Malware Analysis Report

2025-03-14 23:15

Sample ID 240407-w291waah9v
Target http://altstore
Tags
persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://altstore was found to be: Likely malicious.

Malicious Activity Summary

persistence

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:26

Reported

2024-04-07 18:37

Platform

win10v2004-20240226-en

Max time kernel

606s

Max time network

602s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://altstore

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\AltServer\AltServer.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AltServer = "C:\\Program Files (x86)\\AltServer\\AltServer.exe" C:\Program Files (x86)\AltServer\AltServer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\AltServer\libcrypto-1_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\ldid.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\regex2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\AltServer.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\plist.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\imobiledevice.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\usbmuxd.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\WinSparkle.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\brotlicommon.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\MenuBarIcon.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\libssl-1_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\zlib1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\brotlidec.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\MenuBarIcon.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\boost_date_time-vc142-mt-x32-1_70.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\ssleay32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\libeay32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\cpprest_2_10.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\AltServer\brotlienc.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e5b4786.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5b4786.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b4788.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5b4785.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{619A4470-A1F7-4782-8C44-523980FAE4C2} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8A6A.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008fdc540eeb98985f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008fdc540e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008fdc540e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8fdc540e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008fdc540e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 26640.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\AltServer\AltServer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2256 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 2932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 3868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2256 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://altstore

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd84e46f8,0x7ffcd84e4708,0x7ffcd84e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\setup.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\setup.exe"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\AltInstaller.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\AltInstaller.msi"

C:\Program Files (x86)\AltServer\AltServer.exe

"C:\Program Files (x86)\AltServer\AltServer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.apple.com/itunes/download/win64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd84e46f8,0x7ffcd84e4708,0x7ffcd84e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4296 /prefetch:2

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.176:443 r.bing.com tcp
NL 23.62.61.99:443 th.bing.com tcp
NL 23.62.61.99:443 th.bing.com tcp
US 8.8.8.8:53 176.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 altstore.io udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 104.26.11.15:443 altstore.io tcp
US 104.26.11.15:443 altstore.io tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 15.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 3.162.143.129:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 129.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 79.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 cdn.altstore.io udp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.176:443 www.bing.com tcp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
N/A 127.0.0.1:27015 tcp
BE 23.55.96.225:443 www.apple.com tcp
US 8.8.8.8:53 secure-appldnld.apple.com udp
NL 72.246.172.232:443 secure-appldnld.apple.com tcp
US 8.8.8.8:53 225.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 71.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 232.172.246.72.in-addr.arpa udp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp
N/A 127.0.0.1:27015 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e3dc6a82a2cb341f7c9feeaf53f466f
SHA1 915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256 a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA512 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

\??\pipe\LOCAL\crashpad_2256_XBJRTJFGSOUXYWYV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36bb45cb1262fcfcab1e3e7960784eaa
SHA1 ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA256 7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA512 02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\afb59342-2fd5-4568-bc70-f3c29c422258.tmp

MD5 5b17f8e2c89357f6e128625d05e9e31d
SHA1 2377315c09417e30bc0bf693e517ae92dfdb7dc6
SHA256 3d17f882c049799e33acabf15ccfd2eda1f05f97d5869e73e327e9fce2bb2a8c
SHA512 0423c4c1d5a1963f40321f12c424ad29e0e5f8072fb323e8f672cee789bb657c548fcf7180e181b124304739755749323993f4aa3c42b0b302902a2fb1b4652c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8c04cb70621c0f36b3ed18395f33c392
SHA1 b718d114be640ace282f3f6fc91dcea8d92e82fb
SHA256 3d3f57ca6e6ec1246bb56ffc3cd4d6f72ee6cc2721f8e09838394652e219a5fa
SHA512 edf7c1769735c998b316bfc60135dcf03763516c2d0f12008b5391e0c3c6f9749b1ef028ca9500f83c21df52572fa3b86f07d48671dd5bae4894ccdd89dc41b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 375e7663f191720caae8208076e1d0d9
SHA1 0b3f923c33e83d47508de9ba1b06cd33654664ee
SHA256 7b729cadfa366424134d1523478fb34bf002d3e5904eb9c4b50d0ab2f7964934
SHA512 e8da1c1d64663b9888daa60ec19d2cadd57807843747eddb28f5d7fd63c830de47f6639d375d8e5ca9c7f09993434467700310268c748346ff6f04cfcdc38bfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d25c8e47127baf7d943c3ad8be1e174a
SHA1 d16748d279648c76c337128c361d99be625efe99
SHA256 b6d671941dd8a91915ef5f8a88542bc40bdce6e0b64e2f1ca27145629579457f
SHA512 3b543f0cb5196e3b4908cd9bac514af56dd9b75755788b266cfd572c735935841fafaaa43b7f23dcd38a0a85aa6ed0644587afefa773fc10c779e51973ffd2f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7398bff0910e3d23d0670fa7025393ec
SHA1 b86f435ba08d2be0118ca09ab0d2b1a700fa04fb
SHA256 1fa6da9e03fe8c59a49854382c56a30507f8425f340659d52b66585b12474413
SHA512 c50821b8b68b4382ef4d7578ace9924122738d62ae21cd52c078a7ba4147c3b340ef9c2c74c3bbf3f825dcbca6ced60e21278d3be547e1393b67589a392dad4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 452726c7a3a6eb1293269d70fe1da02b
SHA1 88a2fcab1f0e391225395f849fdd509971c28df7
SHA256 79afb405dc9e1150258f5346da9c37df3faa9eea94411c86d443d240816e571b
SHA512 dbfcccd5919f8ccbd89649293a7fadad4a7bb48700f871bcd293444034931f9e73acc6fc28d0c664f2769dc88f4030aac0a9d50b0dfd98cb50bf5e7d89654331

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e71a055ab160d8f00c6bfc797737b33
SHA1 903854938557ced7fb8e9f2bb1ff5ead45bef1c6
SHA256 1f1d595e21a0c9846f74072e609060ac3d777c38e318e99643b04fa3bdd8c295
SHA512 52a946b9f98c8f4066bcb7236eeafb584aae616eb73946ad2a03726e28906315fbfc4d5e696ac5028a9244a06c9c2088cb3eb4df529fea94f7b0901dc80168da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58582d.TMP

MD5 d597d34caeb78f49f7edda4f8066b65d
SHA1 65f7fa662116c5fec0dd8b9a9caeae4c671fa786
SHA256 6b0b36dbd33c91bcfc3fce67e2120c08123e5083125ec856b530f8e1ed1b481d
SHA512 2ae2efd64f582504925e861fbaeb7d0ba1d94e215e4d510843381405428d7d7da8f4227f869f7de230990dddceaeda8082d1cf82860cd4b736e4bdcda546b0fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\766e0ddf-b02b-46dd-8bf7-9007e23be15c.tmp

MD5 cb850a528edc0f35197e2584821608ac
SHA1 535a387e6c7496a8dcbe499a8ae31e097d095360
SHA256 254025c279fcba39bfd5ce79e798a5de48be32651380062005ea39607bb4780a
SHA512 140614f1c1e5d7abfdc2aeff949cc363ba4916d80258dc0e82af6564e129188a464fdd9f89bb200e3ccae6752698dc61e138595b420a5492e1a0e76a695ba8c1

C:\Users\Admin\Downloads\altinstaller.zip

MD5 caf6dc57668b89bafe51a0e65aa6aa05
SHA1 a81475c1ff6dbcdd5d6690877da54978d3a6d5e6
SHA256 12c2f14f920e8378f5e4479df718dddd6da35041f4c65d5ca4472d4814a148b7
SHA512 ff3a1c47d54cd79bcb09a80de0f444687921c62717a7a6943d1955352870b9708a1c279fecfd022874ad9868d0a896c69c017482ed02c3a6007b0c44712731f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b3262cadd96d52c9429083901694f85c
SHA1 585a28175eb1f326d2273fdcb99cdbc5333a85bb
SHA256 7d0f044134daaa13e0523a2e7d9299495780023254686d9d2b3a4578533afe71
SHA512 c394892f4854d8f0f4606d3761188830e4c28649bba2a9af3100ebef42e858c16dbb7cf9da5937943de68859557c3edf57b9a6f072d28788bfd87126b794b469

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0eb06b22b95c155bf1b302dcd76f1841
SHA1 6909f391927252ecd6656ee267f4d3762e1cce95
SHA256 5722554667c045855fc69787999eecaade8cf4d713bb41a2fd4422d6182b6298
SHA512 57febf42a190108ce4c607a94b8da8de3fe8a1a70e9e54632adad48deb8e7af2d4505a890e4453bb76b9ef90312c8e4e78b4df51b3ec3ee7243521a92ba47626

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f268bcad9855b1e0f20ba115f0ed926
SHA1 dc26240e0507b4bdc58eae47ea28eb558e436bd4
SHA256 343aaa7aae88621f3c10ae780996064e49cb429c531f2a1a7d77b528436ab377
SHA512 c842b5d419198dc8b9e98267113daac6fe8b1a60f9936cdb09255a2714f2757e6661e75bce821431b37f5061ec8b8658fbeb3210f805ff7543e3835c5ed46240

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 50f2c107c8ca67ced53406bd4839ce35
SHA1 719c297347321427f0fc21d661c589cddf2aa304
SHA256 00247739f3f83562f2d8f696254ca12fcc977a96c21b43c996ade58420756f77
SHA512 22501946188d6a3384f6a408df4b4bf84c301ed6ce2668d39605887b615dc91c7c525edda0ed3b5601d74a9136a0e48e226ab93745ffc45526f6c6ba0c80206c

\??\Volume{0e54dc8f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e7cfff6c-cc84-4c2d-b5e4-69d31a6648f5}_OnDiskSnapshotProp

MD5 b1a66980021e8d04b17587aae23eb900
SHA1 530f6f936d334c56b639fc96e30bcda78fb534f5
SHA256 0bfac1b73a7d703df37fe17b43531e7e991970dc56f1bc7562a3e65ce1e2c68b
SHA512 73db3d9ab1d6f6b03e5e155c7a98f8f9b7ed2d53ef82ac762d3b8f2537002616837fcf67ec9c2bd1a5ac4e885f534a899ca7a5ccd75e4e8e84c48642cd046a01

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 1e58ab4215b4ab7269bb048057a454f0
SHA1 7525169e3383308560317169727050b20c9a2bd3
SHA256 b60654fa89e900fbe89a22b2a68a6adb96b3fa58bf46df2b73defb340a89d737
SHA512 69bbf9a9588888a7767a8d075785a3e36ff008cc1607829d8537981378c51c09a2978d42af80281be85e68d1dd61f0603c634bbffb420671ac678c093d14d577

memory/3056-378-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-379-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-380-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-384-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-385-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-386-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-387-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-388-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-389-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

memory/3056-390-0x000001C5C4360000-0x000001C5C4361000-memory.dmp

C:\Config.Msi\e5b4787.rbs

MD5 ed78a2d5489ef1a0d5d6dcbdd51fceec
SHA1 8952e1d5697a433e7dc9ebeca50a634b92242aea
SHA256 f7a5621dcdb366c5008bd8af41bf32edd8e77d3746a39984ef31ff5bfbb771de
SHA512 a6495be462ca329ec83b4298c8b45b6ac5d8e42ac1c013eeb37d46156dbc01e1ba0401d41a96ddb086433bd7746b6a267b823ce58561a4a59fd3ec20be930b3e

C:\Windows\Installer\e5b4786.msi

MD5 69283c93e4313778fb572173c2eda692
SHA1 02ad06ff30a170a58fdb4012a974ea593830beae
SHA256 76098686faa6dfad700cc667fd26ff975fd02602bf7ff6a4a0d57098d029519d
SHA512 ed98dd4b32959802f3ebc0e1f79801f70823b47b6847fcc7f6d8a01ba88ad2e2b2b5061eb4aabe567962d7b8c156f42bedf0918b1f41c9ee37a2772827e7849b

C:\Program Files (x86)\AltServer\AltServer.exe

MD5 0db5ad2cd60c9dd142bef768045bd35d
SHA1 3b2e8f904fd8edfdfab619374e5452ecde7c2580
SHA256 8c0625e8a583aadf95e604a53480eaf11d717647cfb1457eefafcebb226d7c82
SHA512 4274daab85c9064548150a48d55667a3a216ef031751ce3c553f5d6849bc360bab6a67ea9d164aa2ed4373aef115c89d41a1f36633b00e86f60f848e4eed03db

C:\Program Files (x86)\AltServer\cpprest_2_10.dll

MD5 de26497dc1f01a049e3838e28cf4a5a6
SHA1 0565c72d10c96568fa1094462c9da9e49a3c5678
SHA256 ccc50608446d380eea652fbc0069fee19a890c3b6f33ccce94ffb34d04c1beec
SHA512 546e8aff0ccdec6bda91832ab33ef87f751f9b8a1df26468b7439a4c7726300843a7630551c9f6221a0e07b792f86faa33344418f60b5c94ac1e3f7ef2e8811d

C:\Program Files (x86)\AltServer\zlib1.dll

MD5 b3f72b6cce47efefa9f5224aa668401c
SHA1 18ff2b82b11a7d6afbe772a575281ff9f7d2b895
SHA256 08e31facdf08916482372da2d4a7ddcec40edf8e1fab985773ed99d4c109248a
SHA512 97459b40d352f2b8bc5a88c6972c23e54e1350df0752f7969cad7dd444c12662d753fe9dff3b09afbbdc506efabf310a81347423b93c6df9361e5bd5c142fc74

C:\Program Files (x86)\AltServer\brotlicommon.dll

MD5 94bea13bcca18f53853e676015963d7c
SHA1 c1825db94118576f7f932c3a33163d24bb1128d5
SHA256 1df8e66ef439e57d9eba688abb4b463d7c0b627265bdc633405e223f76e04884
SHA512 2f6a9a33f4cd207c03089a8c5c6f7ccd40f7e2b6f331476986f55f08da4cd559ee703afcaf49d58256022177b865beddd434ce5a2b601d8585c16041732e3bed

C:\Program Files (x86)\AltServer\regex2.dll

MD5 547c43567ab8c08eb30f6c6bacb479a3
SHA1 e532e5a3e74926f6a750b3a80d3ea232dd251e4a
SHA256 3a71bf90e8bddfb813b44f9cbcecf431311a7979c1debc976767b3e5e59031af
SHA512 bff4b9a92ab9954da46b0730c42da52342a2c4d0db0d052031299cac0cbe5001cffb976b84a44d06b2105de0957c3fdc2408fd640eac8230dd3341be286639db

C:\Program Files (x86)\AltServer\libcrypto-1_1.dll

MD5 d5a5e2b8e937e31c881dafd4179f5536
SHA1 8e2fa5c30b71da58196c2033be847937b3d0ff0a
SHA256 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3
SHA512 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268

C:\Program Files (x86)\AltServer\usbmuxd.dll

MD5 c11340d2a0c982df06ab9cc6ee95539d
SHA1 27e232d3e4f5aa0e955382fde78ccfe746992d4a
SHA256 c09be1a59267207e2c0ccf384739f1cc88d1d95fcca694cd2ee5699228ed5eb6
SHA512 fe0795412aef5cab4d1fdac8a1adc7815a1f9da9aee94672f8107e4d6db7bcaba2ee7c1759d5984f055734d5d93f68d7237692b99dd8660a9f2e5fc81e73aa32

C:\Program Files (x86)\AltServer\brotlidec.dll

MD5 25a9a1077d3c46fc2c6cb399efc04783
SHA1 f4f7060b77419eb97a9888a09fb102cfab93d37f
SHA256 cba318b29eb0c7854f9a6dd7eb3f86d22fa4d833395a1e631b9115ebd796cff5
SHA512 d0398e86bd0abd0f5f2426387196409c6dd93834b5ffade2413eb596f62cf5587b24e4c8eef85aa82af7be060678b5fb3c112bef218939fdc30f294c99bda61e

C:\Program Files (x86)\AltServer\brotlienc.dll

MD5 faa8afec0d4ab40ab01525a8aa730b86
SHA1 69ee9dcf5cb40b7acdf70927185c24f031ad6adf
SHA256 c213826bf0a1727bf0fc7a30af2a30a68474a4a4906df6c84c733598b682341b
SHA512 d1941157c56f51608f6b5ba52a7ab0e3cfa194dc0ec8399482fd4a160f8ac1328d802cb77277ad601d303b3e3346e0c4cf3fc516180ed0a105627fc00a7fbe2e

C:\Program Files (x86)\AltServer\ssleay32.dll

MD5 284e004b654306f8db1a63cff0e73d91
SHA1 7caa9d45c1a3e2a41f7771e30d97d86f67b96b1b
SHA256 2d11228520402ef49443aadc5d0f02c9544a795a4afc89fb0434b3b81ebdd28c
SHA512 9c95824a081a2c822421c4b7eb57d68999e3c6f214483e0f177e1066fe3c915b800b67d2008181c954ad0403af0fa1ade3e4ea11d53ab7e13f4a3def9f89cf4f

C:\Program Files (x86)\AltServer\boost_date_time-vc142-mt-x32-1_70.dll

MD5 08a6e762f1f334c267a22fee50b21800
SHA1 9a86a272df68840374437436511b48a0c49c4c77
SHA256 daf2db7f4e973e181ffb0a7625f813863a2561e08c1350571d4a498499a3cd82
SHA512 6572889143d68c130f383d335044475d549a2ae2cb2d2b3e326d613e4db7aab17eb4ee34300bd520da18436acc43baf553a2c9fdcddab73b8a9ded556c1dd33a

C:\Program Files (x86)\AltServer\concrt140.dll

MD5 9ad549c121108b3b1408a30bee325d08
SHA1 898ffc728087861e619dababd8e65cc902276d06
SHA256 263975e4f5afc90e91f9f601080b92c9fbc5e471132f63ad01c6c4f99b33b83a
SHA512 9a9005acf2af86d6a0a95773e968d98e90b7e71e8e71d58949ff51aad49050dca57d94a19671b1b5026bd74e7b627f31d0c8a50bb66ab740d629022c3a95d579

C:\Program Files (x86)\AltServer\libeay32.dll

MD5 de484d5dafe3c1208da6e24af40e0a97
SHA1 3e27b636863fefd991c57e8f4657aded333292e1
SHA256 007342c6b9b956f416f556b4bd6f1077e25bd077cc4f4ac136e3fccb803746e3
SHA512 e871ba131965331dcd6e7ae0ef02734e157676c7d2bba791dae274395eaac90df3e0851bd67f1e12461287860281d488e7e82c9c11cbf4657052eec78f678c3d

C:\Program Files (x86)\AltServer\ldid.dll

MD5 22fd47b58d6648d3a62618ccce0557a7
SHA1 e5ea28bb126e286f681221c7b0f80d5551aa77d1
SHA256 13ccbdee289958526f19c93f872d121c8bb8a86103b3dbc6e725e6ab3ca17ea4
SHA512 44bca68bcad0395a90eede7dec157ae079b70f4145f4304f612ff3d02b566334eb1eb8466e81c64120be91f00a6bbe5cac34ee296e075df0119ac11380230fc9

C:\Program Files (x86)\AltServer\vcruntime140.dll

MD5 1a84957b6e681fca057160cd04e26b27
SHA1 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe
SHA256 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5
SHA512 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

C:\Program Files (x86)\AltServer\msvcp140.dll

MD5 8ff1898897f3f4391803c7253366a87b
SHA1 9bdbeed8f75a892b6b630ef9e634667f4c620fa0
SHA256 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad
SHA512 cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

C:\Program Files (x86)\AltServer\imobiledevice.dll

MD5 fc4ccdbf0f573ab6d682a638ea49a868
SHA1 78d5d05879207ef2e1ad0a4c7769de58529fadbd
SHA256 81a4913ee2b5fabd598833223c7bfbb7e4a27030e104407318c35c8ae898ab64
SHA512 2e91241e55ce841d6116af3d3234258c2d4b4dedfdcfbd0b37b35c1ab981e56d081693a5e55217d6099225c929438420ffea50f94d388cd6006d88e508fb4015

C:\Program Files (x86)\AltServer\WinSparkle.dll

MD5 1e1f8765992bfc5b7326a03fbe7ee9ad
SHA1 af44a147f18ddf073414d22a550379f5233e414b
SHA256 14d9ada9fd17ad089d7dea3a4b6e7117f132b23cd150323c60df5ffda5c72b6f
SHA512 4ecadc62edc1525b4d3f4183b14b79cc7959e4b6134da8e359686003f963ea1a0b993c24a944f2e703ba1db8e73c366b0351e0f3953b0d82131237953eff7cba

C:\Program Files (x86)\AltServer\plist.dll

MD5 3c6548478f160c23caa5bbc7da08894b
SHA1 6537259f8e647efb5d18ce537602ff02854f6a7b
SHA256 8eb28214b9b115eafb4af5ec90179121e81541ad912b95ab4467c723a217d99b
SHA512 3235d560ef0556e51f902d94a163630a4871e2f3e2812f5f7fd04d97ef7d777f3a72780bf8369b6e5b20514dac1d4703e51cec7fd0c5104c2993e28cec9857b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 df7f5180e4ddb329fe8fd8d9011ae394
SHA1 3bfb4ec2c4ed74bac45eee63b6c92937e2c49ff1
SHA256 1f90146f7f2dddff40dc21ea95941c85f3ee98d621f0d1076ac2428da528506f
SHA512 acbb03e5352ff07819c916d93b2552f0918d47f03c8dddcee133155457e09afa68367128139a7595f849c6da62d950e8b5e1f269ff2f1a54c2415acdda52cf81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 97a504d4652ea0aadd92dfaa297aca77
SHA1 f90f3f5a49125b44dd42be9886f08335529b8a84
SHA256 b5094802148d9fca7e6749e88a9251cd6de7a322a4dc078434e720e5f1b96585
SHA512 c1573ae938a3a8ad92c6e1616568269512a27af54cae5db6c09ac413044b579f932460eac2a1aba229e2fdc87ba83a8a88271b58827c0839adb8db44dacff4f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0a72b6ccd4dcd77b19b30b1d34507d3
SHA1 e333280a93ca89f292e146d1b6e0c6a05aa1d0d7
SHA256 ca964aabe2720f0fa3158d343abb70bfa10fff6c8aa0f2750bb8e109c54c0a51
SHA512 5a4155fa6eca9b9c0441ef2e6505035b134d0bf2a00325ab885134930fadf7404a1a83d6c8df027576c866ad676120a17692e6b01d5647bc482b16cd9ce277ad

memory/1744-500-0x000000006C700000-0x000000006C719000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24398b9424c613ee25bdcc62fa7d45e6
SHA1 2fa3cf11e554813071fddc6c70648974b60d011b
SHA256 babe9223a249aa2eecadc67f10f8cb426beb9bc11fd94252b2a7be72380890af
SHA512 8068503c231dc2b31dde1102a014c3c6c6dc99645b4747ebd9098ccee115f790b994de37188c4f9062af49bfeb4b9e23685a9579080f5330417f8b4676a0ebfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 300626f161af54ba412feee0182a5898
SHA1 3a99853f77790db41ae126f6867d8a0a51b554df
SHA256 f7f92818e5131b439782721eb042a02ced28b3f461fd2761f8042cdad11b4b4e
SHA512 86b5a26642d87e4198148c97d959e77c80fa9b10c94f0106f7578588c195816f5dcd2c00443df08ca1fef089912539f5ac9cb1a12b5bf155a9afa40b21829367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 971922597cf781e3d8a77b23eeb51c15
SHA1 b9a7dbfae032b4d6537e2f438a4f81395d1ad50c
SHA256 3265e94681d643e8d50bb8277e42fd8b3ec7324e494f8f766269ed531a8fccdd
SHA512 085143e3083f441e4c5dc263674f40f94c4bd22e600883d7ef05ed177dfa4c16638d72fb1cc3432a4820f6e41aa3625bfd99828be288fc10516eefc0170e49c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 148ed1cac84f590359701f56db63f52a
SHA1 e7bd0e3b320dd59ece42fc56bf81b9870eaa9578
SHA256 f2639167527c9496890670d6c3eeef6ba1306db0f23ea641d4c297ff925a5b93
SHA512 32fc3c7a98ee0d88b600be746cab6170c3c11478138a7a79e4a817e5e190743b4b086af866bd1a737829cfba7cf0b493e9e3186693228063e91cca04257a4606