Analysis Overview
Threat Level: Likely malicious
The file http://altstore was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 18:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 18:26
Reported
2024-04-07 18:37
Platform
win10v2004-20240226-en
Max time kernel
606s
Max time network
602s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\AltServer\AltServer.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AltServer = "C:\\Program Files (x86)\\AltServer\\AltServer.exe" | C:\Program Files (x86)\AltServer\AltServer.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\AltServer\libcrypto-1_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\ldid.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\regex2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\AltServer.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\plist.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\imobiledevice.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\usbmuxd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\WinSparkle.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\brotlicommon.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\MenuBarIcon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\libssl-1_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\zlib1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\brotlidec.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\MenuBarIcon.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\boost_date_time-vc142-mt-x32-1_70.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\ssleay32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\libeay32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\cpprest_2_10.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\AltServer\brotlienc.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5b4786.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b4786.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b4788.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b4785.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{619A4470-A1F7-4782-8C44-523980FAE4C2} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8A6A.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008fdc540eeb98985f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008fdc540e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008fdc540e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8fdc540e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008fdc540e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 26640.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://altstore
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd84e46f8,0x7ffcd84e4708,0x7ffcd84e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,6923859878224225128,13530128482716665162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\setup.exe"
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\AltInstaller.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_altinstaller.zip\AltInstaller.msi"
C:\Program Files (x86)\AltServer\AltServer.exe
"C:\Program Files (x86)\AltServer\AltServer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.apple.com/itunes/download/win64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd84e46f8,0x7ffcd84e4708,0x7ffcd84e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18376498503517000762,8767246121601479954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4296 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.176:443 | r.bing.com | tcp |
| NL | 23.62.61.176:443 | r.bing.com | tcp |
| NL | 23.62.61.99:443 | th.bing.com | tcp |
| NL | 23.62.61.99:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 176.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 10.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | altstore.io | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 104.26.11.15:443 | altstore.io | tcp |
| US | 104.26.11.15:443 | altstore.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 15.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 3.162.143.129:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.143.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.altstore.io | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.176:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| BE | 23.55.96.225:443 | www.apple.com | tcp |
| US | 8.8.8.8:53 | secure-appldnld.apple.com | udp |
| NL | 72.246.172.232:443 | secure-appldnld.apple.com | tcp |
| US | 8.8.8.8:53 | 225.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.172.246.72.in-addr.arpa | udp |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp | |
| N/A | 127.0.0.1:27015 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e3dc6a82a2cb341f7c9feeaf53f466f |
| SHA1 | 915decb72e1f86e14114f14ac9bfd9ba198fdfce |
| SHA256 | a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c |
| SHA512 | 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a |
\??\pipe\LOCAL\crashpad_2256_XBJRTJFGSOUXYWYV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36bb45cb1262fcfcab1e3e7960784eaa |
| SHA1 | ab0e15841b027632c9e1b0a47d3dec42162fc637 |
| SHA256 | 7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae |
| SHA512 | 02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\afb59342-2fd5-4568-bc70-f3c29c422258.tmp
| MD5 | 5b17f8e2c89357f6e128625d05e9e31d |
| SHA1 | 2377315c09417e30bc0bf693e517ae92dfdb7dc6 |
| SHA256 | 3d17f882c049799e33acabf15ccfd2eda1f05f97d5869e73e327e9fce2bb2a8c |
| SHA512 | 0423c4c1d5a1963f40321f12c424ad29e0e5f8072fb323e8f672cee789bb657c548fcf7180e181b124304739755749323993f4aa3c42b0b302902a2fb1b4652c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c04cb70621c0f36b3ed18395f33c392 |
| SHA1 | b718d114be640ace282f3f6fc91dcea8d92e82fb |
| SHA256 | 3d3f57ca6e6ec1246bb56ffc3cd4d6f72ee6cc2721f8e09838394652e219a5fa |
| SHA512 | edf7c1769735c998b316bfc60135dcf03763516c2d0f12008b5391e0c3c6f9749b1ef028ca9500f83c21df52572fa3b86f07d48671dd5bae4894ccdd89dc41b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 375e7663f191720caae8208076e1d0d9 |
| SHA1 | 0b3f923c33e83d47508de9ba1b06cd33654664ee |
| SHA256 | 7b729cadfa366424134d1523478fb34bf002d3e5904eb9c4b50d0ab2f7964934 |
| SHA512 | e8da1c1d64663b9888daa60ec19d2cadd57807843747eddb28f5d7fd63c830de47f6639d375d8e5ca9c7f09993434467700310268c748346ff6f04cfcdc38bfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d25c8e47127baf7d943c3ad8be1e174a |
| SHA1 | d16748d279648c76c337128c361d99be625efe99 |
| SHA256 | b6d671941dd8a91915ef5f8a88542bc40bdce6e0b64e2f1ca27145629579457f |
| SHA512 | 3b543f0cb5196e3b4908cd9bac514af56dd9b75755788b266cfd572c735935841fafaaa43b7f23dcd38a0a85aa6ed0644587afefa773fc10c779e51973ffd2f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7398bff0910e3d23d0670fa7025393ec |
| SHA1 | b86f435ba08d2be0118ca09ab0d2b1a700fa04fb |
| SHA256 | 1fa6da9e03fe8c59a49854382c56a30507f8425f340659d52b66585b12474413 |
| SHA512 | c50821b8b68b4382ef4d7578ace9924122738d62ae21cd52c078a7ba4147c3b340ef9c2c74c3bbf3f825dcbca6ced60e21278d3be547e1393b67589a392dad4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 452726c7a3a6eb1293269d70fe1da02b |
| SHA1 | 88a2fcab1f0e391225395f849fdd509971c28df7 |
| SHA256 | 79afb405dc9e1150258f5346da9c37df3faa9eea94411c86d443d240816e571b |
| SHA512 | dbfcccd5919f8ccbd89649293a7fadad4a7bb48700f871bcd293444034931f9e73acc6fc28d0c664f2769dc88f4030aac0a9d50b0dfd98cb50bf5e7d89654331 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e71a055ab160d8f00c6bfc797737b33 |
| SHA1 | 903854938557ced7fb8e9f2bb1ff5ead45bef1c6 |
| SHA256 | 1f1d595e21a0c9846f74072e609060ac3d777c38e318e99643b04fa3bdd8c295 |
| SHA512 | 52a946b9f98c8f4066bcb7236eeafb584aae616eb73946ad2a03726e28906315fbfc4d5e696ac5028a9244a06c9c2088cb3eb4df529fea94f7b0901dc80168da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58582d.TMP
| MD5 | d597d34caeb78f49f7edda4f8066b65d |
| SHA1 | 65f7fa662116c5fec0dd8b9a9caeae4c671fa786 |
| SHA256 | 6b0b36dbd33c91bcfc3fce67e2120c08123e5083125ec856b530f8e1ed1b481d |
| SHA512 | 2ae2efd64f582504925e861fbaeb7d0ba1d94e215e4d510843381405428d7d7da8f4227f869f7de230990dddceaeda8082d1cf82860cd4b736e4bdcda546b0fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\766e0ddf-b02b-46dd-8bf7-9007e23be15c.tmp
| MD5 | cb850a528edc0f35197e2584821608ac |
| SHA1 | 535a387e6c7496a8dcbe499a8ae31e097d095360 |
| SHA256 | 254025c279fcba39bfd5ce79e798a5de48be32651380062005ea39607bb4780a |
| SHA512 | 140614f1c1e5d7abfdc2aeff949cc363ba4916d80258dc0e82af6564e129188a464fdd9f89bb200e3ccae6752698dc61e138595b420a5492e1a0e76a695ba8c1 |
C:\Users\Admin\Downloads\altinstaller.zip
| MD5 | caf6dc57668b89bafe51a0e65aa6aa05 |
| SHA1 | a81475c1ff6dbcdd5d6690877da54978d3a6d5e6 |
| SHA256 | 12c2f14f920e8378f5e4479df718dddd6da35041f4c65d5ca4472d4814a148b7 |
| SHA512 | ff3a1c47d54cd79bcb09a80de0f444687921c62717a7a6943d1955352870b9708a1c279fecfd022874ad9868d0a896c69c017482ed02c3a6007b0c44712731f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b3262cadd96d52c9429083901694f85c |
| SHA1 | 585a28175eb1f326d2273fdcb99cdbc5333a85bb |
| SHA256 | 7d0f044134daaa13e0523a2e7d9299495780023254686d9d2b3a4578533afe71 |
| SHA512 | c394892f4854d8f0f4606d3761188830e4c28649bba2a9af3100ebef42e858c16dbb7cf9da5937943de68859557c3edf57b9a6f072d28788bfd87126b794b469 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0eb06b22b95c155bf1b302dcd76f1841 |
| SHA1 | 6909f391927252ecd6656ee267f4d3762e1cce95 |
| SHA256 | 5722554667c045855fc69787999eecaade8cf4d713bb41a2fd4422d6182b6298 |
| SHA512 | 57febf42a190108ce4c607a94b8da8de3fe8a1a70e9e54632adad48deb8e7af2d4505a890e4453bb76b9ef90312c8e4e78b4df51b3ec3ee7243521a92ba47626 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f268bcad9855b1e0f20ba115f0ed926 |
| SHA1 | dc26240e0507b4bdc58eae47ea28eb558e436bd4 |
| SHA256 | 343aaa7aae88621f3c10ae780996064e49cb429c531f2a1a7d77b528436ab377 |
| SHA512 | c842b5d419198dc8b9e98267113daac6fe8b1a60f9936cdb09255a2714f2757e6661e75bce821431b37f5061ec8b8658fbeb3210f805ff7543e3835c5ed46240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 50f2c107c8ca67ced53406bd4839ce35 |
| SHA1 | 719c297347321427f0fc21d661c589cddf2aa304 |
| SHA256 | 00247739f3f83562f2d8f696254ca12fcc977a96c21b43c996ade58420756f77 |
| SHA512 | 22501946188d6a3384f6a408df4b4bf84c301ed6ce2668d39605887b615dc91c7c525edda0ed3b5601d74a9136a0e48e226ab93745ffc45526f6c6ba0c80206c |
\??\Volume{0e54dc8f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e7cfff6c-cc84-4c2d-b5e4-69d31a6648f5}_OnDiskSnapshotProp
| MD5 | b1a66980021e8d04b17587aae23eb900 |
| SHA1 | 530f6f936d334c56b639fc96e30bcda78fb534f5 |
| SHA256 | 0bfac1b73a7d703df37fe17b43531e7e991970dc56f1bc7562a3e65ce1e2c68b |
| SHA512 | 73db3d9ab1d6f6b03e5e155c7a98f8f9b7ed2d53ef82ac762d3b8f2537002616837fcf67ec9c2bd1a5ac4e885f534a899ca7a5ccd75e4e8e84c48642cd046a01 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 1e58ab4215b4ab7269bb048057a454f0 |
| SHA1 | 7525169e3383308560317169727050b20c9a2bd3 |
| SHA256 | b60654fa89e900fbe89a22b2a68a6adb96b3fa58bf46df2b73defb340a89d737 |
| SHA512 | 69bbf9a9588888a7767a8d075785a3e36ff008cc1607829d8537981378c51c09a2978d42af80281be85e68d1dd61f0603c634bbffb420671ac678c093d14d577 |
memory/3056-378-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-379-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-380-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-384-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-385-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-386-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-387-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-388-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-389-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
memory/3056-390-0x000001C5C4360000-0x000001C5C4361000-memory.dmp
C:\Config.Msi\e5b4787.rbs
| MD5 | ed78a2d5489ef1a0d5d6dcbdd51fceec |
| SHA1 | 8952e1d5697a433e7dc9ebeca50a634b92242aea |
| SHA256 | f7a5621dcdb366c5008bd8af41bf32edd8e77d3746a39984ef31ff5bfbb771de |
| SHA512 | a6495be462ca329ec83b4298c8b45b6ac5d8e42ac1c013eeb37d46156dbc01e1ba0401d41a96ddb086433bd7746b6a267b823ce58561a4a59fd3ec20be930b3e |
C:\Windows\Installer\e5b4786.msi
| MD5 | 69283c93e4313778fb572173c2eda692 |
| SHA1 | 02ad06ff30a170a58fdb4012a974ea593830beae |
| SHA256 | 76098686faa6dfad700cc667fd26ff975fd02602bf7ff6a4a0d57098d029519d |
| SHA512 | ed98dd4b32959802f3ebc0e1f79801f70823b47b6847fcc7f6d8a01ba88ad2e2b2b5061eb4aabe567962d7b8c156f42bedf0918b1f41c9ee37a2772827e7849b |
C:\Program Files (x86)\AltServer\AltServer.exe
| MD5 | 0db5ad2cd60c9dd142bef768045bd35d |
| SHA1 | 3b2e8f904fd8edfdfab619374e5452ecde7c2580 |
| SHA256 | 8c0625e8a583aadf95e604a53480eaf11d717647cfb1457eefafcebb226d7c82 |
| SHA512 | 4274daab85c9064548150a48d55667a3a216ef031751ce3c553f5d6849bc360bab6a67ea9d164aa2ed4373aef115c89d41a1f36633b00e86f60f848e4eed03db |
C:\Program Files (x86)\AltServer\cpprest_2_10.dll
| MD5 | de26497dc1f01a049e3838e28cf4a5a6 |
| SHA1 | 0565c72d10c96568fa1094462c9da9e49a3c5678 |
| SHA256 | ccc50608446d380eea652fbc0069fee19a890c3b6f33ccce94ffb34d04c1beec |
| SHA512 | 546e8aff0ccdec6bda91832ab33ef87f751f9b8a1df26468b7439a4c7726300843a7630551c9f6221a0e07b792f86faa33344418f60b5c94ac1e3f7ef2e8811d |
C:\Program Files (x86)\AltServer\zlib1.dll
| MD5 | b3f72b6cce47efefa9f5224aa668401c |
| SHA1 | 18ff2b82b11a7d6afbe772a575281ff9f7d2b895 |
| SHA256 | 08e31facdf08916482372da2d4a7ddcec40edf8e1fab985773ed99d4c109248a |
| SHA512 | 97459b40d352f2b8bc5a88c6972c23e54e1350df0752f7969cad7dd444c12662d753fe9dff3b09afbbdc506efabf310a81347423b93c6df9361e5bd5c142fc74 |
C:\Program Files (x86)\AltServer\brotlicommon.dll
| MD5 | 94bea13bcca18f53853e676015963d7c |
| SHA1 | c1825db94118576f7f932c3a33163d24bb1128d5 |
| SHA256 | 1df8e66ef439e57d9eba688abb4b463d7c0b627265bdc633405e223f76e04884 |
| SHA512 | 2f6a9a33f4cd207c03089a8c5c6f7ccd40f7e2b6f331476986f55f08da4cd559ee703afcaf49d58256022177b865beddd434ce5a2b601d8585c16041732e3bed |
C:\Program Files (x86)\AltServer\regex2.dll
| MD5 | 547c43567ab8c08eb30f6c6bacb479a3 |
| SHA1 | e532e5a3e74926f6a750b3a80d3ea232dd251e4a |
| SHA256 | 3a71bf90e8bddfb813b44f9cbcecf431311a7979c1debc976767b3e5e59031af |
| SHA512 | bff4b9a92ab9954da46b0730c42da52342a2c4d0db0d052031299cac0cbe5001cffb976b84a44d06b2105de0957c3fdc2408fd640eac8230dd3341be286639db |
C:\Program Files (x86)\AltServer\libcrypto-1_1.dll
| MD5 | d5a5e2b8e937e31c881dafd4179f5536 |
| SHA1 | 8e2fa5c30b71da58196c2033be847937b3d0ff0a |
| SHA256 | 2e7c6aa4daea6e14d3d74e01a021a33e063cf60d34632e51b4730a2c3f0d46b3 |
| SHA512 | 1bae7d1ccac0ed246539bbd99fa8912100170b0d928405abacc5332d55c027ca830c04772d5786535cf5aa9b5abe9723647d563e417c00ad1143b123cfeca268 |
C:\Program Files (x86)\AltServer\usbmuxd.dll
| MD5 | c11340d2a0c982df06ab9cc6ee95539d |
| SHA1 | 27e232d3e4f5aa0e955382fde78ccfe746992d4a |
| SHA256 | c09be1a59267207e2c0ccf384739f1cc88d1d95fcca694cd2ee5699228ed5eb6 |
| SHA512 | fe0795412aef5cab4d1fdac8a1adc7815a1f9da9aee94672f8107e4d6db7bcaba2ee7c1759d5984f055734d5d93f68d7237692b99dd8660a9f2e5fc81e73aa32 |
C:\Program Files (x86)\AltServer\brotlidec.dll
| MD5 | 25a9a1077d3c46fc2c6cb399efc04783 |
| SHA1 | f4f7060b77419eb97a9888a09fb102cfab93d37f |
| SHA256 | cba318b29eb0c7854f9a6dd7eb3f86d22fa4d833395a1e631b9115ebd796cff5 |
| SHA512 | d0398e86bd0abd0f5f2426387196409c6dd93834b5ffade2413eb596f62cf5587b24e4c8eef85aa82af7be060678b5fb3c112bef218939fdc30f294c99bda61e |
C:\Program Files (x86)\AltServer\brotlienc.dll
| MD5 | faa8afec0d4ab40ab01525a8aa730b86 |
| SHA1 | 69ee9dcf5cb40b7acdf70927185c24f031ad6adf |
| SHA256 | c213826bf0a1727bf0fc7a30af2a30a68474a4a4906df6c84c733598b682341b |
| SHA512 | d1941157c56f51608f6b5ba52a7ab0e3cfa194dc0ec8399482fd4a160f8ac1328d802cb77277ad601d303b3e3346e0c4cf3fc516180ed0a105627fc00a7fbe2e |
C:\Program Files (x86)\AltServer\ssleay32.dll
| MD5 | 284e004b654306f8db1a63cff0e73d91 |
| SHA1 | 7caa9d45c1a3e2a41f7771e30d97d86f67b96b1b |
| SHA256 | 2d11228520402ef49443aadc5d0f02c9544a795a4afc89fb0434b3b81ebdd28c |
| SHA512 | 9c95824a081a2c822421c4b7eb57d68999e3c6f214483e0f177e1066fe3c915b800b67d2008181c954ad0403af0fa1ade3e4ea11d53ab7e13f4a3def9f89cf4f |
C:\Program Files (x86)\AltServer\boost_date_time-vc142-mt-x32-1_70.dll
| MD5 | 08a6e762f1f334c267a22fee50b21800 |
| SHA1 | 9a86a272df68840374437436511b48a0c49c4c77 |
| SHA256 | daf2db7f4e973e181ffb0a7625f813863a2561e08c1350571d4a498499a3cd82 |
| SHA512 | 6572889143d68c130f383d335044475d549a2ae2cb2d2b3e326d613e4db7aab17eb4ee34300bd520da18436acc43baf553a2c9fdcddab73b8a9ded556c1dd33a |
C:\Program Files (x86)\AltServer\concrt140.dll
| MD5 | 9ad549c121108b3b1408a30bee325d08 |
| SHA1 | 898ffc728087861e619dababd8e65cc902276d06 |
| SHA256 | 263975e4f5afc90e91f9f601080b92c9fbc5e471132f63ad01c6c4f99b33b83a |
| SHA512 | 9a9005acf2af86d6a0a95773e968d98e90b7e71e8e71d58949ff51aad49050dca57d94a19671b1b5026bd74e7b627f31d0c8a50bb66ab740d629022c3a95d579 |
C:\Program Files (x86)\AltServer\libeay32.dll
| MD5 | de484d5dafe3c1208da6e24af40e0a97 |
| SHA1 | 3e27b636863fefd991c57e8f4657aded333292e1 |
| SHA256 | 007342c6b9b956f416f556b4bd6f1077e25bd077cc4f4ac136e3fccb803746e3 |
| SHA512 | e871ba131965331dcd6e7ae0ef02734e157676c7d2bba791dae274395eaac90df3e0851bd67f1e12461287860281d488e7e82c9c11cbf4657052eec78f678c3d |
C:\Program Files (x86)\AltServer\ldid.dll
| MD5 | 22fd47b58d6648d3a62618ccce0557a7 |
| SHA1 | e5ea28bb126e286f681221c7b0f80d5551aa77d1 |
| SHA256 | 13ccbdee289958526f19c93f872d121c8bb8a86103b3dbc6e725e6ab3ca17ea4 |
| SHA512 | 44bca68bcad0395a90eede7dec157ae079b70f4145f4304f612ff3d02b566334eb1eb8466e81c64120be91f00a6bbe5cac34ee296e075df0119ac11380230fc9 |
C:\Program Files (x86)\AltServer\vcruntime140.dll
| MD5 | 1a84957b6e681fca057160cd04e26b27 |
| SHA1 | 8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe |
| SHA256 | 9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5 |
| SHA512 | 5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa |
C:\Program Files (x86)\AltServer\msvcp140.dll
| MD5 | 8ff1898897f3f4391803c7253366a87b |
| SHA1 | 9bdbeed8f75a892b6b630ef9e634667f4c620fa0 |
| SHA256 | 51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad |
| SHA512 | cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03 |
C:\Program Files (x86)\AltServer\imobiledevice.dll
| MD5 | fc4ccdbf0f573ab6d682a638ea49a868 |
| SHA1 | 78d5d05879207ef2e1ad0a4c7769de58529fadbd |
| SHA256 | 81a4913ee2b5fabd598833223c7bfbb7e4a27030e104407318c35c8ae898ab64 |
| SHA512 | 2e91241e55ce841d6116af3d3234258c2d4b4dedfdcfbd0b37b35c1ab981e56d081693a5e55217d6099225c929438420ffea50f94d388cd6006d88e508fb4015 |
C:\Program Files (x86)\AltServer\WinSparkle.dll
| MD5 | 1e1f8765992bfc5b7326a03fbe7ee9ad |
| SHA1 | af44a147f18ddf073414d22a550379f5233e414b |
| SHA256 | 14d9ada9fd17ad089d7dea3a4b6e7117f132b23cd150323c60df5ffda5c72b6f |
| SHA512 | 4ecadc62edc1525b4d3f4183b14b79cc7959e4b6134da8e359686003f963ea1a0b993c24a944f2e703ba1db8e73c366b0351e0f3953b0d82131237953eff7cba |
C:\Program Files (x86)\AltServer\plist.dll
| MD5 | 3c6548478f160c23caa5bbc7da08894b |
| SHA1 | 6537259f8e647efb5d18ce537602ff02854f6a7b |
| SHA256 | 8eb28214b9b115eafb4af5ec90179121e81541ad912b95ab4467c723a217d99b |
| SHA512 | 3235d560ef0556e51f902d94a163630a4871e2f3e2812f5f7fd04d97ef7d777f3a72780bf8369b6e5b20514dac1d4703e51cec7fd0c5104c2993e28cec9857b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | df7f5180e4ddb329fe8fd8d9011ae394 |
| SHA1 | 3bfb4ec2c4ed74bac45eee63b6c92937e2c49ff1 |
| SHA256 | 1f90146f7f2dddff40dc21ea95941c85f3ee98d621f0d1076ac2428da528506f |
| SHA512 | acbb03e5352ff07819c916d93b2552f0918d47f03c8dddcee133155457e09afa68367128139a7595f849c6da62d950e8b5e1f269ff2f1a54c2415acdda52cf81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 97a504d4652ea0aadd92dfaa297aca77 |
| SHA1 | f90f3f5a49125b44dd42be9886f08335529b8a84 |
| SHA256 | b5094802148d9fca7e6749e88a9251cd6de7a322a4dc078434e720e5f1b96585 |
| SHA512 | c1573ae938a3a8ad92c6e1616568269512a27af54cae5db6c09ac413044b579f932460eac2a1aba229e2fdc87ba83a8a88271b58827c0839adb8db44dacff4f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0a72b6ccd4dcd77b19b30b1d34507d3 |
| SHA1 | e333280a93ca89f292e146d1b6e0c6a05aa1d0d7 |
| SHA256 | ca964aabe2720f0fa3158d343abb70bfa10fff6c8aa0f2750bb8e109c54c0a51 |
| SHA512 | 5a4155fa6eca9b9c0441ef2e6505035b134d0bf2a00325ab885134930fadf7404a1a83d6c8df027576c866ad676120a17692e6b01d5647bc482b16cd9ce277ad |
memory/1744-500-0x000000006C700000-0x000000006C719000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24398b9424c613ee25bdcc62fa7d45e6 |
| SHA1 | 2fa3cf11e554813071fddc6c70648974b60d011b |
| SHA256 | babe9223a249aa2eecadc67f10f8cb426beb9bc11fd94252b2a7be72380890af |
| SHA512 | 8068503c231dc2b31dde1102a014c3c6c6dc99645b4747ebd9098ccee115f790b994de37188c4f9062af49bfeb4b9e23685a9579080f5330417f8b4676a0ebfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 300626f161af54ba412feee0182a5898 |
| SHA1 | 3a99853f77790db41ae126f6867d8a0a51b554df |
| SHA256 | f7f92818e5131b439782721eb042a02ced28b3f461fd2761f8042cdad11b4b4e |
| SHA512 | 86b5a26642d87e4198148c97d959e77c80fa9b10c94f0106f7578588c195816f5dcd2c00443df08ca1fef089912539f5ac9cb1a12b5bf155a9afa40b21829367 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 971922597cf781e3d8a77b23eeb51c15 |
| SHA1 | b9a7dbfae032b4d6537e2f438a4f81395d1ad50c |
| SHA256 | 3265e94681d643e8d50bb8277e42fd8b3ec7324e494f8f766269ed531a8fccdd |
| SHA512 | 085143e3083f441e4c5dc263674f40f94c4bd22e600883d7ef05ed177dfa4c16638d72fb1cc3432a4820f6e41aa3625bfd99828be288fc10516eefc0170e49c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 148ed1cac84f590359701f56db63f52a |
| SHA1 | e7bd0e3b320dd59ece42fc56bf81b9870eaa9578 |
| SHA256 | f2639167527c9496890670d6c3eeef6ba1306db0f23ea641d4c297ff925a5b93 |
| SHA512 | 32fc3c7a98ee0d88b600be746cab6170c3c11478138a7a79e4a817e5e190743b4b086af866bd1a737829cfba7cf0b493e9e3186693228063e91cca04257a4606 |