Malware Analysis Report

2025-08-05 20:45

Sample ID 240302-3f1nmsac9t
Target ST_External_Loader.zip
SHA256 d4cc4320d4c688a4509d096f8ca3e7d6da179c941a7ac3622e8db0d92c138133
Tags
persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d4cc4320d4c688a4509d096f8ca3e7d6da179c941a7ac3622e8db0d92c138133

Threat Level: Likely malicious

The file ST_External_Loader.zip was found to be: Likely malicious.

Malicious Activity Summary

persistence

Drops file in Drivers directory

Sets service image path in registry

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-02 23:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-02 23:28

Reported

2024-03-02 23:31

Platform

win7-20240221-en

Max time kernel

122s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\vgc.sys C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\vgk.exe C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\Taigei64.dll C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\drv64.dll C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\YNNVtInLUZPmJwibeczka\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\YNNVtInLUZPmJwibeczka" C:\Windows\SysWOW64\drivers\vgk.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "19608" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "8712" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "5015" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10785" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "19012" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "7917" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2718" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10891" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3862" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5098" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "27911" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "408" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "29388" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5015" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "27829" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8712" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "210" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19696" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "19608" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "410" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9441" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9441" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000b480f122fed9bf0d843dff0474bbda6f524fc5c7e89a7e690a8b35cc33040b8f000000000e8000000002000020000000b253bede0da903212c9c46f0ad2eed841b2e769b2c5f3532710d7000149afec590000000dc2531271b5033d5c726c052920cabb1a3f5fcc3f5fe21006d2b547a9a0ae418c00a52e407e37991f5153317be150602f4aaa96334d845481f2c6de63c1c886ad44b21474e4babf8ce2c5d5789a99142392a2da23c286243e827dd8c79f0309a3ec89d546a1ac7fc64540f9cf015403de6380051d2659f62c86999347f2b2652a0141b2038fb618db62c89fbf8f4ddc240000000e8ed8d646996ef5bf908791ebb688a096f1b08c5249ec918bc8237544ce2a981be77f818c7dbd48ce78513d893b98c0fee34a4e3e9e12eee83d0db30696f0e53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6466" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "8712" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1646" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2972 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2972 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2972 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2972 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2972 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2972 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2840 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2732 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2840 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2840 wrote to memory of 2588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2732 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2732 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2732 wrote to memory of 2560 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2972 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Windows\SysWOW64\drivers\vgk.exe
PID 2972 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Windows\SysWOW64\drivers\vgk.exe
PID 2972 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Windows\SysWOW64\drivers\vgk.exe
PID 2972 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Windows\system32\cmd.exe
PID 2972 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Windows\system32\cmd.exe
PID 2972 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe

"C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/staffbesting

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.staffbesting.store/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\drivers\vgk.exe

"C:\Windows\SysWOW64\drivers\vgk.exe" -map C:\Windows\SysWOW64\drivers\vgc.sys

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.staffbesting.store udp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 162.159.136.234:443 discord.gg tcp
US 172.67.219.229:443 www.staffbesting.store tcp
US 172.67.219.229:443 www.staffbesting.store tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 172.67.219.229:443 www.staffbesting.store tcp
US 172.67.219.229:443 www.staffbesting.store tcp
US 172.67.219.229:443 www.staffbesting.store tcp
US 172.67.219.229:443 www.staffbesting.store tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 client.crisp.chat udp
US 104.18.28.104:443 client.crisp.chat tcp
US 104.18.28.104:443 client.crisp.chat tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 172.217.16.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 fe0.google.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp

Files

memory/2972-0-0x00000000770C0000-0x00000000770C2000-memory.dmp

memory/2972-2-0x00000000770C0000-0x00000000770C2000-memory.dmp

memory/2972-4-0x00000000770C0000-0x00000000770C2000-memory.dmp

memory/2972-5-0x00000000770D0000-0x00000000770D2000-memory.dmp

memory/2972-7-0x0000000076F10000-0x00000000770B9000-memory.dmp

memory/2972-8-0x00000000770D0000-0x00000000770D2000-memory.dmp

memory/2972-10-0x00000000770D0000-0x00000000770D2000-memory.dmp

memory/2972-11-0x000000013FCF0000-0x0000000143A96000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96DB4511-D8EC-11EE-B804-569FD5A164C1}.dat

MD5 ca39f6544414f7facd8a9b36d961fbce
SHA1 bd6efa6d0a871aaa59c33d23ff59e4d5a64543c0
SHA256 27b5482ea34e433669f658dd8c651a344deb9bc5bad450ad5181f394e4017130
SHA512 cebeea623e7c36e5a0bc39c4f160f14ca19cc4ea229b50081324ad28dcab59c6deba2a70f91261ef25d5499d3ee477d13499f95cb14dcf11e64ef20526f3539c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96D8E3B1-D8EC-11EE-B804-569FD5A164C1}.dat

MD5 41d99972a76be8da9339cf27da974749
SHA1 35aca489b3a0841aeb86b713dd355d41730170a1
SHA256 65634af3be81079cb4271cd39483dc35f0fb7048691068734b720b8f0d189b3c
SHA512 f497dad03906baed948f430edfca5b6d8f80aad8001f6f3eebdfea343f77f8f11a1311d8dcace6f452930b37a3754ae12a10342766f352d8b3c4a26f95696d76

C:\Users\Admin\AppData\Local\Temp\Cab2C3F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1098191a1d7cb1d16d88da61dca43582
SHA1 b9a00afafe59626dce7e264aa18e402914c6be6f
SHA256 b7ee8c965e89cd36688db1fc7963e3d3af6bd3fb608054a4b9715f4499b18ef5
SHA512 4d259bf126de504cd7d70c07bd9e5ced388c908327b04cc8a4d3d8a243469ad5f956fad21cd6ef52b8f6fc8f153eac1ef0890265304533dfa4dd3965fd43eb02

C:\Users\Admin\AppData\Local\Temp\Tar2D6E.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449c03591b298d704f603bf517113817
SHA1 ddd80021f91eb27a5ff074bc527fb5dcbbc2be7c
SHA256 2e0e7d9c26d787c45c024527df5a8d2f25d4a516b338c6cc35a337f7167d75e2
SHA512 72466486da9ca9a5e7d8f5455ce5bc0ee2207c14e96e23b5c093ef9f2be6c62213a41772a88afdc34153a93f90a00a3fc3ecff96542f0cd10dfb4511b37c068d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f045c8c47f69a4800945321963be7f11
SHA1 a717e1df72e09c1c5ad697ccc5cc0d07d717fe1b
SHA256 6fe8f21b92f3f51170b259dc2c021294ea814060cff00aa66e5c2fef1019fa2d
SHA512 1ffbf4264ca18f871c62941b364df84f1431392fe0b90dd150d8f5759209a864985d567f5f875c026274ecb4baa24df7872ef077867efaf41f0d0701606322e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 59775ac14d3032ceac77a7b8afaaed36
SHA1 993bd26dd746f0162e75e374d12e6d3c603dbfa4
SHA256 0ad947f916bafa84dae39bfb9bd5d5342175f24156387a374084a5768b512dde
SHA512 8d3539bf30ba626469e47bf0ce8de5394284c32145cff0bc589d5d0a4f1430f530bc30ec30ba0d9d72bbfb5c688e053a1e81c636583b183918968fbddf2ac153

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 e07069be83424d183d6fee2779af112f
SHA1 25caec76e3131d2245385b38fb3149c3153df55a
SHA256 a59ce089867706567b7a337c838a0193e6892efeab02244d8ce5981af13c4f29
SHA512 68daf795ac6bd013453d0dda186342cf501e2df519931d53495db04544c7ada7145cfb43e3d394d5237758bc2f565b7c9181215036fe40582e086a2d83519eb5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\www-embed-player[1].js

MD5 de06dbf592308666f0988c6d1eabdd3a
SHA1 3f4f44359823aae52e42ff13ff0201beb2dd1033
SHA256 e17e6c412d2159ad058eea653b9286f8617781dd517dd07b2171d669c8c7075a
SHA512 78f9d304946c8d9104f6045c90359a1dba2aba5e0b1ce0bf5da8488fa1124158183822d8eaea8d3ccadcc4dfc0c1654ed209dbff8521f2a0448cb76b4d8f57b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\base[1].js

MD5 81bde680d4c005cac31afc3db47d9750
SHA1 513cc0bdf9d23a06d24d6bc6e85a484189ceecc5
SHA256 1b3ab64c0a9c3d39734e3311b6c816d6383e3659944c61db0becf54128011153
SHA512 805b23f70ef87d108e05da25cb1febe718b4f817232a27808eef14af61dcc11927584dc1062861f2aa49a364606f281df4a9f903a3eac8681d169e0d73779ec2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\favicon[1].ico

MD5 ec2c34cadd4b5f4594415127380a85e6
SHA1 e7e129270da0153510ef04a148d08702b980b679
SHA256 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512 c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

MD5 1141fd116103d5571e697084b0c60548
SHA1 9c4676d86e64463560bc77f0995109b29910b9c3
SHA256 10665b3c3b4c0b60ba7edbd13df0bf848e1334c858e42543334c949cb3c420ae
SHA512 a08122a8f8bbddc9a5bb6ee558489cfed875216a79ecf5097a800aa5ea617ada8fec985104391491950278399d113b5d0267b47660cbab6ba6277167b84c3b16

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 72e5429c28dfded05691d4fd54dae747
SHA1 f1324ff18649b2e244741e8e33568e99013c56f4
SHA256 37a54f16a9a89ee63965e92495f916990572cc9278a83ab66183f3b60136db6e
SHA512 66ee002002478af1a77d4bbcfc38fc1297d555cab73b8ed62b80bdc4eb299423ff2b122b8b281d209260ed5c08510b0961a2d62ac48f58bfd100763491c9247e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

\Windows\SysWOW64\drivers\vgk.exe

MD5 34cfbe3ff70461820ccc31a1afeec0b3
SHA1 5d32e91c039c9a6f723ba3c04c1179d02e6a0ce9
SHA256 6ebcc6896b243c761da4fc28a26249b0c146ae17aff7697c09bc447008e831df
SHA512 1ca4661be645e7e954d89c83f1fd126a5e936533052d4e330c9faccb83bb5942d28265375cee743e468b1625a0c1f10888e7957fe88c718e8501a86a78cdc06e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 7e5233cb11a9154651c316ca0408fd54
SHA1 a7849a904192b449cb633470467ed5f74d38c240
SHA256 cbb837e836d6594a37d8a6549aa7db492f1574a89c76979e04db288de9b71ee2
SHA512 a34b5b877f621810cd97491b4c61bc0d1ad9f449e9213dda46eaf0ffe33bdd3c79368767e99b03468a8beb79d105caa29965710355f0ed3ff3c1aa53fc79db6a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\W2saUlCHPrwfSQolgK98GwwZfS-SgvEgijguMBUFd3Y[1].js

MD5 1d1a6022ef26adb81086f516e751ae18
SHA1 bae7c8182b8698a404bff5658d4ac063611e56dd
SHA256 5b6b1a5250873ebc1f490a2580af7c1b0c197d2f9282f1208a382e3015057776
SHA512 96c949095964d453210d9f6bd53a0139f95ccc301e018a2ccbc5df13271e127ec4ea19a68f6c675f8fa5f1f0ca622e1b22d30b11bfadc45e114d2433c1e72d96

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 f473b2e9b8898dd35c7e7afabdd6785c
SHA1 c0b5f0c10d5383521e16300203c83a682d9a3254
SHA256 973b668783337015fdd0ab183d4d5f4d741acee25b6601f85b0120dd921d39e6
SHA512 fa35827828f3bc5b09420d9ced33dfe657b2aa24855f23ac79948a94f20200c1a0281b86373f3be9b4ba2974ae528177c876899a38916d740f520eb1ebbe2f13

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff

MD5 de8b7431b74642e830af4d4f4b513ec9
SHA1 f549f1fe8a0b86ef3fbdcb8d508440aff84c385c
SHA256 3bfe46bb1ca35b205306c5ec664e99e4a816f48a417b6b42e77a1f43f0bc4e7a
SHA512 57d3d4de3816307ed954b796c13bfa34af22a46a2fea310df90e966301350ae8adac62bcd2abf7d7768e6bdcbb3dfc5069378a728436173d07abfa483c1025ac

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\KFOmCnqEu92Fr1Mu4mxM[1].woff

MD5 bafb105baeb22d965c70fe52ba6b49d9
SHA1 934014cc9bbe5883542be756b3146c05844b254f
SHA256 1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed
SHA512 85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\embed[1].js

MD5 62a7f4dfe0fef0aeae4f5f4a91b18b03
SHA1 c846185620fdb8248ce8d9208d2037dcc1b649ae
SHA256 3431bee7e5352c420329536cc14790e5eded608e2b94b77e5506952b6ff65dff
SHA512 42f703471c106184100783b5aee8d5c109473796360a5b3200134e5d4f6f13eeea5d852a94c79cf07f70d697af2c5c7d49f090b01583dd080be2bb2d833e9058

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\remote[1].js

MD5 686d813b55998b025750cf2271e79b23
SHA1 916773add658409ebbf5704f06a1b3d5843495a8
SHA256 981413e51edc49d3d5a048d113f0a9915a8c0ccaf1bcef6f657948fd4017a798
SHA512 ebb5a6c00b4351a88196fd884c915189131b26d042f0553164215aee6cc0344eb3f51c534cf6a5a302a03c4335c7cc7bbe580c26dbabcfec363536f876f7bddb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 725b766d90b52b37f31d98727ff8908f
SHA1 5480f7d2a57ec87452bca33889d79c59f4d865f5
SHA256 f951234ffb41ac27be504f09f68bfe3f0ea3f662807583e3ae590347546e17b6
SHA512 3680c29bb23869daf0d470d7050eea32834ca63643e1c31d92ff41633be10d936349c9471b6da521f8789e08c9c1e15eda5197a6dc9fef179bae9dedac97ce81

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 d8e4f6664fd82e916abd124a69326a15
SHA1 d057c35a65fd173756dbab074d969ce33cba7e0e
SHA256 7f83a45966a6b3d08c6619b92e10a8ac784cd073d299ee22dce24e81bce24035
SHA512 a597c9846f23df8a390dcf2792063238370c78585898e02627945dadae936ea8a0710d018c82832e42fc0b90c205169307d1a33cb9393b28062f2d6474d9abd9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\staffbesting[1].png

MD5 e26a92140b2753256b8adf9b89431ccc
SHA1 2513f7bf45efef4b1c840d0fa154078d73c6e7c9
SHA256 d04c5b19b0828d10fbe26d975103bfac88cae393a3183a8e1355811b79309c2f
SHA512 d0361dbaff7ecd47f256c93498c79d5401a55697d5fbfb709a305d26e9d8aa35f479046509cf7c2eaf5bff2db86c7016dc1f70f4431eba560a61c89f7eadfd61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fd46bc16355a7411cf2e06162e62d97
SHA1 71ab046126b08103094e1d56babbde02e36cba87
SHA256 bccaa5525938e702fb7ab83544743dd035a6e8d9871d720afae6007cc03d6a5b
SHA512 e4de9a2faadca5f01ac3b1e730c4d69148f74a9321f1738290fa1e498ce2eab22986a506820076bcb51f5691c544579a85152fa75f827299e127f31ddfcd92e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 382b33a74ab9579cd75a97efe1abef9f
SHA1 b09746c04c36dea0ac79fdd840935162c85fbb22
SHA256 1bdb8e5859b7d2c8a2c02d2e8dfbe14cd32d7484fa60842dbb7da2758df08a04
SHA512 cc81b2edec51a9c5952bb7104896ee533cdae0b4f2820a9124560003766679222dfe2d829988821f86b1698fc2e10da698259e42a1e03dc34666dd5f5aa5ebda

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 a818dd7d69562debd2cc5a6a385662ce
SHA1 0329684b911f4adcf7fb190a7b8675e9039963f3
SHA256 bac5dbc848ecec6177019013d3a3088aab2ddfec9787b6b0ae404dc1571b4dba
SHA512 24d61f89139342832fd31ef85080eb4e631a17281bd1b053e3744080a58455b3d0a3af5b4a2c84e874c32fd66a9705ea8cb85299b57e055fcadec4e9b24db5c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69841a09bb9680c239ded6fae2eb4fac
SHA1 867c8169ec78f285b79bd4896713b8d7f35bf960
SHA256 3df581ca2b081c4303659f4ce66f67e60b54b0070dbfc081b3c8abdac3ad2443
SHA512 3e27263a10189ae081fee87b6f514b760199e3f5c6ec7c895bb75bfd011027196dbd186fa9d76a19de941ebf05969e48b90d72c17ef0286bd4d90b54fa9175d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1684875cc40ed32f67b300b7aeb48200
SHA1 fefd44df852ad1a073adb1151463a5763ed68a71
SHA256 db344d76bd88531e2ee65c76507f9df4fbfec8db3bd282cfbfb8324ef8bdcac2
SHA512 d5fc643b30ea98729ed7cf605fa3ef658e5adeec4e54ba654d2e336d2888c1d50a23efdcfce50e330a4ddae39e91d65ea92f8caeb51a108fe8d00853e79174be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ed69631a87a3d83dc51e26564c2fe63
SHA1 b2ca525ea061ddc56a4b74734ab07000ae75a850
SHA256 dd17f9fdd28a6c82ac3236f85ce8442626b0a5aad16edaa5e6c182e9bb1f48fd
SHA512 39a4c40f19e62e2c99554f8ad9ec4dd4f47a4ca80b329d7b0aecf443482f7c5f6d571b2e204d5caccd537e5a953b1a21eed5e53fdc8462bfd55c1fcfa5b24bce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fb6703f2bad1c3cc5237f579267c33e
SHA1 fa0f40f20ea72adcad64d3dcfc3a1d0265e2d8b3
SHA256 58e8208019fb4ce0dd7deb7c11e5debd6bac6dda7faa250ab11cd6ab14594ba5
SHA512 dac21fc63fa1c223fe8e0447e29ee3e3359694fe1263a317874b8eab0bba77146e316242ebda962b3ae5abb079fb3ccdc418652d017bab96d0e32cf7dc0b1b2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80bcb52a83a54cac071989605ebd4429
SHA1 3fbf41fd5dcca69d6e38e342015c95682d5eb141
SHA256 772fb5700ee9082a10ed3e12516ffa8b174e5a103ede51b1a60b39073ebe459e
SHA512 3b9ab7adaf497382d4f35a6bca05611a356d4ddf319c6ba4b3cfbd28495b935c03b2e6a4776953954bfe980b30d881d7d6098d056c638fbcfdc900350526fdd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59aaa19f0a269c9705618f97340281a5
SHA1 a08ebed1783341d175c04e145e4171819a5951f1
SHA256 f1adc0a420c03df6b52cb21d20bc13b2e8c0c9b3e048f424b116e30432ffdae9
SHA512 d70a166ddf5ef1c7a164831dda7c52b33711a4e2ccf253454936442152bd20b18151f1243dc2c2957e04d72cc24430859ea707184ea5c9a234fd6818a0831610

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12b0a07aef149714f7eec9eb2332df11
SHA1 b281dae838b4c374cfb8f4c6e37680b9b0412ae4
SHA256 ac6138272f6b807c92231f9703f24fd7c9d3a345205961d50f9d802c5ec26937
SHA512 d5bf6caee7dadde2bb21270ccab98bba27c7d94a37db420063be119b0756a2ea3c7f7826ba0d0b13d5b66be190010217801b741134bcbc930c8b8199b8721dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 557d631cc3eb3ffd56dc2726ecc22671
SHA1 1512cb1ea850551e11a1b21b977fec1fc26da072
SHA256 4480cb50c0f0f9484acd2b037fe022bfef53beb972af0d65d8f27b25d4a526b5
SHA512 50c64f6ff85922f15bee663a50c2bb1497f82338e45b0149f49bb57bb7b2a612d4e3d6fbf3ed3a9be1527f492f7333b7db5135599449b61275bf3e61da4b8272

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 4c328c1b133c5ccc9d381c98ef7d99cb
SHA1 bc70a667903d18d4251d120279c1fbfd1369a174
SHA256 5173c77f87c213af1eb043dbe6a44044e6b38f67fc5f3991d39694f38158d3fa
SHA512 7d74192bc52f683883f82a6cda7d81a766b471e1a9e859de76123d9703712863208b8deab9dd380a56363f357b190c2272780b463548575e87f21a74850a6562

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 23763d410a118357c3186166ee18ccde
SHA1 f607e27d770f116a8749cf77b6985cd4bfc9b5ab
SHA256 3373dc0fde901b1547416fa43e0086a3c4f3dc0a92ae6a790716af3e1f9ff7aa
SHA512 2f8ef11fc02112de0eded9a1f383275872df4223f8ecc99bc4fffdad6557d0f8a3020bcbfdeea44259050c2a3347e39f6d42830ee11a8dd294cd3846ec5f6747

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 61fdcb31603d580ceeb5b626083cba21
SHA1 a336e4e10d0b9241670d562887d7dab09ccc77f4
SHA256 c14e727059cab9fd4dab2280aa688f25b53923fa41b27713288696506af9a558
SHA512 570111bbbf17a99a76b2b5e663f17b2794e12c33bd26d164cf18bf3bf521511748aa2aaaa9d02fee57caf20e51d6c4ec7b1d77c9e4cbfba11dc2ee1c3956ccf2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 cc08f9f16dd61f54de8d274fed0c586b
SHA1 e586d878d75dee129c9ac6f52424f0f7b4ced30a
SHA256 62fb1607560f3788553509c8dc9c0fcb93f5b86814fbe852c77ccd7de67eb4f5
SHA512 7be470134dddc6322ec59f946983ffcb0fd1b54b48206431331dae870ce9793f372234c450b1680de544e0a70a6f8ab62aef3595e76d35e0eb792497446eda3b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 8cdf1fafff5849347c0d144c3a1e6a13
SHA1 7de8aa01be50d9b5d79f1f8e76bacbe5d81d2ab5
SHA256 e0ff32e51b8b7a409b1831ce991c00f655fc2a587c3c05c7bfd9c24b36fb0da3
SHA512 30e58458f7586318496a38b9d4011f88c33b5ba07074f9c0fbd46fe7fac909cbadf52a3c8aa8389d82e1a2670cc3257d9cd44d181cd914443f8e70bdda5ea47e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 2ea42e0976705d8574946e42879c609e
SHA1 823dd9ac2e540f5ae0e2f35c308069eb67bc66f5
SHA256 6e3d682c0f095ecb02120b22edc6f2abaf17edc4f370f85683ab9dafd399635e
SHA512 ea2fc25b5e8c5521c28fe6fea75e435d2d0337c01460c578f5e030f7302d6587038821861941d9584a0e0cc749e424e50e3d02ff9cfdb0343cd2ca956beebac6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 399e9f033fd91fb6da76083b7c58f813
SHA1 281da9804a787ce61b1d2bfb417b94dbb68140ec
SHA256 a8f28b0a59bea241ebb256e7cc2ab0a708a00104deb83f933c4809b06ddda174
SHA512 f3734894c0f4c228d5a84cf554116c130136e22e1fd7adb01e952d0a34f68df04a5dff24a73093efa4b816b9c4ce15284a569a6326df881acfa84f5c866dbe28

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 0a5f393de5122bb17a432bf743d7152b
SHA1 b89ef84a1a9d729696d0a170c03a123f628c193b
SHA256 dd54c391e1d3282c2c4657726f632afbb6f19658523a1ed905d016bb2b85c257
SHA512 9eaeb0c9cde3088338e2b3d5a03a9852798a355bc7daf08acff0e1f8458f9e00a58be1aebb512ffa23863f55bac58e87b219f8aea646f3a0d9a13a237473d4ef

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 752796a84b8928e64fb1872cf9d21cef
SHA1 4abfcb8d0ca5e306374a232a098e67b034dd5921
SHA256 6beaccb9611851fe543ef469f4da29d74e2a275727eb937ea21c06e314a210fa
SHA512 397a90703edc2ea16eb0053d4f17f85d2e0c72fca37464ca57b82b1c9a361acadf1c3755de48009c2089c02b59b88d88c76c330c8b77fd7173bfaa575d1f1cc4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 198252dfd240106fd59e0abc54e8fad1
SHA1 5c8e41b5150606c6539f9e8afcaf7e1d063cac21
SHA256 1a7021de29163a6a04bfa17c92596d3a8da30d8eac006a9579dfa2e511939b83
SHA512 36d99e38106ea407593caf5637e7527fdf74e7d1187eadac18a2b128a0f7eb0f3fef0e3114e029d92450c9648f3b2f09f2ad92885ce2ba8a107576b4eb8d5d56

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DQ6XXB26\www.youtube[1].xml

MD5 10e0fe0bfeecbd8ed20421acb1fc84b7
SHA1 38c6412b42a1f66c3ba46bde71f5f3cba243bcb1
SHA256 0cd154f6c70e417d05ca92c9e0fde5a7417b9e3aeda4960e9ef8af6fb73e3ed1
SHA512 a3cc4bd2100a0e34cdb15c7613129f6294547543253395812b278bef06290190ef624bbe2cf55bcde76171594d8a37ddd0134a8289da8bbeba5082cf49840a4a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\fontawesome-webfont[1].eot

MD5 674f50d287a8c48dc19ba404d20fe713
SHA1 d980c2ce873dc43af460d4d572d441304499f400
SHA256 7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979
SHA512 c160d3d77e67eff986043461693b2a831e1175f579490d7f0b411005ea81bd4f5850ff534f6721b727c002973f3f9027ea960fac4317d37db1d4cb53ec9d343a

C:\Users\Admin\AppData\Local\Temp\~DF03E64AE6039F22B9.TMP

MD5 fa7fb77fac83ba1926e976bfcd872387
SHA1 1994319adbf46ffcd26093c75fc25017e3d3f80b
SHA256 d9ce8b12d8ae0ef38d59bc88e39ceca4f49899d67a2dc650ca30f44870cc7f1e
SHA512 3011f59d9a34ae2c8cd6824143716942fef65abbb276bd9ce28e83e373863eade40a9ac8d4c2ef42409cae2cb70d6ecf8a9b95af58630189e928f8c395b7e4b2

memory/2972-1654-0x0000000076F10000-0x00000000770B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{96D8E3B5-D8EC-11EE-B804-569FD5A164C1}.dat

MD5 7d767ee401f6af0ccff4945955d9b6b1
SHA1 ee95178b2009bbfbf5e3cdbf81040994032787df
SHA256 7f09ce292a477a5b8a1eb352da8130377477110484aca9e062db91e4d0a3dda6
SHA512 7b52136763ad334cb0df0b8aee0bfcda23388fbfa0e8432d3e2f197ea27cc918c0b55c8c7b2fe0109a65697d425cc45c731c9da858ef73b0c97a53ca1aaed361

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{E63C0050-D0C6-11EE-B650-C695CBC44580}.dat

MD5 bf2536c5a095bdbd200a910f86487dd6
SHA1 564ee8aef9db68c15a5c23d566130060f824a307
SHA256 9f72035e6407e03927cee035f08fb4e16e0680e5404518ca4c430e5831286cf3
SHA512 6867939efb72a23c379ba1609602817331887c25dd8f19e4609a401e71ae19f65a447eeb2aece600bb5e087e507699f45212f97c205d0c13c7fbc915d58e3123

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\re26ad0\imagestore.dat

MD5 90ca82c31cf7b921989a29b17674a65b
SHA1 33f7e8bbaf7ec5bf21a09a8ab5a95bf09f3e919c
SHA256 419709febf0798766cc09c665ab2e9a14cc5988115eef53230870fd3a9e13a5e
SHA512 fd2ad108de54c4e8fea64ebb540717dae860304e21ced7f161a3e51293897224d0a2997b0df09a887061ed5ccf842f233d0791ba4ac0421b4f116935af1b19c6

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-02 23:28

Reported

2024-03-02 23:31

Platform

win10v2004-20240226-en

Max time kernel

169s

Max time network

174s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\vgc.sys C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\vgk.exe C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\Taigei64.dll C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\drv64.dll C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\vgc.sys C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\vgk.exe C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\Taigei64.dll C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
File created C:\Windows\SysWOW64\drivers\drv64.dll C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\JcSnzOoYxljnyuzoeNWoruyCoL\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\JcSnzOoYxljnyuzoeNWoruyCoL" C:\Windows\SysWOW64\drivers\vgk.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\HRekFJnYMT\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\HRekFJnYMT" C:\Windows\SysWOW64\drivers\vgk.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{58EA498F-B97C-4AF5-821E-8E4B89ECC0BB} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A
N/A N/A C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A
N/A N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\drivers\vgk.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1464 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1464 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4192 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4192 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 3776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2128 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe

"C:\Users\Admin\AppData\Local\Temp\ST_External_Loader\ST_External_Loader.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/staffbesting

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.staffbesting.store/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9239789805851444924,2423615285097300152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9239789805851444924,2423615285097300152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4752 /prefetch:8

C:\Windows\SysWOW64\drivers\vgk.exe

"C:\Windows\SysWOW64\drivers\vgk.exe" -map C:\Windows\SysWOW64\drivers\vgc.sys

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:8

C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe

"C:\Users\Admin\Downloads\ST_External_Loader\ST_External_Loader\ST_External_Loader.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/staffbesting

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.staffbesting.store/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcd0b346f8,0x7ffcd0b34708,0x7ffcd0b34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\drivers\vgk.exe

"C:\Windows\SysWOW64\drivers\vgk.exe" -map C:\Windows\SysWOW64\drivers\vgc.sys

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,2505363212284649027,10853990753423311290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ST_External_Loader (1).zip\ST_External_Loader\README.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
US 8.8.8.8:53 www.staffbesting.store udp
US 104.21.24.184:443 www.staffbesting.store tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 234.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 184.24.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
US 8.8.8.8:53 client.crisp.chat udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 104.18.28.104:443 client.crisp.chat tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 104.18.28.104:443 client.crisp.chat tcp
US 8.8.8.8:53 client.relay.crisp.chat udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
GB 172.217.16.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
GB 46.101.18.133:443 client.relay.crisp.chat tcp
US 8.8.8.8:53 133.18.101.46.in-addr.arpa udp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
GB 46.101.18.133:443 client.relay.crisp.chat tcp
GB 142.250.200.22:443 i.ytimg.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 172.217.16.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.200.22:443 i.ytimg.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 104.18.28.104:443 client.crisp.chat tcp
US 8.8.8.8:53 client.relay.crisp.chat udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 46.101.18.133:443 client.relay.crisp.chat tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
GB 142.250.200.14:443 play.google.com udp
GB 46.101.18.133:443 client.relay.crisp.chat tcp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 46.101.18.133:443 client.relay.crisp.chat tcp

Files

memory/1464-0-0x00007FFCDF650000-0x00007FFCDF652000-memory.dmp

memory/1464-1-0x00007FFCDF660000-0x00007FFCDF662000-memory.dmp

memory/1464-2-0x00007FF7AD4E0000-0x00007FF7B1286000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b206e54d55dcb61072236144d1f90f8
SHA1 c2600831112447369e5b557e249f86611b05287d
SHA256 87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512 c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 73c8d54f775a1b870efd00cb75baf547
SHA1 33024c5b7573c9079a3b2beba9d85e3ba35e6b0e
SHA256 1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94
SHA512 191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

\??\pipe\LOCAL\crashpad_2128_MKPGOZPOTRPGPHLM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf92732dccf77eb31594e50510160190
SHA1 5e9f66cde6b90c02a7aef82c9251344c86754a7b
SHA256 5f01051a883d29036f1b31923bf8c3c17ae66de50ea1a396b6b223645cd0e224
SHA512 43d67947b1482a3a1a55ffe4f1787e8ea0c5044f45c95634f89d46ade2f0c86711482e77243fb9c8ee54deb8bf420bfb518a01a0771aeeabc470025cddf2865f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea9db6050c6fb01592fd4be01e4987f4
SHA1 6a1b7dc18103a50b2dad80012a43245682c99488
SHA256 6c365ea7d590f482ecaafa9a55078eae0da3195a04b9b2cf5608200a19e8faec
SHA512 b182123bdbd5e74aa84cade548a3230f17306cc42d11910aceca0551639d06b3938471a828d0c2d9217e8c0924b30d4f659cdbc53a3fd7bf32f8d692219c21e5

C:\Windows\SysWOW64\drivers\vgk.exe

MD5 34cfbe3ff70461820ccc31a1afeec0b3
SHA1 5d32e91c039c9a6f723ba3c04c1179d02e6a0ce9
SHA256 6ebcc6896b243c761da4fc28a26249b0c146ae17aff7697c09bc447008e831df
SHA512 1ca4661be645e7e954d89c83f1fd126a5e936533052d4e330c9faccb83bb5942d28265375cee743e468b1625a0c1f10888e7957fe88c718e8501a86a78cdc06e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 1862a084867804c6446e31f801a6ca10
SHA1 9f0addd7e5407ad6adc297d83e71864bf5d234ef
SHA256 fddbb692490ae3a98abc3505688261ed1d9de4440367b2b83dfc26237dab2637
SHA512 110160df85746bedc1b5c56c9837a0e6850f47b27b18b804077179821932ea5e4317d1e42407304d3b96f9848504f0ca879c02030510f509d6409285aa90d144

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6be42159e6ce6c13e1b5bd603748f2bc
SHA1 037241f0ccb46aea5aa9425591c34d92c8b02703
SHA256 48fbfd6314b324059d12f268e911eadb88b48630b34b0da417df1d30ce4800c4
SHA512 5142e4aecb0f973bfa6432e2ed63fd8251936a4efcd590010dad49a0d8cf1cbd418da0d28252a9c1156c195c6067836c2e8329008fbda981d713e1fd94e36179

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 afff0416884335ae591645c3147c491a
SHA1 352ee8c9be7754e16240ebccfb7bd8a5cf400885
SHA256 c8d26cb5fbd895518540558dc4ff72a942f1fd8e86f8e7b8360e76a7b1d83d16
SHA512 8ef2e9a6fc96098a5528eba2c59a8faf140b781d443625343183a30b622aa79c25616d073993b0ef3827a5b025e8da96872547fdd4f9548910d9c26236dc2769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d6092254ee9530ab575337040b40de4d
SHA1 7e48ca492753554bd055bf04ff14b97c2e504c2d
SHA256 6a9805b79236f2ae1f4a141e50fa9134d7e72694fd41ba999f8d9aba85f39c5c
SHA512 3992feb5f73959148b6a651dd8e5ef3b02602465a1be868011e09007247f7ee5f59a74946f4e344487e0a7e75fa4e705e8b6eedb8729118e19956afb8ae87103

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 187db50481a6f20c5814bf93e9f71c54
SHA1 a5c8539a719b78f3cf39b63153bf039e9f58ccc5
SHA256 0f64b8ceddcf9f6a43defa83ce0795c32e86e075634d0f3ad9da1f03bb0cf246
SHA512 0c984f1adb44b42eaf673190b513f91e89312f23ce30719bfdbb81a98ddd52a3117e9f70252911e71d4bb59ecb1119013727e4a7ab05d4b691fde6a27df7020d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58409e.TMP

MD5 45f25b9182825617a7dfc38388e1305c
SHA1 2dbe6ff46ed9d1a16f9a8ab11c55940f03fab6a3
SHA256 c968d93c7fe48f23a7c356ec5ac8a3973691982d3702096d2f4959818c3539ea
SHA512 cdf429ba46c66795b53c10559d7da98fbeea831ec4136e52e7bbb0c50d412aa6a5455b344e6d3af9fb9b13dd6fbb7ae9137b8ca050c120e1b8f9e194499ecefe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 87729e2030de5eafec196cf4e02ff842
SHA1 3a2e3426f0bc87fd3c8ad6e188f2b77b29137e2b
SHA256 9840b01ec24b97cffa71045d8df78ee37c92b300f21e7f914a40bc1a7b6ec95d
SHA512 c4c532d348113e7f3f4abcef3314a1a6f1799afc16d98a6026f68750d10fa028428fb652030087038f5b76dcbe37524219ac0ccc58e9783ca0a1dabe409ebdfd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6217a87c59eb577b077cff39ff8cb6d
SHA1 7116aca63fc3e7f3d6655c71c60ab19ad99afb45
SHA256 49085a5ded4fecd4b9d48c37ada983cdb6244112a0aa2cc1138ec3172ff58503
SHA512 75ea393b88cbf35016f5722ce7d2b398af35433f81f372e985dc21765990fce7dabd9d6f1ddf9ac38da3a3b6015953e723dc82f719ffe8ae8673abf2a85744b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\771c34e05dbbe3cb_0

MD5 f88f1ea7d40da78ad32b0d58abd70e2a
SHA1 e26e28ded653062f6a89f4c1fe375f705e53f1a5
SHA256 da059e1e88579ca76166f6a6c9b8715c433f861fd9173fa2875924c14f01c8ae
SHA512 2a57b9757ce97a1890136bc2db6424bf55fad9dd6b58f658ba2e2f3106fdf578fffd9fddf5362a7dbf2e2166652d72bfba7ced04e189a387fc02023faa8ffcf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

MD5 397fd221949580af649b3e7df8cffeac
SHA1 c6dbaa7fc7166e5fb11192961d19de0d4dc10392
SHA256 e893a86edeb4bdc408e055284bc4c52f9f7bab7cd5e5b01f2ec39144eafb1493
SHA512 5189e013a94a03b6f43544060b2875e2bd5ac15f81a8a7ff5dadf8ddda889e2855714905eb4c0ee3c00a2fc7777fa8652f98325b23e4e61fd424de205d6bb1ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e6ac46349140e24d9383f3e3d1eefa3
SHA1 0864c18b39e15a8d8d1b55a0c8d101d8badd1f61
SHA256 e11b4dd7576a28ddebc582aa6336ebdfd16f09c8dc672454bd4e7a3010c16f04
SHA512 8fd6c4d813473ef412a3f97331eec99f984061aaf7b24a5b6338bf5f3155537378abbbb559ca0e52ce0baf02cac83e3cc8f608881bf9926a6bb991659aacef0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11aafa12b39ef252edb2d3cdda93c99e
SHA1 4138d00ffaba398f16cc45e4da3e761214ee005b
SHA256 e19677636e41942c91ff2d97363924371a32a6af3da186fe5775058a94896893
SHA512 291d3c4715b2acbb94da234a60b8ae297fdfad37af5e4c5e0530a4e52f1f24fb66c69954cd8e193b8ca8b6c070114ae00a747f3ce4223e7c467a009eeeda73ff

C:\Users\Admin\Downloads\ST_External_Loader.zip

MD5 1370972a4470cd7f0b64ced09e766d51
SHA1 764a52875db05e4f87e97147a8adee1dd7850714
SHA256 38485902dc230174b16b8d1a059ea3d1612290e3db755f801df5925fa87908ef
SHA512 76818b3c7c7c03f230be4937847dbe5f1e2725bb3c353047e4b20962562be8aff4b080e3a2f22a0bc2e7d64d2a6e666d791db21407ee136d9fbe6746bd290433

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f260d80bafb4de81017d2049c8018b0c
SHA1 4c77f89577fc77561728aff4a89d401e82f1eae9
SHA256 742f5350cec8f531dc884853327425542b082d416df5355202a2b7a57f290657
SHA512 34c089ee0f8ea054815d28bf6b780f9da0fb785cc7a6570aaab8603ee1c77c7900baa7eba85741ff687f3b220b4b456b75f7baac83aa739d6fe5718ff3843e05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 72bbe15158230a2f4c1e8edede05ddf0
SHA1 4b797d6a8f9364d39be6b8023d92d3de39257bb0
SHA256 df02f53cc8a96a57c5c4576cceff876e9718f312b42428b908deca18fb659071
SHA512 b118d1beb8ffc2439149554cc5786f00fac30870ea8cabdebfbde1efea46b3cdfa769d29a2eb45affda593589b8263624369eafcae314c625c9709b03c7aa787

memory/5324-639-0x00007FFCDF650000-0x00007FFCDF652000-memory.dmp

memory/5324-640-0x00007FFCDF660000-0x00007FFCDF662000-memory.dmp

memory/5324-641-0x00007FF7000F0000-0x00007FF703E96000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0ce6e26e7049eddf802860e2b8a823ba
SHA1 5e0630ec6cb0727d8beabe1f607db9a4a49095c6
SHA256 053d9703552ad49bcdfbbb06e615ff21d9c97ce304ddcee6f61083b0d3106ee4
SHA512 e3229fee5c0143f7779fe7ccd2ad6547f718a16b173a949862da6e3cab2c62f160ea638f7943064f315d91c39589d3308dc068aec537918669828170a12d332a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 8de2c3401fef13f5c0f8e82a2fb76354
SHA1 f208974c5f866e071c838d0407a6a72d2d1ef1e9
SHA256 3fa1c740fe39c7ac18b90935c9d64505c77ab4b95256356ffaf9c0cdee5f7643
SHA512 ce357e11fbb1ddfd15be9d2534e392799b94af0c2ce614980e3c9124e4267857989662ed2b7e46e0697d0d3ee222e259f66f5a03d0f321152cb5622f5a8bae5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 6b0fdeff08bf0de6dd8dc05849aea371
SHA1 8abdea37a7bc81f1dfca8d58f1dee4e7d1ad5ae0
SHA256 ab1206e023a09177027281afd85d2997b8dc01b2a2e186eb18a22782f5635c3f
SHA512 2eeff36ca8aa374c413ccc5ac436986f10af674acabe2d9d0c26c176bc07edc992b3c2a6eed8b2e070bdecec35d62843ae09a5345c45e2bbc7b6c9138d917c47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\771c34e05dbbe3cb_0

MD5 bb5ad50368577d94e06d003a475b1c62
SHA1 30eab4ec4c7bd414fa879e71955345af4fc0db1b
SHA256 d2c7a93bf90f2cd244d5455c729b24a41dda09011e19f3112c86b8a808c9e96c
SHA512 5e457763b459bc5c455b7236619f62a992b35fd368aadb1ed18fbc1b547f991a565950568391c8681e5b9cabbbdf6b5cf7fc6eefbd059f0ed907b0ba349bab50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 56cf88a250e483d0b17bd6b3a5cf245d
SHA1 7ee18462db98275a742167c02a7bcb9b9cd9ed56
SHA256 287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a
SHA512 23ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 d323f20ae706052cfe4f45713fe4dc77
SHA1 1618b241811367956c5907fb0c71b9a9852e59b5
SHA256 926bc3928beccb2d62dcf12d7ef67f5bf8906d7178be928afb3585c4aa41936f
SHA512 76521a11c07bc6d1d8cf9ccf23ff64bbda66b43a72ba4f7824dd54538ea8d1eff77f819ced1096206084f12931391be1d8f6c14b7b62a6538721bf4acf8d762e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

MD5 0b29155e9451a6170ee5c5faf1fb0608
SHA1 de1f1e097e3b22b82e559bf1edfe728779f8e3a8
SHA256 8220e95dafbd28e1083ac7b740c7f7ffd0b9f3ebc3a5105e146810ade8859de3
SHA512 d4b1dccb76518a8a474812917549bca406038dfb6ca1c98b42def1ba0bd2bfc1406b50c2490dd975c2098e3a6759d86602946ab55aae161b5816860a9d49dfed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0

MD5 8a7b1bfe1c0641d731d27f963bcdba79
SHA1 bf1413981b2488f86ad9203ccc78e2da6cf8861f
SHA256 e1b7846463afaef1054c7d7f2e138b7f6c9ae3e4493189fd8ab5c2ad7973c46e
SHA512 f8fb77825b5f6af875ec43eb11cbf05d007da6b0775c36db1a18d70871fd8d07dd83b3105f6fbd39ec26ff2874d5f4999dd35834412abdef05b467ef9a531190

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b7ecf875836ce39f1e82a668b586b9d5
SHA1 4e1b8c3f58e41931156b6ae86fd70087621bcde9
SHA256 7afd7d699fe172af8c4cb33cd38b508aa1c0e7102cfc1736e51829b50b1164b0
SHA512 30f8b4b5c5286d65eed09bc90bf3490d95177ea13133886921144a073d5a0d75018647d655f28f22c8ef97bc861f8a0e3abb0d538f00aa0f873defbf629ab696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 247d4cd542018dadc6b3555fcc9fb0a4
SHA1 fa6808abb2fab1d0f6557cfdfde3c18d3be1965f
SHA256 a1ec409999acb15d0e5d4132bb889f7a1ef2ae43e1a9642e6ab320fe5e42d95d
SHA512 fac1bab82609f3fdf89e827dbbe55bdc93c7c8a2d1d7943c5caea1fce0b9e02484bd387457b0c830d9c909fb867f2f73f8a9146d40af17c450f877240151afa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 120ffb315fce02a9f442010ca7308fe1
SHA1 663eb7a285313bf43cf8e4efef2564545419c0ee
SHA256 871f60e8f1369b081a23448937f14d52fa12b16d685b7ce0b3a330ea6d49b341
SHA512 db393f1fda9aa65704776c7a790f60ffb709a6ad15ea81913698339a59d2ba3bb6965ebc23f40312574d21adf8f6b4bae3d52101209cbda892053e06c352b35d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 7c9c2326c5f918d3bc677a4c908ee980
SHA1 6af5afd9baf2b21f92a4757e6d66a401caab78e2
SHA256 7cb3fe57e581e79440c6bf6eb0171c12584ebb87c66fec9436ea3fc518d4b2c9
SHA512 ef1078cd8d9e8a2e6593eccd51eb6d0e517a22fa28e36aa795cd3cbdcd0f52c76eca96e6bcd796be53e83ccbbae6d79a84aeaa75e1f66efa4239a6b90bfbccc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72168b9706c2001ad852580a44978a0d
SHA1 b65d1ee31a49c3b43f2b5d7429ddd907efc05301
SHA256 088b5c74ceec246282716c79e7709f346cdef72ecf5dff71cd80fd2d4b23ec6e
SHA512 1352f6089a4961d9c79dfb6637e959805f17e0d8f659c1905e3968cecb62cdd04ed10e76f10665a68391d975d6771fa55a06c99fdefa26468b25baf5d0af1a27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 27c292bcfba8ac0e094128b4e34f4685
SHA1 d7dd4371da338955c631154939f21defd4b1a3e3
SHA256 b778ca76a51bc900ba7f214647b93c9af927629428277bf2fc64a1c83ae043fa
SHA512 12d56315284c5c643d93358fb4207422e7aa8272a2e9cf8b1e1a7e644b557ea9a06f93b4fcfc651d9e39d9782a455914c861a69742e70f2847df6a2339c5bccf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 31cd9b726920d324041ca7b784c45c66
SHA1 7ccaa2ff92d95ccecb4b1a13fcf6fa2e4fb4c3a1
SHA256 68948050d26a3ce423b2ec3491e6d402d2d4d8920e31d92a62790621ada872ec
SHA512 4705e43c116d432017f29b8847ebeac48441762a8fe61cb20867129e5d3ff40682117b29875e32ff4217166222bdb08b613894d38cfe4f143f1c170548c58388

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 d1d6b4a0d376e5bb495ba3763824e41b
SHA1 340b69289527efef2a2ab795e5cc3a02430f8ea2
SHA256 296cf93986ec2f173e86eca025d7e887891040733aa0cdd76e89561e6ec9c1b1
SHA512 1f4f9f77b4fc152a93ebbba971770f14856bc39c2f769d6937bcda9f0b3272de9322db2238cea2450ee69707a9371323416e863e15ae1f98dfe70e0aa825a31b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 0ed12526246870c50f7cfbd5c283ddd9
SHA1 655b8aaa3499ebaad97f73ab742781e4e3663af1
SHA256 dbf37683c9131dde257613d4517056dcd9e768cf5e712696db4b9d9f47f27242
SHA512 afb04f671b8b2ad00103d9685aeffeddeccdda7731e65370ead0896f22c7a06b9c2757c0f47dbcfd06a838d2340c0d8a25990d53ed5a983f7a16aa0bd84f7c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a2e6f62120122ea7b674de6a448991d4
SHA1 a5d36673f632be9791938cd379228d9fdbe0e97c
SHA256 3092ab416114b5879144985952c8a49a8e58aff291c141597fac83110d3077cc
SHA512 628a06508335b4f2708c6830cd911cbe01d68c613b32e8d0561b68f07d55525e6016a4c5cac47772a0a48408f7c5e46693b6a15dbfbe9f8725e53fdf6077afaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 88e05fca2fa8b5bb294a2847a664065d
SHA1 c39626a2ecce096bee1a262369e1e868c6ff4b55
SHA256 0d7aef5227c1e8360e81b9ff8794af8ebb9c962e9e0e62614a8d00df529517c7
SHA512 6ffba65d6dcf91c716f421673828fe9c8fdf3a28eb1cba83e2f9716b41ffb38acf47a7203bc4f6a0d4e60e8b456af3dee9eb49193f9e1573413d1565cfd98171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be74c2dced721a11_0

MD5 611bb1d64fe8ab98ef8bd704ba5d4945
SHA1 e8fba1c7882221ff8172eb4277474ecdbefcc597
SHA256 477751345e71867accdf88288c28b286f2b592652088af27ab8daead2c1ff91d
SHA512 649d0ade658826ae957dfcb973398022f28754d2003b6282b9bf03f52d8ce550ae3146dd98063c6b8ef1e901a9d66b168e72d4e984f221fb04e13ee8256debb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba6446b5498fab31_0

MD5 02eaf5f34e19a798394f7a6c9c2674e7
SHA1 b5b859861bc701e2bf803f8b982a2f9bae3c195f
SHA256 22e596a6294f499a0a3a4ae4b061f9de858f4b76d9198a218116dec172e95be5
SHA512 8bc26bca7a5c93076106f46870fd6dc0b49ec67be268c39ad06fbfaeb142d7a22ec8e5ef927a48ea93383a470f6370306f5f0f7b8220a2c6161798ac76d67c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6082e2ae3b3807c059354537c39d5b9a
SHA1 4f6012e357c2aba3453653c94d304a01ea8238d4
SHA256 b48ce8ce051da6d09c98c4d8dff4c164cf172402582d8689c36e8f9fbe921230
SHA512 96c2ea8dbf2e8ab98beee39feef2eaf1d2e8357f5eadd4cbc52b0a76fcb97590def5d1d7548e8d299fd8bbfc9c0733833cb0256f212a85d585257365f5898a9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 076ddb0062652c365d87a2f486ed22ad
SHA1 28db05cdc7ba52794f07b53e094548a2a79a723e
SHA256 a4d91b6de6f8a6b300a8062814952ef4b19598b282c4cd2b3a26d16bd4df0246
SHA512 bb1ddd414b44629a1a2a12273a83f64786b13e77258e8df15f6fe53e9b8c5dbe4cf2fb7c235e6c2df77d8973ba525da7bb145485d6837478d1a6d94765552b8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6271b15a7300140de1511a76a9c114bc
SHA1 ec95b79f06d0633c05a5530eb5a60a713df4248f
SHA256 afa9cfd6b8aaa2ab0dc644f37d5a7ad76da9e50051c28b46b608b0db0dfcc5e1
SHA512 b4776884fdce36703c6d5540a3bb574c44881b1a3ac7608e9fb358cfacf4a9a0c2c30e6d40d73e9f3d99119140ca30f714fff20e7442c5bc38544d2d00954ee0