 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| US | 8.8.8.8:53 | is5-ssl.mzstatic.com | udp |
| US | 8.8.8.8:53 | app-pcres.3u.com | udp |
| N/A | 127.0.0.1:54872 | tcp | |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| US | 8.8.8.8:53 | url.3u.com | udp |
| GB | 174.35.118.63:443 | url.3u.com | tcp |
| N/A | 127.0.0.1:54875 | tcp | |
| US | 8.8.8.8:53 | dl.3u.com | udp |
| FR | 43.152.186.225:443 | dl.3u.com | tcp |
| N/A | 127.0.0.1:54878 | tcp | |
| GB | 174.35.118.63:80 | url.3u.com | tcp |
| N/A | 127.0.0.1:54890 | tcp | |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:60119 | udp | |
| US | 8.8.8.8:53 | ios-pclog.3u.com | udp |
| GB | 163.171.146.42:443 | ios-pclog.3u.com | tcp |
| N/A | 127.0.0.1:59976 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:56575 | udp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:56577 | udp | |
| N/A | 127.0.0.1:5354 | tcp | |
| US | 8.8.8.8:53 | albert.apple.com | udp |
| US | 8.8.8.8:53 | c12850432.mgr.gcsp.cddbp.net | udp |
| US | 17.32.214.169:443 | albert.apple.com | tcp |
| IE | 54.75.69.128:80 | c12850432.mgr.gcsp.cddbp.net | tcp |
| IE | 54.75.69.128:80 | c12850432.mgr.gcsp.cddbp.net | tcp |
| US | 8.8.8.8:53 | c9854976.mgr.gcsp.cddbp.net | udp |
| IE | 54.75.69.128:80 | c9854976.mgr.gcsp.cddbp.net | tcp |
| US | 8.8.8.8:53 | init-p01st.push.apple.com | udp |
| GB | 2.22.144.23:80 | init-p01st.push.apple.com | tcp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| N/A | 127.0.0.1:5354 | tcp | |
| N/A | 127.0.0.1:60088 | tcp | |
| N/A | 127.0.0.1:60090 | tcp | |
| N/A | 127.0.0.1:60092 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:60109 | tcp | |
| DE | 17.253.15.196:80 | crl.apple.com | tcp |
| US | 8.8.8.8:53 | s.mzstatic.com | udp |
| GB | 23.219.192.23:443 | s.mzstatic.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f1b325eec68122a129405f717109c544 |
| SHA1 | d5263350ede2a2be4113af74acdd28734353498b |
| SHA256 | 732087aa8065bb54ca266817418a5dd814c81ecf6e35d57084ce4c7f71131274 |
| SHA512 | 1dba87263890fc1b010a9feedcf3ccef58cec4a5824c7ff5a0986a95613248c2c77a2af183ba401096aea62fd97cd1e60634b8b6cd1e19306fcf1d608d35e36f |
\??\pipe\crashpad_2940_TOGGRCTWXEPDJMVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37ce022f0541808e190165127ef74e24 |
| SHA1 | 25c13f622316359dbfb4270b30463cccec6daf9c |
| SHA256 | 3e16b1e599311209f195e48392fed916c277781b017c55901a1b3a6162bcd6b1 |
| SHA512 | fca35a8857bb5ee5339b63248d28bd5d534a14187fd53be395e9284a8ba937e3000de870f64cf3f2c0c5fd93c44484971b800802be8b72dd54bcfcf28c7d32ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 2cead3cb7e98eebafcbb9e04e1816ee5 |
| SHA1 | 36e325bd85ae1dacb936b449ce303a05e61e1835 |
| SHA256 | cc22df2c6623cddc22f5b59e105431261f130293a82e3f55de7d8e60a0d813a5 |
| SHA512 | 392e283f155a04cc105f13fa3341c0172e246f905ccae8024e99686f0420a741305401d8575eadbc1684c3f962308b2886945f3a03a426d86a4428018c5c3201 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 0c2e59d4189dbf8a52020a00f31c0b5e |
| SHA1 | 042aa4759f169fcbb4da17038cfcf0ab9f4459c1 |
| SHA256 | 5d4a8bfd91be88586d3584e622c6d83c60a6260ca19f634f947fed1566a032c6 |
| SHA512 | c06297dca44f47495154da17df3b174438ef1a9f8bfbcce546d8a1502d9a3a58d56e203c0779187844549579476b042243421643f306a5f33a89ff504d210682 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9814a9d879421e8abb2d63e66ca99261 |
| SHA1 | 1ee692c1e04433a152858c68641a14b596b4b9fd |
| SHA256 | 756048c18f276873699f5d152b2cfbd25243adee417df3e6dc6a019b39731212 |
| SHA512 | 263ef1f01f23b0024d2869a71349917f45532bf0a1e5a73ad44300c936b1cf22a1962cf9d146b20762219255bf772741f5b5c8cd6ebc85f78fdc1ea3d3c0f0cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | faf27cbea09a5af0dbfa885977043d36 |
| SHA1 | 5fad5e2fbd69152e98fe5fa4dd26ef7f0e3e986e |
| SHA256 | 23ba3796750988717a23d7d2e598dc0213355dd7764d6f926c2eaf3d4238d12b |
| SHA512 | e4edc8cbe602fde4323c74c64219fca1b2d3d0e772c912af1d66e4f2454fbf6a6675b63b64e27f65e2063b1e5d463ffb4b5cb502e93dc5d57ca3693ce8bedeb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | d679d2399d68cbe4d581ffb7a596fd4a |
| SHA1 | b1dd95d5fdfc1b21b8c2b81a43ab23be9cbdda34 |
| SHA256 | bdbc3ce961ed03d16edc86a3d9b27f733f463555543e66985721d1f2fb2858ee |
| SHA512 | fc1589d0319df5d6d1a4748d8d082991253ecc5ca470f8978290a7dcb6e674a9660c815faf918cfcf6d9b2e73b9b03c25e2f79912da40af7c1525c5ac951c4d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c1a0cfad8f6b178f1bf5d6c44b5e9a5 |
| SHA1 | 24c29c25c4227cd5c57874f0756e2f49086c8342 |
| SHA256 | d77ae498f5e4d86294e782a41dcee6e9f9d22a98990883efdbb0138cb29dd711 |
| SHA512 | 1256e84122e8dfcf02cccfa796238de06d036506d25bc7a5ab8928e20efe65c7b2d3f7752a3c68602a82c2e97861af11a92f2565c1307cdbc9cbb0d4d959a9a1 |
memory/4076-464-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-463-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-462-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-471-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-474-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-473-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-472-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-470-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-469-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
memory/4076-468-0x000001A6DBB30000-0x000001A6DBB31000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2d2097b7f4fb50314f7e0c92d6076bce |
| SHA1 | ee9819edfdf752acd282a65bbc69dadaced0c29e |
| SHA256 | 0bdc0736eb575c72db718d5f8d09f8c6c8df08d17ff6eb949c52b000982149e7 |
| SHA512 | c82f00f9ca5ec213062e4047f38589982fe12baae227351efacf6a2f94094401252b173781d1c7d708aa58dca5c1837b866ce0f74657d4d6efdfd2b524b1df55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16324da0c0a1b56bd84a6d4456ba0b3d |
| SHA1 | 875d47d776c8d7f6a0867bab057837462854213d |
| SHA256 | e4460250a9f9f3434a37414ce63047277af68b7c2bbab0ab6b7c2ef62e4b3b02 |
| SHA512 | 846e7ac37bc78886b0930169fccd6669bac3f6f0b50ba5315f519b34a065cde449ddb1e9e5395685a362394ee80e6b0754fd86dfe5735604e8307a2d993afa78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | caa2851e8c3c99faf6110cf0773fee57 |
| SHA1 | e26908b59861ad0f22eca2f340fa8018853d19ed |
| SHA256 | 315f8fb2fcc5d235cc007c22725be2661c88f04691b840a4cca1c71f32fc3057 |
| SHA512 | 48bffb914964cfd53bebd7808af5e00af2393c27d1b0e452bd4ae807999f24699752f7d8a32f6b7a76763768a1bfb6897ae89cab074f962f17f15b1130d97e4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97aeafbcf6082fa3a0e26763c60e82f2 |
| SHA1 | 4446b5583622eb01c5c8f5ce16523bad382ebefd |
| SHA256 | c60971aa953620436930c00ff1417e71f393da270975eb49d1dae488e1f22553 |
| SHA512 | 02cc5aed1662d39b04feb587f4182d73a6cccea95a0245cd9c998fa8c921bcaf1f6d1e22a9f87ef2952d286cf5e7d15a4443ca84a1cd24b9563ce157d29c6e0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ebf34dea6e4d2f2eac840b628f56b93 |
| SHA1 | 2cbc1c51620c00d1c77411cdb5621cd09264dd9a |
| SHA256 | 4255e97761f7174a3aa18f08467f12d0113907b3fc0c340e45bc030f8c0f4c70 |
| SHA512 | 79225a4500b504bb9ca297bec9d99377ba0d6c2435cd111b2613378b7e09a91d13cf65ab1550c77232c7e582ab471073ac6c62953146c0c5e27fb346cc1530bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | e40090d259facaf6401019ce10d11a00 |
| SHA1 | e668e76e569aa3bbd9eb64d1b02a96fe03f1a978 |
| SHA256 | 132a04563643db8d3550b388a1320c0212456fc53bb71d5ebc39561ef6fcc439 |
| SHA512 | 4181423264bb573ec326798691183f3a64767febacfe9c796914551eb5be8f1d6ea5412c4c22ab18001e15e435ed8f28af1d9a65b942e02dfb0de15ba69517b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | b67e386619fb3e6429053655cde6c4db |
| SHA1 | 00f03066c1154c2b10e67ac93ed9ea75967dc4a6 |
| SHA256 | 1ec9a7479662eff8312878bf3cc3941f32fbf141875514a86d304dd17e7c0e4e |
| SHA512 | 1db349878981082b3dc896259648140efc9f8f92e800b44c9e6530cf5729ba87f3b3ab8314591962dabb2e9dfe3633fe4a6f187e63fff9e4ae86b0d45ca48bff |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_291045783\manifest.json
| MD5 | e0909520982fc48e47a6451443b11741 |
| SHA1 | 0e46425274933c153ebf5a03f25e693267a8cea2 |
| SHA256 | 2e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654 |
| SHA512 | 3fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_291045783\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58b34d.TMP
| MD5 | fa5d78ba8141abd69e18cb00921b1f11 |
| SHA1 | d069900efae0b57cfa3472102401459015632a03 |
| SHA256 | dbd8f63ee07b24f59e242863b2c9c1be1018814e7ec42a2ba659e5e56442aeb3 |
| SHA512 | 9d38e6279621d5488af6a645529c8fa1ac77460842123e840ee95b144ad34d032afcb42484b450c192a45c750fb89a81e83aba1fe7751babd948ce6bd332f222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 7bdcaa29608e523d0b766ac29d420057 |
| SHA1 | 22c6eea15548697b572b697b1d3108e71a900828 |
| SHA256 | 539570075bcd6a38067bbf50e9d6496feb01a6c03276c80610e8d8d545b45104 |
| SHA512 | 3976aa9759b8f176f910ae4976de72db56e80997e8e0a944c501fc91b66f33f3a7addbf44b5fe5ebc442034dd6bac624911f30a267b24de772974c7d224f5058 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1314552361\manifest.json
| MD5 | e7314184e67b4501f5048c2e5f181d96 |
| SHA1 | f741a8a1b8c18c8d4974f937ef589b134dde5419 |
| SHA256 | 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a |
| SHA512 | 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2668f524b7f7b7878c804d7d3cc6f2e |
| SHA1 | db36f5a7105324351651a9bd5b18732546cd52cb |
| SHA256 | f1403f32d47cb41af5f47c4111f70b9c84c52c5c509e49ef8f45d62fb80a90a7 |
| SHA512 | 76c5a1a6285795481ffeb8fa843c6ed7b486071c4decd28ac66d089aaa803f0f2de1ad88422c9bdd9e72fba28a02b5188c7f3cbd3dfa3e45d988b0b4e528d099 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
| MD5 | 4587d52babb585a6c764b03185519360 |
| SHA1 | 74b2bad738d94519e33e97d2713bcabb08d7f4da |
| SHA256 | b66fdb3918a39f784976c41c0b94f0fdf59217aade0d491e22c84928e99589d5 |
| SHA512 | 490a908a47a2c04252dea7abacc4a12a8f7317fc01cea6ecdd958b8bc013955c78e63348749623bfb071cb8f207758c98ca7ff1d184436be2a2cbb6bd9ca3570 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_A81BB8DEFA061C43E51385B3AAAA57B8
| MD5 | 9f40ec3cc0cbdb5d14eade113ee34f57 |
| SHA1 | 735e3b522294e2442d3db73bd37e23043c00ff74 |
| SHA256 | 1f8ff22e930f94ab44c6b4987922e0ed21a38cdee2b7fdb881ff2eedcb736aed |
| SHA512 | 21a139757a0fa15dd17654c6570e6977064738ffba3c45b96e12945c73e4744bf1a850c88a41a28575d37879873772654854ab0c7f7e1ba64bf7acdfafb002a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_A81BB8DEFA061C43E51385B3AAAA57B8
| MD5 | 0d1fe868708d7530b6da83cb3863cd8c |
| SHA1 | 434e5c9091c78c7b8cabeb3f54b1e67999cd368e |
| SHA256 | 90784aaae4da76c39c2fbe732b39efdc15812175e84ebb4b88647d50be80030e |
| SHA512 | 09bc631710aacab1b713f731ef8e02894202e4c3e4522a569fb191976b51b12ac2866554b60518e2feb7623af2014e720a92ba57bb0bf7c079cae957b0dc6f01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
| MD5 | 7901f11dcf2992896b9a5548c7eee1a8 |
| SHA1 | b02b1dc353b5e462c2e65e39119cb130bfb766d3 |
| SHA256 | b2385a0aedd9ca8fac8dc9597346be20586995b1821117070e4b291b3527aa4b |
| SHA512 | a511db3fe08a0d93381117cce6182b64ddaf4aaebcabf0fd98ad64a3ff5ea37b510099f676871e894b1f8551f80ece6b6917dce2e0dce81c1904195069295e09 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0MYGPINR\agreement[1].htm
| MD5 | 32d4112f03de2020a43731fb71f6ebef |
| SHA1 | 8de582329d8b5bf794f80cb5827857a8800cad8c |
| SHA256 | 96d537101c7f381f21c9d07254a11e817b66c84d002c5ec6bd80fe6ca3c8dc3f |
| SHA512 | a19cf51eaac57c72691507267c3b9bb8aea09cd0c92b5d5bc88fbf19beac352c76d2e9bb3f6c3448caf42670b5a4f997f3df816fd25b80cb09c7ec6ad44a4a7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d700db306a74710084f266223f97e67d |
| SHA1 | 133150c6f5572e9fee0150f13f53a7eefb2d11b2 |
| SHA256 | 52fc38565e5debdddf9e5ccf9d22a235ecc6095fa505ac4237128a90b50dd2fc |
| SHA512 | 09b7b5408697ddd1eb41df88bfac9cf941858c5870d06d7a8b7793c89ac4f399c0c470ddcbd35d06311827aa17eb0dfd811ae8d2fc595118874a95fe89deeed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json
| MD5 | 1c865471f98902a3818e8bbf46360342 |
| SHA1 | 932497309e942f67080b84dd37dbd634117135d4 |
| SHA256 | b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d |
| SHA512 | d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_97463467\manifest.json
| MD5 | 01cb8b111843d1f1dac11d249c24c8b7 |
| SHA1 | c4f1f6f219f325caee6363df7f459323109f2f6e |
| SHA256 | b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a |
| SHA512 | 075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json
| MD5 | 8060c129d08468ed3f3f3d09f13540ce |
| SHA1 | f979419a76d5abfc89007d91f35412420aeae611 |
| SHA256 | b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92 |
| SHA512 | 99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\v1FieldTypes.json
| MD5 | c1a0d30e5eebef19db1b7e68fc79d2be |
| SHA1 | de4ccb9e7ea5850363d0e7124c01da766425039c |
| SHA256 | f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1 |
| SHA512 | f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4214f6270241466e0fd46287f77a6f30 |
| SHA1 | 63ce9c62428ec84a248f533e2808af37e2f8fd65 |
| SHA256 | 51db7f75f698328c49ec0e1d3b3da2bf596c700334f03d1a56147745330014fc |
| SHA512 | 06b695f82b0f031b3bfcc05444437a8cc0ba13e844a5c9b9f2513354784ba3f086211a4fe24e677acaa4250ecda21cbc06f2def0a9db28ac8d59c63cdad0ca85 |
C:\Program Files\3uToolsV3\files\bonjour\Bonjour64.msi
| MD5 | 86e2b390629665fbc20e06dfbf01a48f |
| SHA1 | d9f4697a6f4eceea24735822cb1df501268ca0b0 |
| SHA256 | 46e31e284da64d6c2d366352b8a8abcf7db28d3e2a870d8fcf15c4a6fe0a6dd1 |
| SHA512 | 05ecd3be5779f39db09329dda4dce0e3c49ac5d3950e92833031622b53542dadbe9e2948df35faeb4c41dbc8e01992935087c4a2975c797bd008ae177f7c3fea |
C:\Program Files\3uToolsV3\files\OpenStreetMap\search.png
| MD5 | a73bcc83dc2729d19d9d0e1eb36bbd96 |
| SHA1 | 9d15df65438cab48d07ebe7e9359258ff1011423 |
| SHA256 | 29739779fd76b21175d4ea24d7ded3e057233127062d05c164b9ab4df9e11a3f |
| SHA512 | c37de466294c22c9b3ed6587c639a7d53ae6f5cc8d352931035885191a2fd329dae3ff28d1bdeb363c2c12243505584354acc5f88bb8e21da9c2942d03cacf03 |
C:\Program Files\3uToolsV3\files\tutorial\ios9trustapp\jquery-1.11.1.min.js
| MD5 | 8101d596b2b8fa35fe3a634ea342d7c3 |
| SHA1 | d6c1f41972de07b09bfa63d2e50f9ab41ec372bd |
| SHA256 | 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441 |
| SHA512 | 9e1634eb02ab6acdfd95bf6544eefa278dfdec21f55e94522df2c949fb537a8dfeab6bcfecf69e6c82c7f53a87f864699ce85f0068ee60c56655339927eebcdb |
C:\Program Files\3uToolsV3\translations\qtmultimedia_en.qm
| MD5 | bcebcf42735c6849bdecbb77451021dd |
| SHA1 | 4884fd9af6890647b7af1aefa57f38cca49ad899 |
| SHA256 | 9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85 |
| SHA512 | f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78 |
C:\Program Files\3uToolsV3\translations\qt_gd.qm
| MD5 | d512456777500dc13ef834ed528d3704 |
| SHA1 | 90a32284052c3fe12c18afec9f7ff56735e2e34b |
| SHA256 | c515dd2a2e00765b5f651aae124a55d617b24777138019abc5a7001da7417561 |
| SHA512 | babef929ac600c117967b42389623f352d219a466c484ae68ef3c9da9ff61555875ffb0dafc3e5eada6fb43d37f7afe74a6b6c73458a93ffb42819e1068c9a3b |
C:\Program Files\3uToolsV3\translations\qt_he.qm
| MD5 | 26b777c6c94c5aa6e61f949aa889bf74 |
| SHA1 | f78da73388c86d4d5e90d19bb3bd5f895c027f27 |
| SHA256 | 4281c421984772665a9d72ab32276cfe1e2a3b0ebe21d4b63c5a4c3ba1f49365 |
| SHA512 | 8e02ce06f6de77729aefa24410cbd4bfba2d935ef10dcf071da47bb70d9c5e0969f528bdb3db5cab00e3142d7c573fcf66ea5eb4a2bc557229ad082c0eb1dbcc |
C:\Program Files\3uToolsV3\3uTools.exe
| MD5 | d0537f91590c1122e5aaa5e08de565d4 |
| SHA1 | d57923e88709be706b87cbdde7b1053b16e75a2a |
| SHA256 | 06cac5a360c086197ffa6bd223b3a9cc18949780c11a888e2b6122f4f7e2d689 |
| SHA512 | a721ab6adf39f390cb8ba4a0db5dbdebd9891f3b8d0a3d11a31b57c1da768e0d7f4266dcadcfef2d9bcdbe63d35e6fc6136332c4d4d8bf5c36d4e01d5e010fd7 |
C:\Program Files\3uToolsV3\Uninstall.exe
| MD5 | 196421661e24c59bd11536f3ad9bd243 |
| SHA1 | a59eeed11cf849a76e69c52b35c56fbcfbdde074 |
| SHA256 | f1b74d97c627f30df80f2615726561b103659a93e5c9c718bb4ed5b96344d7e6 |
| SHA512 | 7a358d504b74abbae0a7fa502ee85c87ba528ef01679af6a5fb591e75780cc8b1b4fb9afa11374ce7850d3c195f982a754319a015ee5bec4b4f0ba9a17ed095b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa851f0ba24ad6d6edc63e0d8939edc4 |
| SHA1 | b60b691902a1b699f9700ef29985b02f709aa2ef |
| SHA256 | 0acd62a09f10b6fd77a46f0339cfe8e4b36d2ca6b9bfaa56f88d41dafad4ceb1 |
| SHA512 | 2e9eb36bb595d5641080f0ffd4406f163f204e02b1adafdc25c9cf8a9033a68ac8f6d020980ef9334fc72f9bcb45c9522f19aed403effee732e248687e641227 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_906627306\manifest.json
| MD5 | 59e5d162c3a5d96b7ebd23712271b96d |
| SHA1 | f48585f462ede55730df40a762f5234dbf67d664 |
| SHA256 | b88eec9977c596dc8adc22e39477392f808ebdc61220bfcf373dee09f87e764b |
| SHA512 | 1b1924164338dde0a51b852de40b4c422ea69a56c0f7f2d0e87f0c4d861416e1f9f922ab04aef0b808df4f372c4bf12edd147ec34872b97e8aff92d823a695ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.6.30.1\typosquatting_list.pb
| MD5 | 981943717a2f6eec151e0981f42afffe |
| SHA1 | 7b96d1970f4137632264395dad561e541d0dce0f |
| SHA256 | 10d399c6b6ac4cf794b498459cf7926cc4bf6f862b78baf790c036c63b922a56 |
| SHA512 | 360feb97c12ba3db31df8b8f7e11cc6aa362b4c704f531df1d6de77d74468d7118d030048251b9ee336682bb6cf97b577f319266fbae609fdb28f6d46bcefa08 |
C:\Program Files\3uToolsV3\Qt5Xml.dll
| MD5 | 6f8898d2285d5466ec54bda8af8d10b4 |
| SHA1 | 7238804242aff57aec15acf2351eb507b0111a39 |
| SHA256 | 2cad1733f9efc647fda9fcbe8cbd188e71e3cedaef0c3c1be07b6530d5727f9e |
| SHA512 | 200b2a62ead63232a7753c4b19813209951bdd00a151135a914c121077eb22c9a38ed550ac8842434758be4bbae4b14ba8096417f46ee8c051e589c0c4ec1e80 |
C:\Program Files\3uToolsV3\Qt5Multimedia.dll
| MD5 | 8ca625fd879fffda74779b0af552e465 |
| SHA1 | 6c6941e688136d22d72beaffcfe7cf541a62a6ad |
| SHA256 | 42a532132a7a04c0421f697eb023c54d791d3a8a3b2f82209120292073aca622 |
| SHA512 | 2087fa205916db22434f83f213419d88969bbdd48dc3908f1069df15996a4aaea9fc19eb572442c180c63e01824c3a9fe45e256318e588ca66eea2b40da6e1b7 |
memory/2392-2378-0x00007FF96F010000-0x00007FF96F400000-memory.dmp
memory/2392-2380-0x000000006F6C0000-0x000000006FFE7000-memory.dmp
memory/2392-2379-0x00007FF684130000-0x00007FF684E29000-memory.dmp
memory/2392-2377-0x00007FF96F400000-0x00007FF96F93D000-memory.dmp
C:\Program Files\3uToolsV3\Qt5Quick.dll
| MD5 | 2577d3423d0f29aa70a78450b28b5ec5 |
| SHA1 | 418acd19a9535bb5536487b3bdb7b73090511b2d |
| SHA256 | 98307b0c701b2a9886de24eff369e22714fe0aa3404e6a58591c8afc3719813e |
| SHA512 | b9e82136596263a36a6bd37564d6649205c4e66e19e9ae3ef79a31bde57c3ed9a8219ab0ed71e6a6c208e5b6b2e3d29cee437c6fca7cc1e2634fc9364908196f |
C:\Program Files\3uToolsV3\Qt5Widgets.dll
| MD5 | 2c3d30abf2f9cf6ab33107e8bebdb181 |
| SHA1 | 9569fe1092aa2c4bda74548e44482e852b7a0167 |
| SHA256 | f9c58b3f883ce8e969fbeb2908f4a95589122c4574666d75dea6f6a835e3bc59 |
| SHA512 | 1cb5e3c2e960b992c8030d38c2f76307c06f2f1e7eff25ae99fbd304b32b590cfec5615dfcd05b1b1f8bc740db4360cc78a669b513cd94ba82b55743d0df57d9 |
C:\Program Files\3uToolsV3\Qt5PrintSupport.dll
| MD5 | 47a12398c7cecfe9ff5556e0dad8d8fc |
| SHA1 | 15e5c03a91d887b59a76634690d6d20efa9230e0 |
| SHA256 | 10f3f980b25d8d28747931f9c8b903beb0cb4e01ac5c4639c4757ad380c57b12 |
| SHA512 | 17b790185d1d24617f07c36091bc8db1df971376fa30643d205e7d5c3e82dd5bd7a4046a64da31d0bf25f052992169447e74a3827d8e54fae0e9e0cd6ae15927 |
C:\Program Files\3uToolsV3\Qt5WebEngineWidgets.dll
| MD5 | febd0bc442a26588adafd4bc3d59e7c3 |
| SHA1 | efc0b54962de01ba8a7db5254a14c3a1e584586d |
| SHA256 | 6f925a98067394119dee637365c7426bc011f3790a6ebd1209e0941ac7d8a7ae |
| SHA512 | ad0cc1f77af94ee83683eda0b45992652370faae6625a4476f8fa962e553183dd3a1d80c9b9b81b4bb20db7fa51d4b9418c5c27f37885c90553cbf6e2b7541d5 |
C:\Program Files\3uToolsV3\Qt5Svg.dll
| MD5 | 5455034a118445adabb7a2dba0a5c240 |
| SHA1 | 6ba6563d7709dbddbcf94ed2501235febe2385ad |
| SHA256 | 99fdcb49199d843659c4570df27670f12b33f659e3d080f8052c417fb468fb8c |
| SHA512 | 86c2834d5582edb79d01c1be508bae4f67947a1b291b512b9641715cdf6ffb6b6e4177ee3fa906c06f6c8775b3ec18b3edeb145566ff500c72532601c6f93f44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 9fe7f8ecaea5b51a9ad46840e96ee14f |
| SHA1 | 35f93a20d601e5b309513e22ac470bb9c8627cf2 |
| SHA256 | baaef36abde9bf1306f50f2e4e844df3206d18852016b25e243de3b01e5eaa28 |
| SHA512 | 745038aae5022202128c2ba045e2ead1d854938e4d01b461428b823311bde5eeb7ec6072e841f6f3ae942344783740bd6500dabc8fe91f65a8b88bdfc325fbaf |
memory/2392-2381-0x00007FF684130000-0x00007FF684E29000-memory.dmp
memory/6092-2402-0x00007FF96F400000-0x00007FF96F93D000-memory.dmp
memory/3496-2403-0x00007FF96F400000-0x00007FF96F93D000-memory.dmp
C:\Program Files\3uToolsV3\setting.cfg
| MD5 | 20597c1917af28d7129d6d23ed5cf8db |
| SHA1 | 5587f3f873f66de2c534c6f71fb54b6be9f48ca0 |
| SHA256 | 78a095c2205d3d1389eae26f6f08d90ec7cae79836d200c7f844c049cc01017e |
| SHA512 | d22851cadd90f36b2cefd7abe0f2b8fb2166bafa3109c087bef2febac2f79963d4977fed9e30b11ff9ed8bd2a0430a363dc1f808f76bad89e9d1e481ca4c1686 |
C:\Program Files\3uToolsV3\setting.cfg.lock
| MD5 | 9b70a249faa11ba4df10db8cdbea98d8 |
| SHA1 | ade180ecaacf953ed71de7c2c5c69bc6302044d4 |
| SHA256 | fbe8833c529861267bdcf94227c2a63bd969ac33b850a66d4c4864f4430dd058 |
| SHA512 | 94741379f7d73d0431dd2455fd02e29d0dd9b6b83e281becf772e30c6216b469525af5e3235ebc30d3cb55ec1c3e3b8f4ddf88072097e844f31107d61778b362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 07bba96691ff18808b46b3a9aec8a78a |
| SHA1 | dd2d34893c759cade4b78a5474b3f69a515a90b3 |
| SHA256 | e7b94b5bdfc91cdbed5a329a4c77c122376b274a4ca811850aa0c9a3126a747f |
| SHA512 | c90a2ead87862a17ba3cd5fdff80ddebbf488785206726624faf289ca03a03fa9101beab7f0c209304fc347b01d69122d06c2adb9289230d1d21654bc8cae603 |
memory/2392-2488-0x00007FF96BE20000-0x00007FF96BE4A000-memory.dmp
memory/2392-2581-0x000000006F6C0000-0x000000006FFE7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaaplrc.dll
| MD5 | 1428a8b3dbf4f73b257c4a461df9b996 |
| SHA1 | 0fe85ab508bd44dfb2fa9830f98de4714dfce4fa |
| SHA256 | 5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20 |
| SHA512 | 916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7 |
C:\Program Files\3uToolsV3\setting.cfg
| MD5 | 295378b509925b097268cfc33042ad0a |
| SHA1 | 89fb9cafb2b95563c600e4dce8a3e523d357ab55 |
| SHA256 | ba6eade872ca4b90cc2207c54f706d461a3a3e268fb0ec9bce2dc1bfc7710f53 |
| SHA512 | cf0f1305b63f16d21b5ef3bdb104d34f9a8872cbdb9c065ee25a724152d0ea3cf2a746576c2ad3136a1e2591e2b75a0e3710b75d7fb08a0dad7e5003ab06de2a |
C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEEBB.tmp
| MD5 | 97bc3bb77be14d66bafe247e5c46b0db |
| SHA1 | 4a78bef761020aefc50adbf894eb02666dac6db6 |
| SHA256 | 9a160fcae82c933fe3930830782b7458707defbf2200f46d370f6bf1a699c376 |
| SHA512 | 2379eaa10def39cb5286aba3ba7df558de48e91fdb112aa8e4463ed009fd880fd4d46481d6aafa8ee84577331cbb79689ba4bfe4451cb017df5e31d7e95c83ab |
C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEECD.tmp
| MD5 | a31656d224232177d4049bdcf6d2a34c |
| SHA1 | 432483c57d446b2ef2bcbb1a8fe5826cd60d7011 |
| SHA256 | b385f6d5839e6a031451947f8ce57a361b2866ba888bea58ce37f425d36c020e |
| SHA512 | b403e8273c7076470cd93af76bd8714d1eecf14104b362971c6af84758d1ced73ff10a0bfc2c3f0e01f11716d77b21b01b0d660c06b0773734a961f7e7830bc3 |
C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEEBC.tmp
| MD5 | 2ebc04e384f237d2b32caca8a3f901ba |
| SHA1 | 1f3638c5a94668f3877f046b6df2fc4ef6f2cd08 |
| SHA256 | 32a07ee9313ae0b4bae928e5ba0e2eb9d99a5577946fb44dcd0e81d8062859ac |
| SHA512 | 8c142a0eaed394f742e824ff41d0ceb927572d291fe20278d5c09ebea3d69467ea91db3befe72f550dfd6efa526836f7241d70589ca2ee5f8c097d3ad83ba601 |
C:\Users\Admin\AppData\Local\Temp\{cd7ff25f-8475-2f40-bc40-909bb41e730a}\SETEECE.tmp
| MD5 | b2e9926bef29e3d5fa62928f0c7a16f8 |
| SHA1 | 5325f3761554b960e00ada65478cfe2967334768 |
| SHA256 | 97830acae22500125bb9fd2c0ad39471ac97bf95eb6787bc368c1365dc608390 |
| SHA512 | 288bddb5bc4495ca40fa2ad5d2e9f9aa49c0ce05f7fc464d759e7b529b748c6f0726b24ff69416acdce1dfbff3453362da40f4eaaed67ecfc3c2526935be4232 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\driver.7z
| MD5 | 238c5c261745b85ae717bc49df6f8170 |
| SHA1 | 04d2e17652e4f5c9aca9bcf756672df34db2da6f |
| SHA256 | 16fc810b7a9df820e9544a517cba3c455fe68d2b4934172f98d184e94c37cb34 |
| SHA512 | 17504743c90bbf6f0c8724ef439d317c4fc1e668e19c3445d7a96ab5915c4527ac7366fd951fb9232cd8c158ee5136b7563da9b42b02ded6378b05fd036ac7c4 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\applersm.cat
| MD5 | 8dab3e4d8e271f17696cdbbd638f28af |
| SHA1 | c4b3df527a77303785ed28a5cf1ac00d729ee83c |
| SHA256 | df42e6ae66f82785552cbe1815246128cea10029e9dbb463e211590941a81bc1 |
| SHA512 | 0a52bb023cf6d33faded6eb2829e0706f021be76217f050a77f65b09142f20b37675877ce8911cdb3bc8349357e0630a1e36ec60b3855097ede1c803a60a5880 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.inf
| MD5 | 6db0394609c92e266a16bfd93b1eb597 |
| SHA1 | 2d77b73e0ee0cf5f891dfb527991ead8cb39f22e |
| SHA256 | 10aac2d96e5b2c8f55605fd6acf6a39c7ef3d092018a5bc622011ec46c139a7c |
| SHA512 | d1e160e507d5f4e2a561226c5ed4254562ac1599481f22d39d6f3b9560312f42d85247017db3b8b710677559327ac71badcf2473696a14dbd2244de6cb48c4ea |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\appleusb.cat
| MD5 | 70e09f54ea9a321c80359bc9493fd9b5 |
| SHA1 | 440f5acf4b12bdfb052bc2e079e80a8ec6feae1a |
| SHA256 | 775e43292702903d1f3991b655dde23ccb378052d28f7e0e8f89e2f4580a7387 |
| SHA512 | 46bedf56160b17fa9fcf0c707d88b6539e4acab7c76e74bce31d4875c0f5d1f8ff0eb177f94aa0dd11b47c13d39a637f96a81af064aa79886259082be79b6ead |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsb.inf
| MD5 | a150a24f14aa40de4c18a868993c84aa |
| SHA1 | b239f3995efa3018025a8b59bd7617f6ae06fadd |
| SHA256 | 71ef7dbef3e7b2c1bdc32c1a4400aa5f92c5c7eee9ef6261385c54cd9d0e26a6 |
| SHA512 | 953cf9074a00267be108d4fcd8626bfd56fcc7e1df5116a39564cfca4cc472f15ba1f4731dbfcfc92f2a92aacaccb186e9e552bf2115e68f07699854194b1010 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.cat
| MD5 | 168c4256eea6a76983d79d45f191469f |
| SHA1 | 2f4e6d8db4bcfeec816d31a70045895a3e6158e3 |
| SHA256 | 2b8a6ebc3e10d06a6ebbcb4ef89992978836eb52d2ad1c09e19b137b0963c2f9 |
| SHA512 | 743f28589f4357594c4490c6bdc46b6ca6e3164ab58495d686316ba8effc004e68507b26cb07032f3232ecf21045078a97aae0fad9ac78acff48ec2ae0c26585 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.inf
| MD5 | 2428e7f81420a9d7e81dfce9fa0613b3 |
| SHA1 | 96605444de2721d553530179ea96024f29b32827 |
| SHA256 | 6db20d1374088a64b5a435189e3cbf1c0f30496d4a2c80346bc904605f3d0261 |
| SHA512 | fc98a3010d5a71ce4c9ec2ef16914cc6fabf531fdbf1cfc487d42dc352111e47f970565a011cc6ebd18b2632af5bc107e5c0e784127b789b68e6cb3f214aaf5b |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.cat
| MD5 | 98b045f42f67bb602d8b768318a86018 |
| SHA1 | a04dd80cb60abf2dd73aae417b0a34e10c321346 |
| SHA256 | ad62ffdfba01af7222d95193d23bef0084115ee3aaba3ca1bcd808056dfe2437 |
| SHA512 | 5d3295eb28685cd16e7da047d708f3f0d7fe0b2ea56fbe87d671fdb8371ae9d0e8fd18e3c456189954c8938ca96b4dd5937f21716348b27449d9eafdea104d83 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.inf
| MD5 | 2e21c73e279f7d39222d038cb711d7c1 |
| SHA1 | 493f1339c2dcaf82ad589158fd2f1b134cadbf8f |
| SHA256 | 7d256f65ad5b0a2767f9cdfdabe80ff9fe18c00be93e7df0e08c6508f309d519 |
| SHA512 | f5118e029fb911108eae967bd175a30eeee4a3898897120c38e92b92b43009b21f3810805b7a92ef68d2b8cdd84ff3a11d554114c0c4290e5bd9edb0c47e35d3 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\path.txt
| MD5 | 8629beec6d2d530f4b06a816c78358a2 |
| SHA1 | e4fc314491e7af7783d82d452bad1cad6d535246 |
| SHA256 | 348b6816e84c4ee4cfd6cd69d340df2e9a7129c25c24f385e58a06a3bd2a7834 |
| SHA512 | 8d3887345d7389def047296613f1de77cdd8d925f94652c80d5b4b909a693838cbd09bc0df95458d25c25f1bf5b80d71bc030840da2c1ea5979d86677fbf7276 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\USBAAPL64.CAT
| MD5 | 26eee7af8aa1ef8c1bd7c9327c602844 |
| SHA1 | 990a56215aac7000eac9371f489a0fc57d560078 |
| SHA256 | 946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30 |
| SHA512 | 1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.inf
| MD5 | 2da3a91b71919d035d8fd17b6b90bbc2 |
| SHA1 | c2c6a29f3abc80fd992777a92df30699124d37c5 |
| SHA256 | edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b |
| SHA512 | 71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\USBAAPL.CAT
| MD5 | 97f4158a43852869de6ba9f1c754bbc8 |
| SHA1 | 0565f0874d623268529b86967b93a7ae8d57dab5 |
| SHA256 | 1daa9a80eaf692e1c1490afafcc435e37cafa94e9a9dfe453a82b1b472f3b1ba |
| SHA512 | ba75a483ac75deab29c4174f1991dbcf4a76857dac23c99065e07585a5958e49f1ade0133fabdb3c8a28ba35e8df06fb529f81c756ae549b35543ad39817a44e |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.inf
| MD5 | ca3a369e3993295e11d5fb6b7663f3b9 |
| SHA1 | 7771a0176a543725d7bbf70a546c096a4ee2dd40 |
| SHA256 | 4494c8af156d9dc7deea76491d73716e16b42e3e8b5b4555b0fd247b6cacab8b |
| SHA512 | 650b0f23b6470ad84a001821bd5ba6fc906db0e6fd616d734a87b9777ac1f5f6d6d0dc52f5aef223bf362109b77cd89c5b4e93562c1168fbd049756d714b64cf |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.PNF
| MD5 | e70b88763cbd6ea996b231f2d1f22b77 |
| SHA1 | fa42e09d3bed60f7ad90f46ef142699ff6a376ca |
| SHA256 | 0cdad698563e00f2f7fcb88d8260428630f2cac3bd8f4a60b6862c1db0694961 |
| SHA512 | 6c9c46fda2d6dc9076333981c5baada87a711d09394a4faa02d3c8d7dc40e08464c37e5439f604846f758684cacf7f78bf944dfcc84506b0ee709dbf4cdaa0cc |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSM.sys
| MD5 | 39fbeae7efff3b0859b3d467e906a81a |
| SHA1 | de04f243e6837394f141897e6df98a7777a05d46 |
| SHA256 | 30bebe8d26c16e1d22d776e641f7a68b9ccd1c70a3804964db6753b821eee4b6 |
| SHA512 | f565684b27a92dee7b748479631af3f1a201fe9e6cf3b76346f83b59b1755fa3483c97c95b65e7bdd7d2bfcbcb973c4c1f0a2a6859d17e73b249e75f9a6c1058 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\applersm\x64\AppleRSMInterface.dll
| MD5 | cfdd6b37070699bf9ac287fa4fdebf0f |
| SHA1 | bb6d98979e0577229beae7607a92d5caadf45113 |
| SHA256 | 35075c0a280d7544b402c1f030ae9acd3c917fc1bd6a52145fae9b2a55320ecc |
| SHA512 | 793151eb8ab8c35eab2a4e4d66b2dcd4827fef53080b5c0be7fa359e7f4cc7377998d7f222303d93233b09fb76859c16f6c47b3ec3b0e88081a8d1cffa8b4978 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleKmdfFilter.sys
| MD5 | 201f083b80cdbe930d78fe72f1123e22 |
| SHA1 | 6a368a4665e0e56c3f32973c679258ab6c4fc35a |
| SHA256 | 72fe475d8ada0cc2e26a4e659ca7d03bdb8d3061b4a689016a54eb52b18773a3 |
| SHA512 | 3fa61fac2127efbcadff25c17e055f32ee8ec65e82f192cb87fc3390dac322d5d24b611ac3b665b5661beb1bb0e62929e6912c80880b2187540298bb6eeb52bf |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleLowerFilter.sys
| MD5 | dbd000cc3ef170bd3e5d26b7349a7039 |
| SHA1 | 1022aa866910aeef33a711f5a6d1de77a5dcffb7 |
| SHA256 | ac3469ac659287626b05cda0da457b63ed78241d4f20c60778f6292d6e158346 |
| SHA512 | 6342cbbd7864494ca22b9a5eb26badbedbf800d094cb0343ff441c1b6db49b73e87d37377ed9029c386cdb4e60debe9e24cd34d0f3733ae55b42f6bcd7ce5f3f |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\appleusbdevice\x64\AppleUsbFilter.dll
| MD5 | c1c5b35fff1e13816718d6c30e15e2c4 |
| SHA1 | a75a49857418f8915d27df08802555e9d2f65274 |
| SHA256 | 17fa26ea576e98f40eb2a353123d27232335e3a20c8d91465ec83710bc1a8eae |
| SHA512 | 6725458b4b99d330d49c2499659eb87c9cf7c623fb5e9d1660c2dd13104e169ca1cfd242dab1ed601ff9902691d7875fc7f5fb6bc9851c336b41d20c0b66ab3d |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\netaapl64.sys
| MD5 | ee00c544c025958af50c7b199f3c8595 |
| SHA1 | 1a9320ad1ebcaaa21abb5527d9a55ca265deec5d |
| SHA256 | d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1 |
| SHA512 | c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x64\WdfCoInstaller01009.dll
| MD5 | 4da5da193e0e4f86f6f8fd43ef25329a |
| SHA1 | 68a44d37ff535a2c454f2440e1429833a1c6d810 |
| SHA256 | 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e |
| SHA512 | b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853 |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\netaapl.sys
| MD5 | 9213aa35bca94eb79d366da254e4bdf5 |
| SHA1 | e05ee5138270ef09bdaee37b31ddb57935e55cbb |
| SHA256 | 5e1c71beb6cfff5a6f149e9fe6e169d087a6cbe63a504fee8d42170284952f85 |
| SHA512 | 51f147b5822b1adbc524712575a0d77cc28cdf69e3c6e01a81136043fe6fe57c64783b47d59f8e8dc0235abbbeefb658f9dc123ac104666a8f232abc121a6e5c |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\net\x86\WdfCoInstaller01009.dll
| MD5 | a9970042be512c7981b36e689c5f3f9f |
| SHA1 | b0ba0de22ade0ee5324eaa82e179f41d2c67b63e |
| SHA256 | 7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77 |
| SHA512 | 8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x64\usbaapl64.sys
| MD5 | f957092c63cd71d85903ca0d8370f473 |
| SHA1 | 9d76d3df84ca8b3b384577cb87b7aba0ee33f08d |
| SHA256 | 4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf |
| SHA512 | a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc |
C:\Users\Admin\AppData\Local\Temp\itunes_fix\usb\x86\usbaapl.sys
| MD5 | a176718f0df45f60f545cf3e14f4d108 |
| SHA1 | fb03c1b53709f65712df5a8318130d9788bc3cea |
| SHA256 | 5e767cb0b51b3ba05b6f99a7e46bec275489dcfe874343c9b992843aa1f2334e |
| SHA512 | 7af3e0b90cd175b6b6c24abf237dc4395e6b9d2f360ee2cc3721d3184811fb5b086199d4a27f36bce8d6462c2717b3d9e2e1814a9d5a24ea4dc4fea32e6ae427 |
C:\Program Files\3uToolsV3\cache\devices_table\border_14Pro_SpaceBlack.svg.tmp
| MD5 | 7f2390f5032c2a01f2af2efd2fbf0fe6 |
| SHA1 | 155dfa69d939cbba1a6f147d608a102347af3509 |
| SHA256 | 65d4e961734340bcc372fb5789c5ee02070239e6209b9cdeedae54623ec2b7f3 |
| SHA512 | 7cfa63e91cf4f6569cf37fd49134cdc417758fefbf9720560bba36f7e85263954bc3979750213757550b7794f5d588bb2583273334fa44161248e2e36fa78a6e |
C:\Program Files\3uToolsV3\setting.cfg.lEHaQj
| MD5 | 4580d28ce81683110f6b8f192559f4d6 |
| SHA1 | b45ea89da23af0d32d44862cc3df06f0dd7f5a84 |
| SHA256 | dd1168b4e604e5526025ee6f72a658f60fda90c0fa66bc5d26206c0c83c72c38 |
| SHA512 | 52fc5c1803676182683ef960a2fbf101c75693888b292195efc373f38225cfb55a88ca3350ec746d26af79c0d5060b33506a6667cd80d7413243e87de81f8666 |
C:\Program Files\3uToolsV3\cache\hometmp\1691646971451_957085.png
| MD5 | ddcce3bb78f7afe368ae73dc3ea96ac7 |
| SHA1 | adbc9d45e15c436b494a3141beeacfd94ad5dc46 |
| SHA256 | e8cae30319ecbd47cc171f1b594249b475ee6e21b3be7f647b8b498140fcc4c9 |
| SHA512 | 70243d9e576e73797664e3abbf01aed97d8c74ebd5fb73d63e37222131f8f32a65aec7676d4357867d969adc30eb1037bf3841dc63a6b0bbc8468b3b9ceccbe1 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1437024510\manifest.json
| MD5 | b721bdf2924d658186ac8868dbd2c008 |
| SHA1 | 914aacc65bb7933bd73aa06f8bd2ca0b04de3858 |
| SHA256 | dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3 |
| SHA512 | 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda |
C:\Program Files\3uToolsV3\cache\hometmp\1691646872461_895937.png
| MD5 | 417a9a266186eba0b5c0e7fae060d5b6 |
| SHA1 | cbedf7bd71f7737c076069565fcab54cd040cf3a |
| SHA256 | fb536ebf3436a353ca42d3efe03204d9bd13f6d073887f8f38b875896d1b51eb |
| SHA512 | bd6fd68e74312501cfe4701ed8627e341d53cb59c6f5bd23a86ee3ae7310762e0dbabaf0f96c5dd99e60a616242d4410e30f3ee083d9b54880ce3073c63a3c62 |
C:\Program Files\3uToolsV3\setting.cfg
| MD5 | 908dd478504c22b31876523fd2ab71ba |
| SHA1 | 588e8c648db833f55b26bc0476152c19724a2c37 |
| SHA256 | 7194abe7c90cd230420ded5a60056aa2ab82636d5a654df9b00e3f9a4555d25d |
| SHA512 | ab0f215cb9e37042017a477814ba3d3b8b64c748028e1dd70c6978180fc57803786db641789628c800f2a14233257fadf750f4ec681144d969ba7bb672c7d1e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb38c2f13966a1b5f85a0bf1b5d7c83b |
| SHA1 | 283a121056651b69c993fefcaf4b528ee59ef0ce |
| SHA256 | 90557cdbecd2187f5e05a16e200c924dd940382bc2e612949b6da35b91f424f4 |
| SHA512 | d12b5959471884fd578dace2d455dc33fbd85b7178ee6b5a4b442207fe7b206fca2418c8fe7b5f6ac16d8ddce784ec82e36465d007a6d983bf58bff84d2fb045 |
memory/2392-3237-0x000000006EC90000-0x000000006F6BB000-memory.dmp
memory/2392-3275-0x000000006EC90000-0x000000006F6BB000-memory.dmp
memory/2392-3288-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1369925633\manifest.json
| MD5 | ba25fcf816a017558d3434583e9746b8 |
| SHA1 | be05c87f7adf6b21273a4e94b3592618b6a4a624 |
| SHA256 | 0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11 |
| SHA512 | 3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f |
C:\Windows\Installer\MSIA461.tmp
| MD5 | fe11c4804b99dc5328b62f266a34546b |
| SHA1 | b9e4b99c71d01a5105263b1b351325ad60ac31be |
| SHA256 | 774992b8ffbb893475392387ff449532c9d75ef65b1e45718a03967bc526c739 |
| SHA512 | 29f9f52f36de3501c60a9c41f5f16580c4f2b1c30bbbb2fbbc002b21ff514b3fdf5f1ad809fb84c9927c48a1cad9322ad92fd0a40522e115be8443946332a6a7 |
memory/2392-3357-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Windows\Installer\e5a9fdb.msi
| MD5 | 5fa31f33afa76e4ff8387d526abb70e5 |
| SHA1 | c45e907c6189429b231579988cbe1010dd7f0f9b |
| SHA256 | b6accb2caf4f4668f130eee803387588d31cb9e8d16c9e02ea010c554c1193e1 |
| SHA512 | 6e2221ce35ee00b86ca4494ea41eefe9174290119f0798a351a2ffc51f3c8a35af3181c3d366f6232d5b2cada6729a265fdbc6de42ac56d8598516b2c9722072 |
C:\Config.Msi\e5a9fde.rbs
| MD5 | 85b1ba52b4c17d704be2101f078c651e |
| SHA1 | 32121e5b185c41dbd2c2dd22562c87491a4b2d9e |
| SHA256 | bfa2975e1c5dffd99617b4fb165b3e926030914bae01d16cca90b45572f8c6c0 |
| SHA512 | ee6a0ef58c387abd94fca5d5460c8a9e09b1e4be68b5d6f3421b25438afa9dbeb9f65b6e17bdd021987d3ab698b3a8f393f08416ed171e742a239f42b7dd7bd9 |
C:\Windows\Installer\MSIBD93.tmp
| MD5 | 950087e828e1b7426f703678e446c799 |
| SHA1 | c9f28be9b9f810132ec8d78c161e5a232491e60e |
| SHA256 | 8a41eaa0d699f48661c2560aeffe4b0432cf755f1b15e31ac9aff667d498b3ee |
| SHA512 | 9ab24bf84a4534e219df132a0b43874c1d6410ef802c69e65c5aaf3d0c46085470690851ef23303f9a48076e8ae552d816903e02c43c1af83e6fc3457d2acb93 |
C:\Windows\Installer\MSIBF3C.tmp
| MD5 | 6f8e3e4f72620bddc633f0175f47161e |
| SHA1 | 53ed75a208cc84f1a065e9e4ece356371cac0341 |
| SHA256 | 2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e |
| SHA512 | 80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869 |
C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar
| MD5 | ce9a2f5a7fcfff341d6d901ad919a2ab |
| SHA1 | 341f9d9a0b3fd8cfbefe0169b148dcc55688ee93 |
| SHA256 | cc36a44467f41cf2dc91c126e368e357b28a0d57101472d2dfd1c06a4091cdf7 |
| SHA512 | 1f53e652b042ee27fe05b11ccda2ed9ae9a8f44b948b8658aa7a2d7ad2f5bd94ea16f3d9a92e65a8c65b7480517f1d05a066a4fb8d961b927d0d305399ca4e8f |
C:\Config.Msi\e5a9fe3.rbs
| MD5 | b42a077188287e2079f32003a943c6d2 |
| SHA1 | 879946897ee28b52ac65e99c04dabbe86b34a3cd |
| SHA256 | e798a1dfc4443227d4070e430490b9a8d04d59b47d4d64d91649d6ee7b657c73 |
| SHA512 | 116a4bb088c4f886ffa69f0503b9a0cdb75c42d9fe843eef215220c0dbe2a31f33c8fdf999cc793ffacfeacc2fd5419472496531cfb5e6015e7cbe820c202661 |
memory/2392-4025-0x000000006EC90000-0x000000006F6BB000-memory.dmp
memory/2392-4577-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2212-4581-0x00007FF96F010000-0x00007FF96F400000-memory.dmp
memory/5836-4585-0x00007FF96F010000-0x00007FF96F400000-memory.dmp
memory/2392-4591-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 57df952b92059832895da8dc1e95eafd |
| SHA1 | acaa2089a51d1ec1aac0f12a758e1f1a8bff4c32 |
| SHA256 | e90aeb07ef7894ba94302956d1fee93bd7b154900c09619525bdfaa7c932f446 |
| SHA512 | 5d24744bd3f6b209e875a03c0aa4930a6d250515aeeb8513ac448a9b28bdb6f6f93c386cf09f2561cd0d7b962deb5018255ef39f015d122ee6d608d68f1d992f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\manifest.json
| MD5 | 2617c38bed67a4190fc499142b6f2867 |
| SHA1 | a37f0251cd6be0a6983d9a04193b773f86d31da1 |
| SHA256 | d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665 |
| SHA512 | b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\hyph-nb.hyb
| MD5 | 677edd1a17d50f0bd11783f58725d0e7 |
| SHA1 | 98fedc5862c78f3b03daed1ff9efbe5e31c205ee |
| SHA256 | c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0 |
| SHA512 | c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\hyph-hi.hyb
| MD5 | 0807cf29fc4c5d7d87c1689eb2e0baaa |
| SHA1 | d0914fb069469d47a36d339ca70164253fccf022 |
| SHA256 | f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42 |
| SHA512 | 5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_1235726703\hyph-as.hyb
| MD5 | 8961fdd3db036dd43002659a4e4a7365 |
| SHA1 | 7b2fa321d50d5417e6c8d48145e86d15b7ff8321 |
| SHA256 | c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe |
| SHA512 | 531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92 |
C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\AppleSoftwareUpdate.msi
| MD5 | adf71b16f66b235268c5d894bb7c46a5 |
| SHA1 | b44a713560477c1ddc0be33bfff1a21cba714bc7 |
| SHA256 | 0610ef6e01c2ba53f57035545f2c61e85b1bafa6334a47f6de8a63b060f9a130 |
| SHA512 | 4564dba8763a165b582e0ab785fbf658f50fe07469716d0b840261a8faa9b1b9ffba54cab14f674b46bb22445128a1f56e36491421c8ca0b7dab1d933e0dcbd4 |
C:\Users\Admin\AppData\Local\Temp\IXP809.TMP\SetupAdmin.exe
| MD5 | 6a0d9995affa10fd6d842828c9420206 |
| SHA1 | 2c011c5ce86139bf35b72e017dff67b2fd54270a |
| SHA256 | 8ed8fff282adfb2f025b9d789577cccff5aaf426731615ef16dd99728f0f51e4 |
| SHA512 | 879439b4840388bb438f6359c458f61d8373632207ae57ac37c45d74060f5337dda7f0b2b45fa0534c305d5ea7fc8eb5de9fddc57fca513796d0ffc754ebd3bc |
memory/2392-4903-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MSI4A17.tmp
| MD5 | 6ad6ed5ec87f3e15b9ec07752d4f0390 |
| SHA1 | 4ab03a717d114ad88207ad808661d7f009156bd4 |
| SHA256 | fd762fdae46d1430ceb28887ac092e430003f3f09d45c294a49fb37c831a87ab |
| SHA512 | cc96928bbd249dfe6567469a5bb06cece2fe49b7479887434c3d2fbdca33969c2b05e5217be38eec4b5afa439bee3e3aeb9f7a9bfa015be17c31b2a0fff04770 |
memory/1420-5013-0x00000000029D0000-0x0000000002A0F000-memory.dmp
C:\Windows\Installer\MSI5D83.tmp
| MD5 | 928f5dc7a304a78d8687b16618ae7808 |
| SHA1 | b75a22cbcce356cdaf39ad2315ac8974f4ee62d4 |
| SHA256 | d1727467b076e59abc58fbc6a4355a9d238fc5b1842644e33a0f920aab449e28 |
| SHA512 | c85167a58195261cf71c528e4877618fc7183fe04284abf7cc1b50bb74add5bff81d53371d881771bc96302b0be35c2aad9696a7cb3292c3c3ab3cb8e4712900 |
C:\Config.Msi\e5a9fe9.rbs
| MD5 | f07a3879f355deac9a8a01274a60b32d |
| SHA1 | 1cff2b1296e1199457579ae81c72b30e76b89664 |
| SHA256 | 2b20e176c8341d8d898cd361af953ee249c447df79ce5cde93c6cafc975293ee |
| SHA512 | 915384bb7d2ac325a101004f5256c59fa39cdc661f913fc384991b66cb12a2a84598c39fbe09e9ed5af6747b31d8dcbe2977bdb5aaddd9f654754fea9d9f698b |
memory/2392-5040-0x000000006EC90000-0x000000006F6BB000-memory.dmp
memory/2392-5049-0x000000006EC90000-0x000000006F6BB000-memory.dmp
memory/6908-5057-0x0000028EEB340000-0x0000028EEB373000-memory.dmp
memory/2392-5064-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\[email protected]
| MD5 | 59d4281f0f7f665c809f2a68434999ff |
| SHA1 | 1c71204e311646a1b367860c0de11ea5e60e06ed |
| SHA256 | 57b642737825507373c0b192e3431f7a15848c1fb061b51b262b8d2438551e43 |
| SHA512 | e38edd4b53f950b8c3202552d38a6a56ee726a239527a1aec064b9a3a66f06a3aced67c0b6bc3c240994d006d8dbd5f2e2ec67bdd4e76c181e9331891d1d0154 |
C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ViewLineItemiTunesExtras_dark.png
| MD5 | 589bbd384b604e83cadeba1d59f8fd90 |
| SHA1 | ee6fe62fb935e9f1007f31eea754e3cdc315d022 |
| SHA256 | 096343c9ddc34fead4232f182085ceba66907446657257969f3916ba991eb58d |
| SHA512 | 369b8d35ee411971f1dfd02fa065ce2badca714a0046cd26d098c15a8f55185178206516a62de59f81bfd285d4a8804a29b64d98f51f4e4a543bdb2eea993736 |
C:\Program Files\iTunes\CFNetwork.resources\en_GB.lproj\Localizable.strings
| MD5 | 11d00b701160c1244899bc1647e3b756 |
| SHA1 | 866c9acf31291a1459e6719dff2764af41eddde0 |
| SHA256 | 47be7f1aea7eba3fe98080713b1c4414ed5018aee75ee7f6453ae2ff95aa76c0 |
| SHA512 | f1e8727fa33b70bd146d71aa782ef8000b6824c06b936b7584057ca77cd082a001398bc5ef2202e12b50bd86687f3a75ba3a6b028d14c7ae3d1a21d868cb756b |
C:\Program Files\iTunes\iTunes.Resources\id.lproj\[email protected]
| MD5 | 11b4d45789544050871f75c0fb3b5e3b |
| SHA1 | 3362722a15fdd5a67d0c7e1c643c64a3630e89df |
| SHA256 | f03209b2a8826502acf29e9769c73e1fabb923f4ac11057299cf8fea57a13def |
| SHA512 | 51854f9a9961224dac3fab303d2e39e0a30d3f52b9d5e561dc07c69950733e6a9c6f585e001a3f9453fe0a7932a74e9b53fea0e87a691787cd11cb009017a794 |
C:\Program Files\iTunes\iTunes.Resources\he.lproj\ViewLineItemiTunesExtras.png
| MD5 | 59ecde9c26c45850d5d42fefd0a2fad5 |
| SHA1 | 6bca0dc1fb62c293f30bd7880d91cf96835ed4e9 |
| SHA256 | 2f0e9c34845db2353f8798bbd7ec23ef4fc151cd61b3383b0a3280b7de78309c |
| SHA512 | 9b9744414188aacbace2bfa37561266f7aa6426c6e61bece4990601f0a57c7c41302dcefe1757e3da86947baac2ebb06c266f18108448ccee41d205680822994 |
C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\[email protected]
| MD5 | ff602a53d097a0d42fae257d6cd2fcac |
| SHA1 | 57ed476c7c88b7c231ec9e4d6acbd5c04808d78c |
| SHA256 | 8acad76c6c4eb0c023664b845a7492adc2e418cefa48aba7e99496125a06e5cf |
| SHA512 | a5f0d07314040fdbc614d09e2d38bf87ad0a1286c472f8c7403dd488488124e769d436ec1b01ff1b47825455f03aafadcac5722f4367fcdefb13ec3de0ec8def |
C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ParentalAdvisory.png
| MD5 | d947d2a1018ae12438bc118af0a04215 |
| SHA1 | c816253a5341d804712b8fe00967cbc887f99907 |
| SHA256 | 041204ca5fb90b0d19d0f8b5bae858bf4022d9c794990e8fa4a0bc7eae093ed7 |
| SHA512 | bf7192cd4f137311d4696a0dfcb5fec66df5ad45e301fff3f8d4104163b0c64d8abf2b2d3f4100802f75aa55b435cc890005d5836c1350702473b0359add46a8 |
C:\Program Files\iTunes\iTunes.Resources\ms.lproj\ViewLineItemRatingC_dark.png
| MD5 | b52bc951d0c8f8dae4329368388dbb76 |
| SHA1 | ae408ee6f2d946aaddb8be466f7de2b99c7c4c58 |
| SHA256 | befb8ccb14ff090ad56345786c9f367a8cb2d14516ccb52dcda123df5e5dfbe4 |
| SHA512 | 144de7bcef6fc1be493229c84c2038e2c6b6719c5ceba95d7abbc14539c5222a3bd1e65eb00e0c0f3bfbe6e0be4ddbc9d2876dcfdb9f1b3372cd3361d7f58d98 |
C:\Program Files\iTunes\iTunes.Resources\hu.lproj\[email protected]
| MD5 | 02185d025965988b87c6b4748cdcd745 |
| SHA1 | e110b97b7d669361a0f2a2cc38c4a62f3d5deeab |
| SHA256 | ce8aa4cf4ded795fbf1c10fc881978746ce6c76f13accf566e7ba0e98f5af774 |
| SHA512 | f1b6617eff4a584a760c24423226c844e2ceec8df8023bc9a53da69b18f76d2226ad24d0d1b2bf61cb2da9711caf4c23ff7905298edb309cf771cca1797a2c48 |
C:\Program Files\iTunes\iTunes.Resources\pl.lproj\SortPrefixes.plist
| MD5 | e4f62c535e191b6d40912f32c60e1eff |
| SHA1 | 37203bd8a250fb9b7471e1a4b8b2dd4f727aca2a |
| SHA256 | 800cb75b9347c5142edc9094c9c829b10b6a280271f19e8ef3b4673a1cc48484 |
| SHA512 | 2b64834f62de68efc971bf59e36d7cc0a29c3e7dc4c2c987ae6840488f6fb94e88ca73276fd0968f2f6b68d427a5f87a97faa0821f0cefb533deab38a58f3630 |
C:\Program Files\iTunes\iTunes.Resources\cs.lproj\iTunesExtraGridView.png
| MD5 | 94eae9dc7a205de2ee0a17effa21b60c |
| SHA1 | 54f23cb71ac3a62680bd22a3b2b8ed5c6c86d5a4 |
| SHA256 | a33f1e4d73943a77e6471143d263aaa53a871f7534e27435beeea19e75c82fbb |
| SHA512 | 5601cb432d92697a630dfa9c5403b7ff1210f517c51eb84a4036d7c14192af287eb86782a8036b0da72ff39f827d118d276a43cfdc0019f40b85147948d3d99c |
C:\Program Files\iTunes\iTunes.Resources\vi.lproj\StoreBlankBuyButton.png
| MD5 | ceeb4e2a8deb651b69a973f5d671d92f |
| SHA1 | 3fff59aa350cdd2cfea69c08b55540b63122bf26 |
| SHA256 | 51edab4204721531caab3a704e86d54445db4b4ddca70ef2c4b1012fa6bb3d5f |
| SHA512 | 9112040b761b90b93e89249986e6e75d55038fc1537293d7eadd02e181effd601ea15aff7a3100cf2c72de610b8b4cfefb433ae8bd75499e4a3dbbccf8410493 |
C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]
| MD5 | e85fcfa0b73018404b29d4fa04f047a8 |
| SHA1 | 2c7ba150c3fd101231563ffec9a7fd5ec5ae02a0 |
| SHA256 | 55617519bf037182dc93082300e162933c3771996607aeb605079bb834a182ef |
| SHA512 | 141c92030b58dea61e29020b1792cc2a8dafd306af2a9130b105721a026b81a05d0d1621d4a76f6b6e5509dfffd47506885579279b6a098130b542df60b0f884 |
C:\Program Files\iTunes\iTunes.Resources\pl.lproj\[email protected]
| MD5 | 010e5869f100573199acf50905ba17b3 |
| SHA1 | da950fbeb52dea27dc393ad4a113422238bd6002 |
| SHA256 | f533c5ca2a6bdcd1a9c7f757c0c9a17d894b2717c3493bd7ced8f36a722eecc3 |
| SHA512 | 83c30c0291ce0540a41f07a6566eab12b784efe5a7a8dabe29dee67fdfdc0e53e89026511476d0abd46a267bda76e179892a249be46619c7b6fd621d1ce753ca |
C:\Program Files\iTunes\iTunes.Resources\he.lproj\[email protected]
| MD5 | 8875b575ec840a83ede84ca27762761b |
| SHA1 | 7463b50c8483598dc6ae4889633a11edfcd3a5ad |
| SHA256 | 6529e898923292f4163ad09594682cb7fa1c32c6c71baac0e4405d9996dda509 |
| SHA512 | 9af764d681309781353504d270d78ee59798154c94292e8eb73b07e78f077a52cecc9523ee088d68fc08de353541c6ed34fb2d73eabd1316e638485ceec6a6bd |
C:\Program Files\iTunes\iTunes.Resources\cs.lproj\iTunesExtraListView.png
| MD5 | 5e93c7b6af1f907359091cd0c629b3dd |
| SHA1 | 4aba4ecd7b1b5d7937e7c7faaf7ac1629c0394cc |
| SHA256 | b21d24670a44bea7c5c86c2b87d356e66006cfeaebb8e6b7d4ebf07974ac3f66 |
| SHA512 | 492683e196bceb4f80d2bf07dc9031fd8f1667b0d8e3da877df1666bc419276bde0a6af8a1dd983a0b5594d5e0143eeda09ad2b87378cd221fbdb3e45291772c |
C:\Program Files\iTunes\iTunes.Resources\ro.lproj\[email protected]
| MD5 | 6cf4cedb6b5148b103fc91a2d057888d |
| SHA1 | 23e873c7d60c21248eb9f8381643a295dc4fb12a |
| SHA256 | dae1592358924b99a4363cf20fc4a6dbcaeffb5af2f7a248a0fb687e95336597 |
| SHA512 | 4847a96925aa568c6d523f84e760b35d0f4abad4b6df70c3ed6003289b776b3327bbc41dda3da96221113e41b0097a2275db5bc562c77117db6c04e4275fc583 |
C:\Program Files\iTunes\iTunes.Resources\cs.lproj\[email protected]
| MD5 | 236216d5b66e7e9f48715b953b465c56 |
| SHA1 | 7ad8425770aeb398922005b2649c4764c5b6dc5f |
| SHA256 | ebdb9147c9b509b923fbb4e1e7903c84f67b42542b0055b2f8356a16c456191f |
| SHA512 | 6da4821957d52ef729cee2c6436f75b8581b702efeced430e99abc81be11f8cd2f2b2c374a88d68ee177b46b0cf34f723341a78d642dd4c81a8b5f09e8c77bd1 |
C:\Program Files\iTunes\iTunes.Resources\hi.lproj\RatingCaution.png
| MD5 | 22b6a916115477a43ce634ea820a6304 |
| SHA1 | a34138e73bae3a62d745171d62f9f05a6dc07276 |
| SHA256 | 138d6ca25775eee1f0ea7001f694a5b286224372aa168a09578a1a9af7eb76bd |
| SHA512 | 97502dcec76353fd69ffabf398b53777bde50d08cc998a6213410596fc42eade86f717eef60bea0d5a4f193fbdd18b33f09fe360b043246b9c96d3316c7a0347 |
C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\[email protected]
| MD5 | 755eb418266342b17633f1615a1882b0 |
| SHA1 | df51fddb36717426da15d38f4edd48f74c140364 |
| SHA256 | f5f639656493f65e4a5462f6c4e280fdd54a7a4e839c2c0f52c8b5b1840fdab2 |
| SHA512 | 8bd4b9879f1899c2a5e5f9de80897882f262252260c69767365634f9a97e281020176613c58a9d22ffcb510f1cce66dcf26903092c455d7b17f951ba0876f116 |
C:\Program Files\iTunes\iTunes.Resources\fr.lproj\ViewLineItemRatingE_dark.png
| MD5 | ef859a036759f6f29c3dc14928a75c76 |
| SHA1 | 45f8c4450757f2ec653ee0845f5ce497b6832598 |
| SHA256 | c5c8219de48b954849bf19b716dbba8358c66b02836417d8d729dd2a672935c0 |
| SHA512 | 93aae547f72edf6c466b4f6c1a43f7f0fe0393cc7f7ea87818b462a4938cd86903017a12cf4eb1f3e05492b312e8826c5fea1935388a168e1f0278cbf3fb505d |
C:\Program Files\iTunes\iTunes.Resources\el.lproj\CleanLyrics.png
| MD5 | 357922d796c4ab56acb274ec1c89ed4b |
| SHA1 | 4f29801424d33877426dc21cf02bdbabaa321120 |
| SHA256 | 66e1fc581446d80a7f64afeae19273cef7d6a10001e3e7d3127ade5842c754ff |
| SHA512 | e0c7b23cec3ba61f83ba3a9675ce078d4fd36fed08f8e1c20be6e9b7891c1d4175e5ceca9ec3797419b22806d82d86fa4fbad314565d000a36fbe92905c9e36a |
C:\Program Files\iTunes\iTunes.Resources\fr.lproj\genresLoc.plist
| MD5 | 17d011dc9b1de5a0dbcbe11f5dfa4dda |
| SHA1 | 22b3182f41bc4a322f162832b4dfa92a46a71859 |
| SHA256 | a0f0336ccbb2964f1b6534fc1a59a04896bc104473812ce0f407496648eaa93c |
| SHA512 | 99193d05842ff4debac4d1c1ae772d3fa6424f5c097eea557095a9bbbcec044a18c3557afb1d2f474a2b86db7a8ce24d44d2b70d1c5a989258ad9f70d6561452 |
C:\Program Files\iTunes\iTunes.Resources\ar.lproj\genresLoc.plist
| MD5 | 093deba2a9db087a0cb01a676bff1c9b |
| SHA1 | 9c7d3070d1fef593731dacdde8cf38e7f96962ab |
| SHA256 | 2950ef6f4409f89b8513f2bb787f9070c2983b698b35b678088c59cd83246bce |
| SHA512 | dc3860ac3d87ad8f28988b2c7e694721757a43367ce6a1333205cf335de1c29e739a8468a70bc305a60c4d0587aa062fe01f3762d608c9bc4d76867f2d381c1b |
C:\Program Files\iTunes\iTunes.Resources\zh_HK.lproj\[email protected]
| MD5 | e14f8e390a9c489b10eb23306d27824a |
| SHA1 | e33831e12fa5092ca15e7d8af7b01afed996b30c |
| SHA256 | 0775705d7637f7173ec31f22e324af8160b43d4cc6a47a2f199b3751963252b5 |
| SHA512 | 63c3e261ea445de5d7eaab326e0168db054b4d953e81f89f16446a1ef5170a96aa32db5d7cf42181f990a8028e9a67764885a6d94f74d1d1c9910dcebc4f8a4d |
C:\Program Files\iTunes\iTunes.Resources\fr.lproj\ViewLineItemRatingE.png
| MD5 | 30aa67b32a3542874bcc88e146e17b46 |
| SHA1 | 6d86b94d2c71ae27504ce8b3ad000fa4ef532a6b |
| SHA256 | 2ece6d0b0fc97dd6deacfdbaef44458a4b96e43319c78cb74c55d4f7ea79d9b6 |
| SHA512 | dfd082a54a13c5d2fdfa66ee9db8c893bbc6b32108308727665267f0a9e9fa9610c174082c0ca7a34832cbba768a1e2d8f6218b4c5a538a328a6159be05f3cc3 |
C:\Program Files\iTunes\iTunes.Resources\it.lproj\ViewLineItemRatingC.png
| MD5 | 71062ebf3a5a9b5c578387aabb2e7fd3 |
| SHA1 | 410d43bb43f7ddc7ee7cc225963303326485bc0a |
| SHA256 | 5c751b7f4b96d07b22971ea4977566ed88c3297ab7d0b2853e7e9baec00be1a7 |
| SHA512 | 0ad45440a3e77a4ea2d1ebc8531c91fcd663e596a90f5cdf1d0a57384c54d988c0759dff51f5231d973f9886c80c16feecfc16da84579a0cad53ba70b984a865 |
memory/2392-6077-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Program Files\iTunes\iTunes.Resources\id.lproj\ColumnWidths.plist
| MD5 | 8490f8bf0576147ba7cd139446e6cf20 |
| SHA1 | 48a557825885bea1a6afcb662b07113e99a20136 |
| SHA256 | bf81225b2c30aabab43beb74142693ba800af85f88025446aaed2dcfd5068ffa |
| SHA512 | 86f0896fa6ad25a9550cbb3d0746eb413c86832986165e0824eadd917bb902b1f13c9aa60db78d477c3c5921fb7fe1465025765429b6a5a7e638da8063487753 |
C:\Program Files\iTunes\iTunes.Resources\da.lproj\[email protected]
| MD5 | b8f2462ffc91bd1956cb2607c1c9df31 |
| SHA1 | b4d4a46fd481f23268fce6b63496e753ec1c8a25 |
| SHA256 | b58b3ac76194b282833d971e2e2379cb25e7149f29f4a585e9405daf810a3d50 |
| SHA512 | 6814101aaa72a241e4f9d37594c666016a36bd4d5e5ef50623e23590ccf94bac80d2b8c062213b557ebbef5e007fe0400ed9c84422df8f5a5486d2c9bc4516c2 |
C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]
| MD5 | 784f871663195e678f524f4aefccc28a |
| SHA1 | ee8a70134370ce17ce49bb31e92cff252958d202 |
| SHA256 | efab63103f90135001658bac9c8724da424e81fc05c9385953a7555c6ce1ace3 |
| SHA512 | 7e1b0f1f74abd674b09443b835da35b9b1855a0d7ac15e60670c6d3ffa1059fb13ccc579f069e444d073be0da76b65b4dc1d517c2ffef654a99ba9143fda6f7b |
C:\Program Files\iTunes\iTunes.Resources\hi.lproj\ViewLineItemSubscribe.png
| MD5 | d4eda1881d75dbd2b0d9336e9a5108da |
| SHA1 | fa2264a591a47e42b7cd581b9e0a3ada33874746 |
| SHA256 | a9ccdc7553e6cf9095d3760e88a3c9f76c0817ea6596337f21ae748828ce3532 |
| SHA512 | 4a953a46684569c02fa447f46ebc5d8c8445a045703f36cc17df708eb53b2c324bf83c4c71a72f35d96f4655e5159b919f4eb631df598d4888d40a73d675f527 |
C:\Program Files\iTunes\iTunes.Resources\hr.lproj\[email protected]
| MD5 | 5132ff3c2935630e2f54ccc9a360b742 |
| SHA1 | 58a0b7d8667d625d8e0c9267bfbab88551c6524a |
| SHA256 | 5501b7a0c2af99684fb58c1acd227fe53bf07f4028382aca136607ed9459fc8a |
| SHA512 | 816d16f9b37c52f97a64a5a1f4c4b6c1bd2705231703416c7713212e1cca2753e3bc5e3352439a0cebc89a5ba0de584edd1183603cd387e7c7fdea1f023b1f85 |
C:\Program Files\iTunes\iTunes.Resources\pt.lproj\ViewLineItemRatingC.png
| MD5 | 471584f30a8dbce0f8e4ab7a781d3705 |
| SHA1 | 1d4ec7b6ad3ae1ccd48056c84d05f2d684db85b5 |
| SHA256 | ec0e0c2e51cf0c587bd8cd8842682ed78becd0cdb76ba06cb1c8cc1d98c710c1 |
| SHA512 | b6370cdbf9430cccb041c21641409e43bfd2a1b78836ee38fd0a706f26623ea1cc84e645fe6b501fed06b4222173055c101bee5de2cdd012c0cf5451cd3031d5 |
C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\TextStyles.plist
| MD5 | 7f9f90998dbb72a12f12464fffd40997 |
| SHA1 | 01a41b41e92271eea01f31b208a2c2b47b496b59 |
| SHA256 | 503b82910c0a98e3509cdf590dfa8f722ef149390b260068675fae09c3cf12ef |
| SHA512 | 7c293a39681c386002107aeb852c15ec8b4acea037f8abcef601cc76380f3487f421d267a6ae856df90b10fe8d032852c3650d5feb36f675a524163314e23a98 |
C:\Program Files\iTunes\iTunes.Resources\sv.lproj\[email protected]
| MD5 | d9eb252906d8d98e592ef01034a94c76 |
| SHA1 | 5fd847136846bba1957e2ace9e1d3ec482de2e5a |
| SHA256 | 6f231775671c67eaa458a6a2d1405f3e5c52d56882f5620aa435166f4bfb7529 |
| SHA512 | 7bd132759532496ca864cfff7ad411ff48e3d2a9ab28e3b50afdabe5782d853da52a09f093b25c0d7c60906ce42ae8a28634df363fc6a435962dfdf3ae9faa71 |
C:\Program Files\iTunes\iTunes.Resources\en.lproj\[email protected]
| MD5 | 498055b7ec8f362e71a988ff8c79b517 |
| SHA1 | 4b28c12932e86c68c7acea45303be3900bf987ea |
| SHA256 | 065261151f732d9f8391b0bfc00e71d3dd8e47c84331aa94b58e295782d74a30 |
| SHA512 | 0b7c4dd87fed1ec01b14334e129ac43c598c30a1141bc9831f7b0ad106704072112b36ff4688520d675eb72652ef6a1dc349c95f55f6a59a245c5c151771f0f7 |
C:\Program Files\iTunes\iTunes.Resources\nb.lproj\[email protected]
| MD5 | c6beffb1568071b2fab6f19bb9c875c2 |
| SHA1 | 137ada0e83cce6b784a8d4f345430c28d61944a3 |
| SHA256 | f1b5cce0aece4f65441bb7cbbf86155ad2d4e90b8bbba8252de985ae02d751a5 |
| SHA512 | a1e811646642fbfd11ae794e7c764a3bff39e285f1724deddbf9ed516cfa7929e8ce10611b9d0cc11f6c1944728f4aedca99df5badc72f2878209c3d24b28758 |
C:\Program Files\iTunes\iTunes.Resources\tr.lproj\ViewLineItemRatingE.png
| MD5 | 18109ed593d861bd659055a5bd9db831 |
| SHA1 | 3b2596e909633ca509e857650d7d7c9693987a4c |
| SHA256 | 1c28554bca95dba35ce291c0a42e0810e2ceebe805d63f916b6b7505e057752e |
| SHA512 | 1b8bb8ce363f7b5db7fe6648f518d0d528cb47bc90f5c80e66d8928b79f7912879b1c35ec6944d9ff91cb70c84547b9e46758cdd315e299453016da3cc24bed9 |
C:\Program Files\iTunes\iTunes.Resources\sv.lproj\MasteredForiTunes.png
| MD5 | 67f1b4232079935a9998b0395a6b7c10 |
| SHA1 | ac4bfc88ed92cb526720f9cc9b4a377ae6a7a787 |
| SHA256 | 95f0affa39a202e292a5f630a2524c8de31b6478304e040ef06488d9dd1e9f0a |
| SHA512 | 410e56ec048d2033e7e05202fc09575758d5c5e441146bd89070106108f1332e3ed3b8868238c78f18c0d641898607ecf1c704f51234d741f0693868966b0219 |
C:\Program Files\iTunes\iTunes.Resources\hi.lproj\[email protected]
| MD5 | 7676be0b698ae5a36b25772f547142bf |
| SHA1 | 4f5ab9344fc8cc6de692bce6881878185b96bd4b |
| SHA256 | 946361d40f1b68a0cc29004ad4f55522c648023004e6adc9975e90b6e382657c |
| SHA512 | 09f77f33a281a5d4ab712b2f43f01da729085cbc27a973c8f34e3fe0cab1fc515f9dbc45ef35ed9d0a04aa76cf26e98d0c78e8b1805f12560e2866239bb9248c |
C:\Program Files\chrome_Unpacker_BeginUnzipping2940_544673917\manifest.json
| MD5 | a4edf901d950a9758ffe578ff1b03212 |
| SHA1 | cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5 |
| SHA256 | aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd |
| SHA512 | 835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE
| MD5 | aad9405766b20014ab3beb08b99536de |
| SHA1 | 486a379bdfeecdc99ed3f4617f35ae65babe9d47 |
| SHA256 | ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d |
| SHA512 | bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules
| MD5 | faf01ed2c0020f8fa512ff379d82c211 |
| SHA1 | 233d104dfe718231837e33c5543085b6dba5cd8b |
| SHA256 | 192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750 |
| SHA512 | 8ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31 |
C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\DeviceCapacityBox.png
| MD5 | 8246496c258d58712c0a972bece0d69a |
| SHA1 | 65f4a403895354702552e2769cfe7f480a70ea6f |
| SHA256 | f930036e7cae52b4022d979fdd6274d8604ca4c7e6f14495223dd78c17bc19a7 |
| SHA512 | b1dc4bfc186762e414ece274b158f10fefaa86ec373c732c804381733a7c17cd56e27331ca7381e7e9fb795c04a4a09ac75642684f36f99d4c2ae2871dd8d447 |
C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\iPhone License.rtf
| MD5 | cb4f512972b12e3b783e89704cccea3f |
| SHA1 | e64cd7091224e3449e15e4ea664aef256534183c |
| SHA256 | b636c8c51b01fd142af1134448763dc526041f3fbf635e841b0c2882254d64f4 |
| SHA512 | 8b9abc21f291f53ae89b16f1cd9403bb881f9fa9140cb919e0fd5f4ef8544dca0359b7d5e45f54e3ff74eeccd4d9f0b62494992a58c6e230e4467015a1092988 |
C:\Program Files\iTunes\iTunes.Resources\fr_CA.lproj\ViewLineItemUnsubscribe.png
| MD5 | 001e313e3be5e546cb50d86cb65dec8c |
| SHA1 | e7feac3aa8b53b2670077ae0254a2900ac579467 |
| SHA256 | 59a9ffdd81daf97ceb9e66f1e29b292dcf78373eef8df94038df3845d3e6d5a5 |
| SHA512 | 26329e02aba9b0ed9295dcdc0834a7b2a75aa05843365490ae0d86f787159967943a8040ab425c10266523e15308c6c52673cd2ac5db7073369bd76c0777278f |
C:\Windows\Installer\MSI528.tmp
| MD5 | 93394d2866590fb66759f5f0263453f2 |
| SHA1 | 2f0903d4b21a0231add1b4cd02e25c7c4974da84 |
| SHA256 | 5c29b8255ace0cd94c066c528c8ad04f0f45eba12fcf94da7b9ca1b64ad4288b |
| SHA512 | f2033997b7622bd7cd6f30fca676ab02ecf6c732bd44e43358e4857b2cf5b227a5aa6bbbf2828c69dd902cbcc6ff983306787a46104ca000187f0cba3743c622 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk~RFe5c05e3.TMP
| MD5 | aa37a45a141bd140766ea9e0b790181d |
| SHA1 | 5be27321fb8765d7b9e00a495295d470abd7fa4b |
| SHA256 | db7cdc489871e795ea12e0859fc0a37740d51fdd789997ffba2797c686354db3 |
| SHA512 | 56710e615e68f2a2b25927fbe67663ed992cc1c6b117aebcf2dd223b640f28628a0a5a5f234007dc2f2bdc1a0318cab629d5f70d58741845e66c16fff4409436 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\~Tunes.tmp
| MD5 | 58ac609e9bad28d310049ecf63e14828 |
| SHA1 | dd37a7dd78ffbaf104727cc298c5901e656a9675 |
| SHA256 | e49bbc40398f8f0e608d50f2ae3f0b102c074515aa43efbbbe40343e9583ded4 |
| SHA512 | e59c4dd978c05e9f46ddd54a735898d4661f92a80fac7399c1c97af813663f6c84282630ced5281cbddd1b79638e71d5f99a3fbc8f7334ef23369b36b529afcd |
C:\Program Files\iTunes\iTunes.exe
| MD5 | f76984d6a5d80ead9c597ed723a3a4d2 |
| SHA1 | 161b2b74aded0e27d60ce71e8e1cb81d20caf527 |
| SHA256 | 985fb377ba59ef405cd7591b646cb17ee6cbebdb8fcfa33f4510c6e9ae7dd16e |
| SHA512 | c43903add9fac4a3b1628b32fe173c5a3d9ae2aaec85b3a4530a86b798a5a1db58923750f3da36736b0f04f5180a48a13036a4f4ae66312838feff360b800a83 |
memory/2392-9633-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Config.Msi\e5a9fec.rbs
| MD5 | 43f4a4257d8e8b410543b842de0bc042 |
| SHA1 | 9a2bf42540560f15fad60a45780fc48425661974 |
| SHA256 | a80ffb0784ec1a77cae110736c3b32a5e0500f6b18ddb02505b25520d108d1ee |
| SHA512 | 74bb0040cab14cd9182efa04f3cd8b83307aa80706aa04af4eb266dba770ff7732be13f7e924092900c60af0a426f9453de004b98cb2a1059982e139a4cc450c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | a915b97fb518ddf13fe605d3695a8a65 |
| SHA1 | 5b509a7c5dc097011bf2b179c5960a68ec99e031 |
| SHA256 | 46e04e8b0cddedb1940e5e9892ea9e628588f103ed7321992825b186894dd26c |
| SHA512 | 95321a9494c654ddcb23cf4f66618d8ab3ac9e6fa7bf8c67553cadf8d9179ad7d5691ae8b0ccf1562d8691feeaf0ec8ab10e9ad2240f8724d323a364965d3a4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001
| MD5 | 6567f9952f3ce901f4f7d902f5ecce4b |
| SHA1 | 0324ef45eb1b0471c2934838d9dad03f4e3e5624 |
| SHA256 | d412734531c594078722a99f7779e5524c440ea35c9617ee3cffc4e58dffb367 |
| SHA512 | 5b3073340162825937675ff4a04d9f478cadfa2490b9ace87e6bed5c128544d818105c72d85d180df6f7d9d2802ab8ba82368fab0a83fcaf827ca9490c0c0fc5 |
memory/2464-9676-0x00007FF753BF0000-0x00007FF7561CC000-memory.dmp
C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\Network Persistent State~RFe5c30db.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\3uTools\QtWebEngine\Default\7d57e5da-c031-469c-9130-76b90448db8e.tmp
| MD5 | c9d13cb52b68a92160a269ea151b197d |
| SHA1 | 989b3ae882d689e66d15a620cfcee91b589be675 |
| SHA256 | 64751ca2cebfdb4835433c6ef833ce0ec120126484fa4fe76ff24bf5beff90e5 |
| SHA512 | baf1e67294650d5162332713cc2ccda2fbdd81573ccfccadf642d10f2fd4a6781ebf911bae92ae2458051f18e1c2992b8937301201582769c30b83253bbe92c3 |
memory/2392-9692-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist
| MD5 | 8f770dbbe853e44d5b119b80dfbc62ea |
| SHA1 | 6cee85554518d7a001a00d09f8c9fd1b7b979eee |
| SHA256 | 5ffd48bc774b10ccd5150d2fea0fa472bad76cdc0b59ba06962256f512281b60 |
| SHA512 | 54f36264fb27fb800eb09d6f39adcb3f9da21a89e8e9f586e3f28b96c7dde75fb8a0a8a4bba69ff72a1147e901df16c96b47f7d99defbe4d06cafd1e646271af |
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.iTunes.{d7ff5c23-4699-11f0-92eb-806e6f6e6963}.plist
| MD5 | b7bb7d7d30820631d98427582bbd08b9 |
| SHA1 | 9c5d31925b4fb8708519f0b2605e280e0280c4c1 |
| SHA256 | edf6fbfcc5791e27a928cce556f778cfe4f018218af0042b28e29827f20e24d0 |
| SHA512 | 81dc86ea0687211bf3a0fb3dbd65de6d8c0ad3a2ff7fe5b5607256747d71ebc29a4cd2a0b0f22c8cb9ea06449bc65281a95952d67ebeadc2fd0806d3e3609c06 |
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist
| MD5 | 04010aa78ff3594ae7d857c0889f888b |
| SHA1 | 700fd1b029c521308353da53d45b997d87f917a0 |
| SHA256 | ade9ab297aa240cbde4859da8c10fd0afb558f1a45bee54cbc6760c26aadb151 |
| SHA512 | 620ae78a7c86e720ce9eef678af833c7820570a31e1cf3d5ed97c0a738c7d6900b6d86391412bdb6aaf6032f9bbe0968ae45e8704d7747ae48f72f8dce428c95 |
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa07016
| MD5 | 6fca230932b0014e9bf81efd117d3562 |
| SHA1 | b2f5d4572f20d7fd0126c48c7426808546c384a0 |
| SHA256 | a79d6e66ee0da602d4abbe79a4097953aaccfff60389cd21b6bf966b4d48a56f |
| SHA512 | 31a31550c37c3e2ff813b2458101b2bff1c47bb07f100421bf2059a84fa0289f26e2ebbcf7366a349c48637622f047a4b914b76533e4afbaaf26e79d670e5651 |
C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\C76AC8E10E6A4E6C23E89A2528578CC3DBEB129A
| MD5 | 2bf42b3c6a9b05b410ef0ea68da65b55 |
| SHA1 | 8c4ba5943e8f400a48174d3d4abb7a47c23d91a8 |
| SHA256 | 89c22d3d49c0dde18fe5d5af3bed6d31a553ce2c1f9287c1cfbad41de17cc78f |
| SHA512 | d747b6f60da01b09e8573f3b876a2c000b6f513d3c3344beb7f8be58d79c55fd45295e4594159d99b2c04acba7d5acd1f56fe9749b09be806c2831d42b344f70 |
C:\ProgramData\Apple Computer\iTunes\adi\adi-A0F89D8E.pb
| MD5 | ce0867b34ece588aefb8a1a6803b6115 |
| SHA1 | 09415182a23d780bbf1d0578e484d9ba23b05457 |
| SHA256 | 20487f9dbcb87c0889c35f5d642367470ffef0d1b08b5e702d8e4fd95638557d |
| SHA512 | 7f189837057f13162b384425f673d80ee63581404aff1d01304ad798ce4a32ab9d0f836405030a256655215f2029de90e473c92be5c4cbf582cba9524cf291b7 |
C:\ProgramData\Apple Computer\iTunes\adi\adi.pb
| MD5 | 03dca35d88c4928191a2388914efc8eb |
| SHA1 | a99908cdc112d4f7b03536c97e4c6c2675c4e0bb |
| SHA256 | 0f971d39764ac2a152018cb156797318dcccf881c4e861aa882c2fb0f44ef8a7 |
| SHA512 | e8852724c3b44b9fc18b1e3b9dbfef0f05404090891c91449603930dfcabdcbcbe10dfbdcae00be368390f7a1ad327f77ddedbb121c6eab62e2412bbde30bdc2 |
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\com.apple.iTunes.plist.Xa06592
| MD5 | 84327e37f7eefa3f9dd09273473633e8 |
| SHA1 | b433d89fc99b010c0728233db9b075b82c5f29b4 |
| SHA256 | 832f0c636d358c7a9f11195a842adefdaca394a1e5f6bb85bfe17f9f7af1150c |
| SHA512 | d0cf14111a201b6722ad88d38f0eadf44c206c78c3dfd817a81b8f3d496374eb4978816f200a607aa8ea4108e9b39d8212f14d06c976a1b66b4b921b20688029 |
memory/3276-9894-0x0000000002A10000-0x0000000002A4F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\ByHost\com.apple.iTunes.{d7ff5c23-4699-11f0-92eb-806e6f6e6963}.plist.Xa07016
| MD5 | 357ece18256302fc7a2c2a8a02ea285b |
| SHA1 | b846738435393a2ab34db655c353cacb5f6541c4 |
| SHA256 | 52f7a44fcf01502d64f66e0b640bbebed43ecf06920a5c73366f7fbfcc9f42ae |
| SHA512 | 640980e2034fd94c8f07daeae9cdfda6afc57f5e015112bdd329922a1466d7b51639076dfe30b28801b074dd7c77663976b0439fa36d0034d946bc4fb4cc3536 |
memory/2392-9914-0x000000006EC90000-0x000000006F6BB000-memory.dmp
C:\ProgramData\Apple Computer\iTunes\SC Info\SC Info.txt
| MD5 | b57780f56b4c4b8a2df27c3a4181bde4 |
| SHA1 | 6678066a428462808c92fee74ce2004f835179b4 |
| SHA256 | b6b33ee8d99f0c1278122e9e50b6a9ee47db07881500c11923120a4543df1db3 |
| SHA512 | f081952e0550b23f7156f309a54b9a952f28c2d91b2cc774cd15eb6b496f1888bb050413595d2570224d448a25f9be733860d6b3001c276dc6cfb6cd116bdb65 |
C:\Users\Admin\Music\iTunes\iTunes Library.itl
| MD5 | 0a7f3c59eed45b9f22e2a9efc6b3aef4 |
| SHA1 | 475d45540da8fb6318e59699588cd7d585c0e12d |
| SHA256 | 7681982eb51c0e2e1d36d38e71e8ee4cf9937076efbfa5603603665987c3673e |
| SHA512 | 5f6fc63b9141f13a581b58d4753001ee993f9a75b16e79fe2b64599aea44e045c347c68eb164e2fa060691507d3232366e5aa937664cc74b7d9199a7edc6973f |
C:\Users\Admin\Music\iTunes\iTunes Library.itl
| MD5 | bcaedf3d3c600d13fc7f631e534ec1bc |
| SHA1 | 06c325115f166543596b19af7966ef365b7af4df |
| SHA256 | f17fe485e2d3f3d94b614c07bd4dd1deeeac8cc7490fcf1829847f711093b8d9 |
| SHA512 | cab4dbb054e5a0129861022dea06959b892014f8374120b587e07915df53bed90c2d324d81ea476c3e0a71ef194ef91394c0f73d0a95afbd3626549ae678285d |
memory/2392-9988-0x000000006EC90000-0x000000006F6BB000-memory.dmp