Analysis
-
max time kernel
169s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/03/2024, 23:28
Static task
static1
Behavioral task
behavioral1
Sample
ST_External_Loader/ST_External_Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ST_External_Loader/ST_External_Loader.exe
Resource
win10v2004-20240226-en
General
-
Target
ST_External_Loader/ST_External_Loader.exe
-
Size
37.8MB
-
MD5
66c4e5860de0c00a797a0f10a7615fd5
-
SHA1
f48f6099b31a616e938c95568a8886d218f06a47
-
SHA256
c05577139a84f3e3591546d727d8501f2e2f65631d48122683331373bbbeac12
-
SHA512
941c58cdce64e2946337374cbe9b0bfecdcdad78f7a59c6b6a973fd17fa9be28d04a8418a0269aa1c6cd47983eb4a7278919400a74886b27a991f87e9e4ce0c3
-
SSDEEP
786432:iSniwA6rIe+6UaQ575Uz7tzKju1bTyHQz9bq2Z:vx8e+6Up5F2NKju0wz9bq2Z
Malware Config
Signatures
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\vgc.sys ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\vgk.exe ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\Taigei64.dll ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\drv64.dll ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\vgc.sys ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\vgk.exe ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\Taigei64.dll ST_External_Loader.exe File created C:\Windows\SysWOW64\drivers\drv64.dll ST_External_Loader.exe -
Sets service image path in registry 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\JcSnzOoYxljnyuzoeNWoruyCoL\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\JcSnzOoYxljnyuzoeNWoruyCoL" vgk.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\HRekFJnYMT\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\HRekFJnYMT" vgk.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation ST_External_Loader.exe -
Executes dropped EXE 2 IoCs
pid Process 4464 vgk.exe 1136 vgk.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 34 discord.com 35 discord.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
pid Process 1464 ST_External_Loader.exe 1464 ST_External_Loader.exe 5324 ST_External_Loader.exe 5324 ST_External_Loader.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{58EA498F-B97C-4AF5-821E-8E4B89ECC0BB} msedge.exe Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 22 IoCs
pid Process 1464 ST_External_Loader.exe 1464 ST_External_Loader.exe 2040 msedge.exe 2040 msedge.exe 2128 msedge.exe 2128 msedge.exe 1972 msedge.exe 1972 msedge.exe 1452 msedge.exe 1452 msedge.exe 5348 identity_helper.exe 5348 identity_helper.exe 6120 msedge.exe 6120 msedge.exe 5324 ST_External_Loader.exe 5324 ST_External_Loader.exe 3036 msedge.exe 3036 msedge.exe 3036 msedge.exe 3036 msedge.exe 5044 msedge.exe 5044 msedge.exe -
Suspicious behavior: LoadsDriver 2 IoCs
pid Process 4464 vgk.exe 1136 vgk.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeLoadDriverPrivilege 4464 vgk.exe Token: SeLoadDriverPrivilege 1136 vgk.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe 2128 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5324 ST_External_Loader.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1464 wrote to memory of 2128 1464 ST_External_Loader.exe 92 PID 1464 wrote to memory of 2128 1464 ST_External_Loader.exe 92 PID 2128 wrote to memory of 3420 2128 msedge.exe 93 PID 2128 wrote to memory of 3420 2128 msedge.exe 93 PID 1464 wrote to memory of 4192 1464 ST_External_Loader.exe 94 PID 1464 wrote to memory of 4192 1464 ST_External_Loader.exe 94 PID 4192 wrote to memory of 3080 4192 msedge.exe 95 PID 4192 wrote to memory of 3080 4192 msedge.exe 95 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 3776 2128 msedge.exe 96 PID 2128 wrote to memory of 2040 2128 msedge.exe 97 PID 2128 wrote to memory of 2040 2128 msedge.exe 97 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98 PID 2128 wrote to memory of 1836 2128 msedge.exe 98
Processes
-
C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe"C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe"1⤵
- Drops file in Drivers directory
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/staffbesting2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b347183⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:23⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:83⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:13⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:13⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:13⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:13⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4780 /prefetch:83⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4752 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:13⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:13⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:83⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:13⤵PID:5364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:13⤵PID:5376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:13⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5148 /prefetch:83⤵PID:5980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:13⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:6120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:13⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:13⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:13⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:13⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:13⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:13⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7280 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:13⤵PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.staffbesting.store/2⤵
- Suspicious use of WriteProcessMemory
PID:4192 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b347183⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9239789805851444924,2423615285097300152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:23⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9239789805851444924,2423615285097300152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1972
-
-
-
C:\Windows\SysWOW64\drivers\vgk.exe"C:\Windows\SysWOW64\drivers\vgk.exe" -map C:\Windows\SysWOW64\drivers\vgc.sys2⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4464
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2472
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1596
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2744
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3980
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5244
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4980
-
C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe"C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe"1⤵
- Drops file in Drivers directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/staffbesting2⤵PID:3368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b347183⤵PID:5776
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.staffbesting.store/2⤵PID:3592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b347183⤵PID:2344
-
-
-
C:\Windows\SysWOW64\drivers\vgk.exe"C:\Windows\SysWOW64\drivers\vgk.exe" -map C:\Windows\SysWOW64\drivers\vgc.sys2⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1136
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:5704
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4748
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ST_External_Loader (1).zip\ST_External_Loader\README.txt1⤵PID:5736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b206e54d55dcb61072236144d1f90f8
SHA1c2600831112447369e5b557e249f86611b05287d
SHA25687bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2
-
Filesize
152B
MD573c8d54f775a1b870efd00cb75baf547
SHA133024c5b7573c9079a3b2beba9d85e3ba35e6b0e
SHA2561ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94
SHA512191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8
-
Filesize
46KB
MD58de2c3401fef13f5c0f8e82a2fb76354
SHA1f208974c5f866e071c838d0407a6a72d2d1ef1e9
SHA2563fa1c740fe39c7ac18b90935c9d64505c77ab4b95256356ffaf9c0cdee5f7643
SHA512ce357e11fbb1ddfd15be9d2534e392799b94af0c2ce614980e3c9124e4267857989662ed2b7e46e0697d0d3ee222e259f66f5a03d0f321152cb5622f5a8bae5b
-
Filesize
47KB
MD5d323f20ae706052cfe4f45713fe4dc77
SHA11618b241811367956c5907fb0c71b9a9852e59b5
SHA256926bc3928beccb2d62dcf12d7ef67f5bf8906d7178be928afb3585c4aa41936f
SHA51276521a11c07bc6d1d8cf9ccf23ff64bbda66b43a72ba4f7824dd54538ea8d1eff77f819ced1096206084f12931391be1d8f6c14b7b62a6538721bf4acf8d762e
-
Filesize
101KB
MD56b0fdeff08bf0de6dd8dc05849aea371
SHA18abdea37a7bc81f1dfca8d58f1dee4e7d1ad5ae0
SHA256ab1206e023a09177027281afd85d2997b8dc01b2a2e186eb18a22782f5635c3f
SHA5122eeff36ca8aa374c413ccc5ac436986f10af674acabe2d9d0c26c176bc07edc992b3c2a6eed8b2e070bdecec35d62843ae09a5345c45e2bbc7b6c9138d917c47
-
Filesize
1.5MB
MD57c9c2326c5f918d3bc677a4c908ee980
SHA16af5afd9baf2b21f92a4757e6d66a401caab78e2
SHA2567cb3fe57e581e79440c6bf6eb0171c12584ebb87c66fec9436ea3fc518d4b2c9
SHA512ef1078cd8d9e8a2e6593eccd51eb6d0e517a22fa28e36aa795cd3cbdcd0f52c76eca96e6bcd796be53e83ccbbae6d79a84aeaa75e1f66efa4239a6b90bfbccc5
-
Filesize
33KB
MD51862a084867804c6446e31f801a6ca10
SHA19f0addd7e5407ad6adc297d83e71864bf5d234ef
SHA256fddbb692490ae3a98abc3505688261ed1d9de4440367b2b83dfc26237dab2637
SHA512110160df85746bedc1b5c56c9837a0e6850f47b27b18b804077179821932ea5e4317d1e42407304d3b96f9848504f0ca879c02030510f509d6409285aa90d144
-
Filesize
19KB
MD556cf88a250e483d0b17bd6b3a5cf245d
SHA17ee18462db98275a742167c02a7bcb9b9cd9ed56
SHA256287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a
SHA51223ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00
-
Filesize
1.5MB
MD527c292bcfba8ac0e094128b4e34f4685
SHA1d7dd4371da338955c631154939f21defd4b1a3e3
SHA256b778ca76a51bc900ba7f214647b93c9af927629428277bf2fc64a1c83ae043fa
SHA51212d56315284c5c643d93358fb4207422e7aa8272a2e9cf8b1e1a7e644b557ea9a06f93b4fcfc651d9e39d9782a455914c861a69742e70f2847df6a2339c5bccf
-
Filesize
1.3MB
MD5d1d6b4a0d376e5bb495ba3763824e41b
SHA1340b69289527efef2a2ab795e5cc3a02430f8ea2
SHA256296cf93986ec2f173e86eca025d7e887891040733aa0cdd76e89561e6ec9c1b1
SHA5121f4f9f77b4fc152a93ebbba971770f14856bc39c2f769d6937bcda9f0b3272de9322db2238cea2450ee69707a9371323416e863e15ae1f98dfe70e0aa825a31b
-
Filesize
1.9MB
MD50ed12526246870c50f7cfbd5c283ddd9
SHA1655b8aaa3499ebaad97f73ab742781e4e3663af1
SHA256dbf37683c9131dde257613d4517056dcd9e768cf5e712696db4b9d9f47f27242
SHA512afb04f671b8b2ad00103d9685aeffeddeccdda7731e65370ead0896f22c7a06b9c2757c0f47dbcfd06a838d2340c0d8a25990d53ed5a983f7a16aa0bd84f7c21
-
Filesize
1.9MB
MD5247d4cd542018dadc6b3555fcc9fb0a4
SHA1fa6808abb2fab1d0f6557cfdfde3c18d3be1965f
SHA256a1ec409999acb15d0e5d4132bb889f7a1ef2ae43e1a9642e6ab320fe5e42d95d
SHA512fac1bab82609f3fdf89e827dbbe55bdc93c7c8a2d1d7943c5caea1fce0b9e02484bd387457b0c830d9c909fb867f2f73f8a9146d40af17c450f877240151afa6
-
Filesize
7KB
MD50b29155e9451a6170ee5c5faf1fb0608
SHA1de1f1e097e3b22b82e559bf1edfe728779f8e3a8
SHA2568220e95dafbd28e1083ac7b740c7f7ffd0b9f3ebc3a5105e146810ade8859de3
SHA512d4b1dccb76518a8a474812917549bca406038dfb6ca1c98b42def1ba0bd2bfc1406b50c2490dd975c2098e3a6759d86602946ab55aae161b5816860a9d49dfed
-
Filesize
233B
MD5f88f1ea7d40da78ad32b0d58abd70e2a
SHA1e26e28ded653062f6a89f4c1fe375f705e53f1a5
SHA256da059e1e88579ca76166f6a6c9b8715c433f861fd9173fa2875924c14f01c8ae
SHA5122a57b9757ce97a1890136bc2db6424bf55fad9dd6b58f658ba2e2f3106fdf578fffd9fddf5362a7dbf2e2166652d72bfba7ced04e189a387fc02023faa8ffcf5
-
Filesize
51KB
MD5bb5ad50368577d94e06d003a475b1c62
SHA130eab4ec4c7bd414fa879e71955345af4fc0db1b
SHA256d2c7a93bf90f2cd244d5455c729b24a41dda09011e19f3112c86b8a808c9e96c
SHA5125e457763b459bc5c455b7236619f62a992b35fd368aadb1ed18fbc1b547f991a565950568391c8681e5b9cabbbdf6b5cf7fc6eefbd059f0ed907b0ba349bab50
-
Filesize
281B
MD502eaf5f34e19a798394f7a6c9c2674e7
SHA1b5b859861bc701e2bf803f8b982a2f9bae3c195f
SHA25622e596a6294f499a0a3a4ae4b061f9de858f4b76d9198a218116dec172e95be5
SHA5128bc26bca7a5c93076106f46870fd6dc0b49ec67be268c39ad06fbfaeb142d7a22ec8e5ef927a48ea93383a470f6370306f5f0f7b8220a2c6161798ac76d67c5f
-
Filesize
73KB
MD5611bb1d64fe8ab98ef8bd704ba5d4945
SHA1e8fba1c7882221ff8172eb4277474ecdbefcc597
SHA256477751345e71867accdf88288c28b286f2b592652088af27ab8daead2c1ff91d
SHA512649d0ade658826ae957dfcb973398022f28754d2003b6282b9bf03f52d8ce550ae3146dd98063c6b8ef1e901a9d66b168e72d4e984f221fb04e13ee8256debb7
-
Filesize
212B
MD5397fd221949580af649b3e7df8cffeac
SHA1c6dbaa7fc7166e5fb11192961d19de0d4dc10392
SHA256e893a86edeb4bdc408e055284bc4c52f9f7bab7cd5e5b01f2ec39144eafb1493
SHA5125189e013a94a03b6f43544060b2875e2bd5ac15f81a8a7ff5dadf8ddda889e2855714905eb4c0ee3c00a2fc7777fa8652f98325b23e4e61fd424de205d6bb1ca
-
Filesize
57KB
MD58a7b1bfe1c0641d731d27f963bcdba79
SHA1bf1413981b2488f86ad9203ccc78e2da6cf8861f
SHA256e1b7846463afaef1054c7d7f2e138b7f6c9ae3e4493189fd8ab5c2ad7973c46e
SHA512f8fb77825b5f6af875ec43eb11cbf05d007da6b0775c36db1a18d70871fd8d07dd83b3105f6fbd39ec26ff2874d5f4999dd35834412abdef05b467ef9a531190
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f260d80bafb4de81017d2049c8018b0c
SHA14c77f89577fc77561728aff4a89d401e82f1eae9
SHA256742f5350cec8f531dc884853327425542b082d416df5355202a2b7a57f290657
SHA51234c089ee0f8ea054815d28bf6b780f9da0fb785cc7a6570aaab8603ee1c77c7900baa7eba85741ff687f3b220b4b456b75f7baac83aa739d6fe5718ff3843e05
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5a2e6f62120122ea7b674de6a448991d4
SHA1a5d36673f632be9791938cd379228d9fdbe0e97c
SHA2563092ab416114b5879144985952c8a49a8e58aff291c141597fac83110d3077cc
SHA512628a06508335b4f2708c6830cd911cbe01d68c613b32e8d0561b68f07d55525e6016a4c5cac47772a0a48408f7c5e46693b6a15dbfbe9f8725e53fdf6077afaf
-
Filesize
3KB
MD50ce6e26e7049eddf802860e2b8a823ba
SHA15e0630ec6cb0727d8beabe1f607db9a4a49095c6
SHA256053d9703552ad49bcdfbbb06e615ff21d9c97ce304ddcee6f61083b0d3106ee4
SHA512e3229fee5c0143f7779fe7ccd2ad6547f718a16b173a949862da6e3cab2c62f160ea638f7943064f315d91c39589d3308dc068aec537918669828170a12d332a
-
Filesize
3KB
MD56271b15a7300140de1511a76a9c114bc
SHA1ec95b79f06d0633c05a5530eb5a60a713df4248f
SHA256afa9cfd6b8aaa2ab0dc644f37d5a7ad76da9e50051c28b46b608b0db0dfcc5e1
SHA512b4776884fdce36703c6d5540a3bb574c44881b1a3ac7608e9fb358cfacf4a9a0c2c30e6d40d73e9f3d99119140ca30f714fff20e7442c5bc38544d2d00954ee0
-
Filesize
6KB
MD5bf92732dccf77eb31594e50510160190
SHA15e9f66cde6b90c02a7aef82c9251344c86754a7b
SHA2565f01051a883d29036f1b31923bf8c3c17ae66de50ea1a396b6b223645cd0e224
SHA51243d67947b1482a3a1a55ffe4f1787e8ea0c5044f45c95634f89d46ade2f0c86711482e77243fb9c8ee54deb8bf420bfb518a01a0771aeeabc470025cddf2865f
-
Filesize
8KB
MD572168b9706c2001ad852580a44978a0d
SHA1b65d1ee31a49c3b43f2b5d7429ddd907efc05301
SHA256088b5c74ceec246282716c79e7709f346cdef72ecf5dff71cd80fd2d4b23ec6e
SHA5121352f6089a4961d9c79dfb6637e959805f17e0d8f659c1905e3968cecb62cdd04ed10e76f10665a68391d975d6771fa55a06c99fdefa26468b25baf5d0af1a27
-
Filesize
7KB
MD5afff0416884335ae591645c3147c491a
SHA1352ee8c9be7754e16240ebccfb7bd8a5cf400885
SHA256c8d26cb5fbd895518540558dc4ff72a942f1fd8e86f8e7b8360e76a7b1d83d16
SHA5128ef2e9a6fc96098a5528eba2c59a8faf140b781d443625343183a30b622aa79c25616d073993b0ef3827a5b025e8da96872547fdd4f9548910d9c26236dc2769
-
Filesize
7KB
MD5f6217a87c59eb577b077cff39ff8cb6d
SHA17116aca63fc3e7f3d6655c71c60ab19ad99afb45
SHA25649085a5ded4fecd4b9d48c37ada983cdb6244112a0aa2cc1138ec3172ff58503
SHA51275ea393b88cbf35016f5722ce7d2b398af35433f81f372e985dc21765990fce7dabd9d6f1ddf9ac38da3a3b6015953e723dc82f719ffe8ae8673abf2a85744b8
-
Filesize
8KB
MD5b7ecf875836ce39f1e82a668b586b9d5
SHA14e1b8c3f58e41931156b6ae86fd70087621bcde9
SHA2567afd7d699fe172af8c4cb33cd38b508aa1c0e7102cfc1736e51829b50b1164b0
SHA51230f8b4b5c5286d65eed09bc90bf3490d95177ea13133886921144a073d5a0d75018647d655f28f22c8ef97bc861f8a0e3abb0d538f00aa0f873defbf629ab696
-
Filesize
8KB
MD511aafa12b39ef252edb2d3cdda93c99e
SHA14138d00ffaba398f16cc45e4da3e761214ee005b
SHA256e19677636e41942c91ff2d97363924371a32a6af3da186fe5775058a94896893
SHA512291d3c4715b2acbb94da234a60b8ae297fdfad37af5e4c5e0530a4e52f1f24fb66c69954cd8e193b8ca8b6c070114ae00a747f3ce4223e7c467a009eeeda73ff
-
Filesize
8KB
MD56082e2ae3b3807c059354537c39d5b9a
SHA14f6012e357c2aba3453653c94d304a01ea8238d4
SHA256b48ce8ce051da6d09c98c4d8dff4c164cf172402582d8689c36e8f9fbe921230
SHA51296c2ea8dbf2e8ab98beee39feef2eaf1d2e8357f5eadd4cbc52b0a76fcb97590def5d1d7548e8d299fd8bbfc9c0733833cb0256f212a85d585257365f5898a9a
-
Filesize
1KB
MD5187db50481a6f20c5814bf93e9f71c54
SHA1a5c8539a719b78f3cf39b63153bf039e9f58ccc5
SHA2560f64b8ceddcf9f6a43defa83ce0795c32e86e075634d0f3ad9da1f03bb0cf246
SHA5120c984f1adb44b42eaf673190b513f91e89312f23ce30719bfdbb81a98ddd52a3117e9f70252911e71d4bb59ecb1119013727e4a7ab05d4b691fde6a27df7020d
-
Filesize
1KB
MD57e6ac46349140e24d9383f3e3d1eefa3
SHA10864c18b39e15a8d8d1b55a0c8d101d8badd1f61
SHA256e11b4dd7576a28ddebc582aa6336ebdfd16f09c8dc672454bd4e7a3010c16f04
SHA5128fd6c4d813473ef412a3f97331eec99f984061aaf7b24a5b6338bf5f3155537378abbbb559ca0e52ce0baf02cac83e3cc8f608881bf9926a6bb991659aacef0b
-
Filesize
1KB
MD531cd9b726920d324041ca7b784c45c66
SHA17ccaa2ff92d95ccecb4b1a13fcf6fa2e4fb4c3a1
SHA25668948050d26a3ce423b2ec3491e6d402d2d4d8920e31d92a62790621ada872ec
SHA5124705e43c116d432017f29b8847ebeac48441762a8fe61cb20867129e5d3ff40682117b29875e32ff4217166222bdb08b613894d38cfe4f143f1c170548c58388
-
Filesize
1KB
MD5120ffb315fce02a9f442010ca7308fe1
SHA1663eb7a285313bf43cf8e4efef2564545419c0ee
SHA256871f60e8f1369b081a23448937f14d52fa12b16d685b7ce0b3a330ea6d49b341
SHA512db393f1fda9aa65704776c7a790f60ffb709a6ad15ea81913698339a59d2ba3bb6965ebc23f40312574d21adf8f6b4bae3d52101209cbda892053e06c352b35d
-
Filesize
1KB
MD587729e2030de5eafec196cf4e02ff842
SHA13a2e3426f0bc87fd3c8ad6e188f2b77b29137e2b
SHA2569840b01ec24b97cffa71045d8df78ee37c92b300f21e7f914a40bc1a7b6ec95d
SHA512c4c532d348113e7f3f4abcef3314a1a6f1799afc16d98a6026f68750d10fa028428fb652030087038f5b76dcbe37524219ac0ccc58e9783ca0a1dabe409ebdfd
-
Filesize
1KB
MD588e05fca2fa8b5bb294a2847a664065d
SHA1c39626a2ecce096bee1a262369e1e868c6ff4b55
SHA2560d7aef5227c1e8360e81b9ff8794af8ebb9c962e9e0e62614a8d00df529517c7
SHA5126ffba65d6dcf91c716f421673828fe9c8fdf3a28eb1cba83e2f9716b41ffb38acf47a7203bc4f6a0d4e60e8b456af3dee9eb49193f9e1573413d1565cfd98171
-
Filesize
1KB
MD5076ddb0062652c365d87a2f486ed22ad
SHA128db05cdc7ba52794f07b53e094548a2a79a723e
SHA256a4d91b6de6f8a6b300a8062814952ef4b19598b282c4cd2b3a26d16bd4df0246
SHA512bb1ddd414b44629a1a2a12273a83f64786b13e77258e8df15f6fe53e9b8c5dbe4cf2fb7c235e6c2df77d8973ba525da7bb145485d6837478d1a6d94765552b8f
-
Filesize
1KB
MD545f25b9182825617a7dfc38388e1305c
SHA12dbe6ff46ed9d1a16f9a8ab11c55940f03fab6a3
SHA256c968d93c7fe48f23a7c356ec5ac8a3973691982d3702096d2f4959818c3539ea
SHA512cdf429ba46c66795b53c10559d7da98fbeea831ec4136e52e7bbb0c50d412aa6a5455b344e6d3af9fb9b13dd6fbb7ae9137b8ca050c120e1b8f9e194499ecefe
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56be42159e6ce6c13e1b5bd603748f2bc
SHA1037241f0ccb46aea5aa9425591c34d92c8b02703
SHA25648fbfd6314b324059d12f268e911eadb88b48630b34b0da417df1d30ce4800c4
SHA5125142e4aecb0f973bfa6432e2ed63fd8251936a4efcd590010dad49a0d8cf1cbd418da0d28252a9c1156c195c6067836c2e8329008fbda981d713e1fd94e36179
-
Filesize
11KB
MD5d6092254ee9530ab575337040b40de4d
SHA17e48ca492753554bd055bf04ff14b97c2e504c2d
SHA2566a9805b79236f2ae1f4a141e50fa9134d7e72694fd41ba999f8d9aba85f39c5c
SHA5123992feb5f73959148b6a651dd8e5ef3b02602465a1be868011e09007247f7ee5f59a74946f4e344487e0a7e75fa4e705e8b6eedb8729118e19956afb8ae87103
-
Filesize
8KB
MD5ea9db6050c6fb01592fd4be01e4987f4
SHA16a1b7dc18103a50b2dad80012a43245682c99488
SHA2566c365ea7d590f482ecaafa9a55078eae0da3195a04b9b2cf5608200a19e8faec
SHA512b182123bdbd5e74aa84cade548a3230f17306cc42d11910aceca0551639d06b3938471a828d0c2d9217e8c0924b30d4f659cdbc53a3fd7bf32f8d692219c21e5
-
Filesize
12KB
MD572bbe15158230a2f4c1e8edede05ddf0
SHA14b797d6a8f9364d39be6b8023d92d3de39257bb0
SHA256df02f53cc8a96a57c5c4576cceff876e9718f312b42428b908deca18fb659071
SHA512b118d1beb8ffc2439149554cc5786f00fac30870ea8cabdebfbde1efea46b3cdfa769d29a2eb45affda593589b8263624369eafcae314c625c9709b03c7aa787
-
Filesize
5.9MB
MD51370972a4470cd7f0b64ced09e766d51
SHA1764a52875db05e4f87e97147a8adee1dd7850714
SHA25638485902dc230174b16b8d1a059ea3d1612290e3db755f801df5925fa87908ef
SHA51276818b3c7c7c03f230be4937847dbe5f1e2725bb3c353047e4b20962562be8aff4b080e3a2f22a0bc2e7d64d2a6e666d791db21407ee136d9fbe6746bd290433
-
Filesize
134KB
MD534cfbe3ff70461820ccc31a1afeec0b3
SHA15d32e91c039c9a6f723ba3c04c1179d02e6a0ce9
SHA2566ebcc6896b243c761da4fc28a26249b0c146ae17aff7697c09bc447008e831df
SHA5121ca4661be645e7e954d89c83f1fd126a5e936533052d4e330c9faccb83bb5942d28265375cee743e468b1625a0c1f10888e7957fe88c718e8501a86a78cdc06e