🦑 Tech

Cunningham's law: The best way to get the right answer on the Internet is not to ask a question, it's to post the wrong answer.
The upcoming Y2K38 Epochalypse (like the Y2K problem but in year 2038)
Computer humour
Website Revenue: Visitor cryptocurrency mining compared to advertising / analytics
- Given that many websites need to somehow earn revenue in order to operate (to afford hosting costs, SSL certs, electricity, developers, etc), there are different ways of earning said revenue.
- The common method is via advertising / analytics. The downside of this is that the visitors become the product, and their privacy is arguably violated. Consider the increasing usage of ad-blockers.
- Some sites sell products (e.g. eBay, Amazon, etc). However these typically also use advertising and analytics.
- A more novel method is having the visitors mine cryptocurrency (via JavaScript) as long as they view the site, with the results (i.e. hashes, shares, blocks) going to the site operator.
  This would protect the privacy of the visitors, but use more of their CPU cycles and by consequence their electricity.
  
  However, most, if not all, web-browsers now block this. Furthermore, it seems that that this is only more profitable than ads on websites where users are present for >5 minutes.
How I (displeasurably) Experience the Web Today
Weird sites
Punycode
- Emoji domain
Invisible Unicode characters
Cyber-security
- Test how identifiable you are to websites / trackers
- List of security hacking incidents
- List of data breaches
  - The American "No Fly List" was leaked and put onto website DDoS Secrets.
- List of cyberattacks
  - Digital Attack Map: Daily map of DDoS attacks wordwide
  - Cyberwarfare by China
  - Cyberwarfare in the United States
- Krebs on Security: One of the world's premier cybersecurity blogs
Hardware-level backdoors in nearly every computer
- Intel (ME) Management Engine
- AMD (PSP) Platform Security Processor
Dogs can smell hard-drives & SD-cards & DVDs.
Internet privacy/security
- TOR
  - Onion Services:
    - Short
    - Long
- VPNs
  - VPN Service comparison
  - Go to TorrentFreak. On the right-side, under "POPULAR POSTS", look for "Which VPN Providers Really Take Privacy Seriously in <current year>?"
- LibreBoot
General technology privacy / security guides
- Attending a protest
Mass surveillance in China (example: It is estimated that there are twice as many surveillance cameras in Mainland China than there are humans in the United States)
- The Great Firewall of China
Map of where cellphone prepaid cell service / SIM registration demands real identity verification, some including biometrics (maps on pages 7 & 9, details on pages 22-30) (related report of cell phone privacy across the Earth)
IMSI-catchers: Surveillance devices that impersonating cell towers to be able to detect nearby cellular (e.g. cell phones, hotspots) devices, and in some cases intercept their communications. E.g. "StingRays".
Counter-measures include:
- airplane-mode (though this demands putting one's trust in the software and is difficult to verify)
- faraday cages (e.g. faraday bags, even a makeshift one made of tin foil)
See also this deep-dive into IMSI-catchers (including additional counters) by the Electronic Frontier Foundation
Radio jammers can inexpensively shutdown entire airports, EMS systems (e.g. military & police radios & cell phones, prevent witnesses from using cell phones to contact EMS), and more. Highly illegal, but easy to find from foreign (e.g. Chinese) internet markets. A criminal or spy might pre-install cell-phone jammers along a get-away route to prevent witnesses from calling the police, and prevent the police from using their radios. Burglars use these to disable wifi doorbells (eg "Ring" doorbells) and similar cameras.
Satphones
Printer Identification Codes: Certain printers will mark each printed page with a nearly invisible mark that identifies which printer it came from, and when. This was used to identify and imprison NSA whistleblower Reality Winner.

General

Windows Environment Variables

Remember that there are sys-env-vars & usr-env-vars.

Common Win-env-vars
Win-env-var	Typical evaluation
%HOMEDRIVE%	C:\
%USERPROFILE%	%HOMEDRIVE%\Users\MyUser123\
%OneDrive%	%USERPROFILE%\OneDrive\
%APPDATA%	%USERPROFILE%\AppData\Roaming\
%LOCALAPPDATA%	%USERPROFILE%\AppData\Local\
%WinDir%	%HOMEDRIVE%\Windows\
%ComSpec%	%WinDir%\System32\cmd.exe
%DriverData%	%WinDir%\System32\Drivers\DriverData\

Shortcuts

Shortcut	Result
`Alt`	open the menu-bar on any application (eg browsers). Then notice the underscores for opening a specific menu-bar-item.
`WIN + B`	system-tray
`Ctrl + Shift + Win + B`	restart video-driver
`Win + R + "Control"`	control-panel
`Win + R + "ms-settings:windowsupdate"`	OS updates
`WIN + X + A`	PowerShelll-admin
`CTRL + Home`	go to document-start
`CTRL + End`	go to document-end
`WIN + SHIFT + ↑`	Maximize window vertically
`CTRL + ↓`	smallens window
`WIN + #`	open the #th taskbar-pinned program
`WIN + T + ←→`	switch between open programs
`CTRL + M`	mark text in powershell/CMD. Then `ENTER` to copy it.
`WIN + I`	settings
`CTRL + SHIFT + ESC`	TaskMgr

GKCentral
- /approved/
- /OrangePages
"knowledge bkaufen /article/EDI-27036/en-us" has many goodies
KaderISO contains ISOs
- SOPS > services > search "UBCD drive"
- GKader > location-type > type-resources
- At the top-right, type location-number, & click Search
Filesystem corruption
- C:\Windows\System32\chkdsk.exe /b C:
OS corruption
- C:\Windows\System32\dism.exe /online /cleanup-image /RestoreHealth
  - uses windows-update (by default) to download replacements rather than how SFC uses a local copy. (see also https://web.archive.org/web/20160914084129/http://www.craxworld.com/sfc-dism-commands-repair-windows-10-9584/ )
- C:\Windows\System32\sfc.exe /scannow
  - System File Checker (%WinDir%\System32\sfc.exe) compares and replaces corrupted windows system files with cached versions from "%WinDir%\WinSxS\Backup" (previously it used "%WinDir%\System32\dllcache").
  - From UBCD: sfc /scannow /offbootdir=D:\ /offwindir=D:\windows. Can also try booting to safe-mode or to CMD. If these fail, see log file (findstr /c:”[SR]” %windir%\Logs\CBS\CBS.log >”%userprofile%\Desktop\sfclogs.txt”) reads the log file and then outputs baddies to a new log file but this only works in normal mode not offline mode. , and then manually copy over the corrupted files from a working Windows install of the exact same edition and version ( see https://web.archive.org/web/20160914083033/http://www.craxworld.com/windows-10-install-dvd-usb-flash-drive-9626/). Then takeown /f path_to_baddie to take ownership, then icacls path_to_baddie /grant ADMINISTRATORS:F
Browsers:
- Chromium-based (inc Edge)
  - "chrome://settings/content" (settings > Privacy & Security > Site Settings > section Permissions > Notifications), block baddies.
  - "chrome://settings/reset".
  - "chrome://settings/system", disable "Continue running background apps when BROWSER is closed."
- Check browsers for bad extensions ("chrome://extensions/"), bad homepages.
Advanced Startup Options (easy):
- shutdown /r /o /f /t 00
- Settings > Recovery > section "Recovery Options" > Advanced startup options "Restart now".

Get-WmiObject -Class Win32_BIOS

SMBIOSBIOSVersion : 3502
Manufacturer      : American Megatrends Inc.
Name              : 3502
SerialNumber      : System Serial Number
Version           : ALASKA - 1072009

wmic bios get ReleaseDate,SerialNumber,Version

ReleaseDate                SerialNumber          Version
20180122000000.000000+000  System Serial Number  ALASKA - 1072009

wmic computersystem get Manufacturer,Model,SystemFamily,SystemSKUNumber,ChassisSKUNumber,OEMStringArray

ChassisSKUNumber  Manufacturer         Model                OEMStringArray                                                   SystemFamily            SystemSKUNumber
Default string    System manufacturer  System Product Name  {"Default string", "Default string", "ABNER", "Default string"}  To be filled by O.E.M.  SKU

wmic OS get Caption,InstallDate

Caption                      InstallDate
Microsoft Windows 10 Home N  20241210181242.000000-360

wmic sysAccount # shows permission accounts and their SIDs. These are not logon-accounts.

Caption                                  Description                              Domain     InstallDate  LocalAccount  Name                           SID       SIDType  Status
MyDESKTOP\Everyone                       MyDESKTOP\Everyone                       MyDESKTOP               TRUE          Everyone                       S-1-1-0   5        OK
MyDESKTOP\LOCAL                          MyDESKTOP\LOCAL                          MyDESKTOP               TRUE          LOCAL                          S-1-2-0   5        OK
MyDESKTOP\CREATOR OWNER                  MyDESKTOP\CREATOR OWNER                  MyDESKTOP               TRUE          CREATOR OWNER                  S-1-3-0   5        OK
MyDESKTOP\CREATOR GROUP                  MyDESKTOP\CREATOR GROUP                  MyDESKTOP               TRUE          CREATOR GROUP                  S-1-3-1   5        OK
MyDESKTOP\CREATOR OWNER SERVER           MyDESKTOP\CREATOR OWNER SERVER           MyDESKTOP               TRUE          CREATOR OWNER SERVER           S-1-3-2   5        OK
MyDESKTOP\CREATOR GROUP SERVER           MyDESKTOP\CREATOR GROUP SERVER           MyDESKTOP               TRUE          CREATOR GROUP SERVER           S-1-3-3   5        OK
MyDESKTOP\OWNER RIGHTS                   MyDESKTOP\OWNER RIGHTS                   MyDESKTOP               TRUE          OWNER RIGHTS                   S-1-3-4   5        OK
MyDESKTOP\DIALUP                         MyDESKTOP\DIALUP                         MyDESKTOP               TRUE          DIALUP                         S-1-5-1   5        OK
MyDESKTOP\NETWORK                        MyDESKTOP\NETWORK                        MyDESKTOP               TRUE          NETWORK                        S-1-5-2   5        OK
MyDESKTOP\BATCH                          MyDESKTOP\BATCH                          MyDESKTOP               TRUE          BATCH                          S-1-5-3   5        OK
MyDESKTOP\INTERACTIVE                    MyDESKTOP\INTERACTIVE                    MyDESKTOP               TRUE          INTERACTIVE                    S-1-5-4   5        OK
MyDESKTOP\SERVICE                        MyDESKTOP\SERVICE                        MyDESKTOP               TRUE          SERVICE                        S-1-5-6   5        OK
MyDESKTOP\ANONYMOUS LOGON                MyDESKTOP\ANONYMOUS LOGON                MyDESKTOP               TRUE          ANONYMOUS LOGON                S-1-5-7   5        OK
MyDESKTOP\PROXY                          MyDESKTOP\PROXY                          MyDESKTOP               TRUE          PROXY                          S-1-5-8   5        OK
MyDESKTOP\SYSTEM                         MyDESKTOP\SYSTEM                         MyDESKTOP               TRUE          SYSTEM                         S-1-5-18  5        OK
MyDESKTOP\ENTERPRISE DOMAIN CONTROLLERS  MyDESKTOP\ENTERPRISE DOMAIN CONTROLLERS  MyDESKTOP               TRUE          ENTERPRISE DOMAIN CONTROLLERS  S-1-5-9   5        OK
MyDESKTOP\SELF                           MyDESKTOP\SELF                           MyDESKTOP               TRUE          SELF                           S-1-5-10  5        OK
MyDESKTOP\Authenticated Users            MyDESKTOP\Authenticated Users            MyDESKTOP               TRUE          Authenticated Users            S-1-5-11  5        OK
MyDESKTOP\RESTRICTED                     MyDESKTOP\RESTRICTED                     MyDESKTOP               TRUE          RESTRICTED                     S-1-5-12  5        OK
MyDESKTOP\TERMINAL SERVER USER           MyDESKTOP\TERMINAL SERVER USER           MyDESKTOP               TRUE          TERMINAL SERVER USER           S-1-5-13  5        OK
MyDESKTOP\REMOTE INTERACTIVE LOGON       MyDESKTOP\REMOTE INTERACTIVE LOGON       MyDESKTOP               TRUE          REMOTE INTERACTIVE LOGON       S-1-5-14  5        OK
MyDESKTOP\IUSR                           MyDESKTOP\IUSR                           MyDESKTOP               TRUE          IUSR                           S-1-5-17  5        OK
MyDESKTOP\LOCAL SERVICE                  MyDESKTOP\LOCAL SERVICE                  MyDESKTOP               TRUE          LOCAL SERVICE                  S-1-5-19  5        OK
MyDESKTOP\NETWORK SERVICE                MyDESKTOP\NETWORK SERVICE                MyDESKTOP               TRUE          NETWORK SERVICE                S-1-5-20  5        OK
MyDESKTOP\BUILTIN                        MyDESKTOP\BUILTIN                        MyDESKTOP               TRUE          BUILTIN                        S-1-5-32  3        OK

wmic useraccount # Shows logon-accounts, local/online, lockedout, disables, descriptions, SIDs, enabled/disables-status.

AccountType  Caption                       Description                                                                                      Disabled  Domain     FullName  InstallDate  LocalAccount  Lockout  Name                PasswordChangeable  PasswordExpires  PasswordRequired  SID                                             SIDType  Status
512          MyDESKTOP\Administrator       Built-in account for administering the computer/domain                                           TRUE      MyDESKTOP                         TRUE          FALSE    Administrator       TRUE                FALSE            TRUE              S-1-5-21-2959777188-2462279722-3746928870-500   1        Degraded
512          MyDESKTOP\DefaultAccount      A user account managed by the system.                                                            TRUE      MyDESKTOP                         TRUE          FALSE    DefaultAccount      TRUE                FALSE            FALSE             S-1-5-21-2959777188-2462279722-3746928870-503   1        Degraded
512          MyDESKTOP\Guest               Built-in account for guest access to the computer/domain                                         TRUE      MyDESKTOP                         TRUE          FALSE    Guest               FALSE               FALSE            FALSE             S-1-5-21-2959777188-2462279722-3746928870-501   1        Degraded
512          MyDESKTOP\Owner                                                                                                                FALSE     MyDESKTOP                         TRUE          FALSE    Owner               TRUE                FALSE            FALSE             S-1-5-21-2959777188-2462279722-3746928870-1001  1        OK
512          MyDESKTOP\WDAGUtilityAccount  A user account managed and used by the system for Windows Defender Application Guard scenarios.  TRUE      MyDESKTOP                         TRUE          FALSE    WDAGUtilityAccount  TRUE                TRUE             TRUE              S-1-5-21-2959777188-2462279722-3746928870-504   1        Degraded

A weaker charger (than expected) will cause a computer to underclock itself (shown in TaskMgr, and often also by the UEFI during startup).

Solution is to either (1) use a charger with correct power, or (2) disconnect the weak charger.
Aufkleber-🖨️📄 goes upside down w/ Aufkleber in unten rechts (🦅 view)
Task Manager
- CTRL + SHIFT + ESC = TaskMgr
- use CTRL to freeze the process-list.
- In section "Startup", disable BS.
Games use few CPU-cores; Thus CPU-bottlenecks present as 1-2 cores maxing-out, but task-mgr says CPU only at ~40%.

Malware

Windows Defender Offline Scan
Hosts file
Ensure Secure-boot is enabled.
Chrome Enhanced Protection
- Settings > Basics (if applicable) > Privacy & Security > Safe Browsing > Enhanced protection.

Hardware

Have you tried turning it off and back on again?
Power drain, including removing the battery
Pull CMOS to reset UEFI/BIOS.
RTFM
RAM
- RAM issues might be caused by XMP profiles
- DDR5 & DDR4 -machines do "Memory training" for 15 mins upon 1st startup, to auto-tune the RAM voltage, frequency/speed, timing, etc. for each DIMM. Especially high -speed/-performance RAM.
- XMP = Intel. AMP & EXPO = AMD.
- RAM issues might require disabeling XMP/AMP/EXPO.
USB types
- A = normal
- B = printers
- Micro-B = old androids
- C = new
powercfg /batteryReport
A weaker charger (than expected) will cause a computer to underclock itself (shown in TaskMgr, and often also by the UEFI during startup).

Solution is to either (1) use a charger with correct power, or (2) disconnect the weak charger.
Logical Increments
PC Part Picker: Identifies many incompatible hardware parts, and often when MBs need UEFI updates for newer CPUs.

aufstellen/setup

Storage Drivers
- Get the driver(s)
  - PUT ALL THE DRIVERS THAT YOU WANT TO INSTALL INTO THE SAME DIR!
  - If the MFG offers an option for "extract" or "INF" use that.
  - Unorganized note: Often the following driver will suffice: "Intel Rapid Storage Technology Driver and Application".
  - Else they'll only provide an EXE.
  - Use 7Zip to attempt to extract the EXE for files ".inf" and ".sys".
  - Else, run the EXE and try to find an option "extract".
  - Else you can attempt to notice the difference between before & after it's installed with any of the following.
    - Installed to
      - %WINDIR%\System32\drivers\*.sys
      - %WINDIR%\System32\DriverStore\FileRepository\*.inf
      - %WINDIR%\System32\spool\DRIVERS\
    - You can install the EXE, use DevMgmt to find the device, right-click > Properties > tab "Driver" > button "Driver Details". Shows the files/locations.
    - Powershell (admin):
      - See all installed drivers: Get-WindowsDriver -Online -All
      - Export all 3rd party drivers to a supplied folder (`Online` selects the source to the online OS / that you're now in): Export-WindowsDrivers -Online -Destination D:\DriverBackup\
    - CMD:
      - DriverQuery /v
      - DISM /online /export-driver /destination:C:\drivers\
      - pnputil /enum-drivers
  - PUT ALL THE DRIVERS THAT YOU WANT TO INSTALL INTO THE SAME DIR!
- Install the driver
  - SHIFT + F10 for cmd.
  - pnputil is newer than "advpack.dl", and much newer than "setupapi.dll".
  - pnputil /add-driver *.inf installes all drivers in the current dir.
  - pnputil -i -a myDriver.inf installs 1 driver.
  - %WINDIR%\system32\infdefaultinstall.exe myDriver.inf installs 1 driver.
  - or use WinInstall GUI, note that when you select a dir, it wont recursivly search all sub dirs, only the exact dir level you selected. So maybe just dump all infs and sys's into 1 dir.
Local acc
- oobe\bypassnro
  - If this fails, then PC might be in S-Mode (search EDI for "S-Mode", or "p32ved" on web). See below.
- start ms-cxh:localonly
  - similar to ooby\bypassnro
- CTRL + SHIFT + F3 (somtimes need Fn) = to temporarily bypass OOBE & enter desktop in Audit-mode ("admin-mode") to make changes (eg to delete WLAN profile, install drivers, install software). Note that if the screen-saver occurs then you're locked out until reboot, so perhaps change the power-plan to prevent screen-saver.
- Delete WiFi profile from CMD
  1. netsh wlan delete profile name=* I=*
  2. netsh wlan show profiles
  3. netsh wlan delete profile name=MyWLAN123
S-Mode:
- Enter audit-mode as mentioned above.
- Then, open System > About, and notice "Edition".
- Disable Secure-boot temporarily.
- Sometimes need to also temporarily disable (not turn off just disable) TPM.
- Disable driver signature enforcement (use recovery > advanced startup settings).
- Enter audit-mode as mentioned before.
- CMD > RegEdit
- Make sure editing the registry hive for Windows and not that of the recovery-environment.
- Expand and select HKLM.
- File > Load Hive: "%WINDIR%\System32\config\SYSTEM" (ensure this loads "C:" not "X:"),
- name it "OfflineSYSTEM" to load it into HKLM.
- "HKLM\System\ControlSet || ControlSet001 \ (?SYSTEM?) \ Control \ CI \ Policy"
- Change D-Word "SkuPolicyRequired" || "SkuPolicy" from 1 to 0.
- Click/Select "OfflineSYSTEM", "File > Unload Hive".
- Reboot.
- If existing PC rather than aufstellen,
- Log into PC, verify S-Mode is off.
- Reboot to UEFI, re-enable TPM & SecureBoot.
- Reboot & login to verify still fixed.
Bitlocker: WinSearch "Bitlocker" || "Device Encryption" (the "app"-version)
- https://aka.ms/MyRecoveryKey
- manage-bde -unlock D: -pw
- manage-bde -off C:
- manage-bde -unlock D: -RecoveryPassword #####-#####-#####-#####-#####-#####-#####-#####
- manage-bde -status
- Disable-BitLocker -MountPoint C:
- Advanced Startup Settings (shutdown /r /o /f /t 00) to boot to CMD, this should auto-unlock bitlocker. Then use above commands to decrypt, or File-Manager to access DBU.
AV
- Use "Workstation Apps > Customers Profile" to see their AV.
- Check OLD PC, both Webroot & Trend show their keys.
- TrendMicro Kader
- Webroot Kader
- AV 📧-prompt umgehen: Alt-F4
- Mac Webroot deinstallieren: Menu-bar > Webroot > About > Uninstall
Office
- Microsoft365 com / setup
- Update: File > Account > Office Updates
Win-app desktop shortcut:
- Start-Menu, button "All", click & drag to desktop.
- shell:appsfolder then click & drag to desktop
TaskMgr > Startup > disable BS.

UBCD

Boot via waldo, else UBCD might not start (like what happened with GC).
File-Manager
- DBU
  - wmic desktop get name,wallpaper
  - ! %OneDrive% ISN'T READABLE BY THIS, MUST BE DONE MANUALLY !
    - https://onedrive.live.com/
  - %HOMEDRIVE% for any unusuals.
  - %PUBLIC%
  - Look through program files, program data? idk
  - Browser profiles
    - Firefox: %APPDATA%\Mozilla\Firefox\
    - Firefox WinStore: %LOCALAPPDATA%\packages\Mozilla.Firefox\
    - Edge: %LOCALAPPDATA%\Microsoft\Edge\
    - Chrome: %LOCALAPPDATA%\Google\Chrome\
  - %HOMEDRIVE%\Users\
  - There's an undo-button that can be used to see what you've done.
- VSS using button "Shadows"
- VSS supposedly also backsup userdata (unverified)
- Shadow copies are saved automatically & randomly in the bg.(also manually during restore point creation)
- Can roll-back the registry using File-Manager>VSS. Don't bind to OS when doing this (if you do, just unbind using `mountos /u`)
- If no VSS, then check `%WINDIR%\System32\config\RegBack\` and notice the "date modified".
- "%LOCALAPPDATA%\Apps\" a legit place, but sometimes remote access apps like "Screen connet" & "Primo" reside here. But also legit apps.
Stiefel-Mgr
- columns "SM" & "SM/N"
- Custom filters
- Can right-click and web-search exe names etc.
Stiefel-Profiler
- Helpful when unbootable, or only to SM.
- Use right-side "playback" to see what the last successful thing or the last (unsuccessful) thing was
- Useful to see what slows startup.
Tools
- Windows Tools > Debugging Tools. This is for BSOD inspection. File > Open Crash Dump > C:\Windows\MiniDump. Click the link "Analyze -v". Notice hardware ID"; Google that to tell which driver caused the BSOD. Go to DevMgmt.msc and pick the driver and select the tab "Events".
- CPU-Z also shows RAM info, R/W speeds of stuff connected to MB.
- "Windows Identifier" to ID what's causing a popup window.
- SAMerai (security accs mgr)
  - PW resets of local accs
  - online-acc, do the normal "Forgot my PW". Alternatively, bricking for 1-time PW-bypass (need new acc after this)
  If this fails, then
  1. either
    - (A) boot to the "Enable Admin Tool"(KaderISO)
    - or (B) enable the local admin acc via edi-1890?4?
  2. Either way, then login to new-local-admin-acc
  3. open admin-cmd
  4. `net users` and note the user whose PW you want to reset (eg MyUser123)
  5. `net users MyUser123 ""`
  6. login with the new empty PW.
  7. Disable the local-admin-ac:
    - If used the "Enable Admin Tool" then there will be a popup with a button to do so.
    - Else if you did it manually, then you may undo it via either PE | CMD | RegEdit.

Apple

Apple (click to show / hide)

Mac PW reset:
- If Apple-Silicon (ARM based CPU)(new): Shutdown, hold power until "Loading Startup Options". "Options > Continue"
- Else if Intel-based CPU (old): While holding both "CMD" & "R", Neustart, to boot to receovery-env.
- Select "Utilities > Terminal", `resetpassword`. Select the acc to reset. Set new PW.
Webroot System Analyser: Works on Mac too.
Mac
- OnlyX: Routine maintenance & cleanup.
- Seagate File Recovery: L1 data recovery
- Activity Monitor: basically task manager
- Recovery Environment
- Disk Utility
- Finder > Go > Go to Folder ...
Apple DBU:
- "Migration Assistant" transfers profile & programs, over direct connection or flash-drive (WiFi has issues)
- Migration assistant:
  - Might need Apple-acc creds for the doner-mac.
  - New's OOBE, select Migration.
  - Old-Doner: Use top-right search/magnifying glass for "Migration Assistant".
- Afterwards, on the recipient, go through apps and remove any that are crossed-out (incompatible with recipient) to prevent confusion to cx.
GSX: Apple's service order system
Atlas: Apple's training program
Apple lingo: KGB (known good board), KBB (known bad board).
Apple HW Diag
1. Install latest OS updates
2. Shutdown
3. Connect power
4. Disconnect unneeded peripherals
5. Determine CPU-instruction-set (Apple-silicon-ARM vs Intel-x86)
  - Apple-silicon-ARM (new)
    - If it has touch-ID: Hold that & press power
    - Else if it lacks touch-ID: hold power until you see "Options".
  - Intel-x86 (old)
    - Press power & immedietely hold "D" until you see a progress-bar or lang-selection.
  - ancient
    - Hold "Option"
6. Progress bar is the progress of HW diags.
7. For details, see https://support.apple.com/en-us/102550
Mac Malware removal
1. Run an approved AV
  - AVG
  - Webroot? (System Analyzer might be free)
  - See KaderC approved above
  - Tell Cx to run MalwareBytes
2. "Finder > Go > Applications", move any baddies to Müll to uninstall
3. Empty Müll.
4. "System Preferences > Security & Privacy > Privacy" In the left pane of privacy-accesses go through each and look at the right pane to see which apps have access to it. Remove any baddies.
5. "System Preferences > Users & Groups"
  - Remove (via the button "-") any fake / non-human user-accounts (call cx to verify).
  - for each legit-user, select the user & from "Login Items" use the button "-" to clear any sus entries
6. Activity Monitor, sort by process-name, kill sus processes like Vsearch, Conduit, MacKeeper, etc.
7. Empty Müll & Neustart.
8. Check browser extensions, homepages, toolbars
  - Safari
    - Prefs > Extensions > uninstall
    - Prefs > Websites > Plugins > remove baddies
    - If homepage is hyjacked: change in safe mode.
9. Check the following locations for startup-items (possibly malicious, possibly just slow down mac):
  - /Library/LaunchAgents/
  - /Library/LaunchDaemons/
  - ~/Library/LaunchAgents/
  - ~/Library/LaunchDaemons/
  - System/Library/LaunchAgents/
    - (should only contain "com.appl.*" and similar)
  - System/Library/LaunchDaemons/
    - (should only contain "com.appl.*" and similar)
  - /Library/StartupItems/ (pre v10.5)
  - /Library/PrivilegedHelperTools/
10. Check hosts file
  - "Go > Go to folder... > /Private/ > Go"
  - notice dir "etc"
  - give yourself edit perms by right-clicking the dir, get info, sharing & perms, click button "+" to add yourself. (note that you need RW perm for the entire "etc/" not just perms to the individual file within)
  - remove any sus entries within the hosts file, eg AV-sites redirected to ".xyz" or Google-sites redirected to localhost.
  - Remove your recently added perms to etc.
11. Advanced
  - boot normally, terminal...
  - ps -ef; ps -ef | grep -i MyBaddie123; # record PID & file-locay sudo kill -9 PID_of_baddie; sudo rm -r Dir_of_baddie;
physical repair
- iPhone SE ≈ 8 (same internals)
- screen fix:
  - 12+: Heated Display Fixture (front button 🔴)
  - 11 & before: the metal low-tech separator

Closing Template

Closing Template (click to show / hide)

New setup

Data transfer

From

amount transferred

Keep source ≥2 weeks.

OneDrive:

N/A Activated At Pickup At Pickup to finish data-transfer

CPU:

- PASS FAIL

RAM:

- PASS FAIL

Drive(s):

- PASS FAIL

Malware scan

found #

removed #

Tune up

Installed...

MS-Office Setup:

N/A Activated At Pickup

Updated...

Removed...

Defrag/TRIM

Restore-point

Cleaned Physically

Completed by

Return 6 month for tune-up

SSD recommend

Beware Win10

Survey