Analysis
-
max time kernel
299s -
max time network
300s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
18/08/2024, 13:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" zion.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" zion.exe -
Disables taskbar notifications via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 2416 zion.exe -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" zion.exe -
Hijack Execution Flow: Executable Installer File Permissions Weakness 1 TTPs 1 IoCs
Possible Turn off User Account Control's privilege elevation for standard users.
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection = "0" zion.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 119 sites.google.com 120 sites.google.com 121 sites.google.com -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\Wallpaper = "0" zion.exe -
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language zion.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies Control Panel 28 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\SoundSentry\WindowsEffect = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Mouse\MouseThreshold2 = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\DynamicScrollbars = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\SoundSentry\TextEffect = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\StickyKeys\Flags = "506" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\Keyboard Response\Flags = "122" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\ScreenSaverIsSecure = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\WaitToKillServiceTimeout = "1000" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Mouse\MouseThreshold1 = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Sound\Beep = "No" zion.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\SlateLaunch\LaunchAT = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\HungAppTimeout = "1000" zion.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\ForegroundLockTimeout = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\SoundSentry\Flags = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\ToggleKeys\Flags = "58" zion.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Cursors\ContactVisualization = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Mouse\MouseHoverTime = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\SlateLaunch\ATapp zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Accessibility\SoundSentry\FSTextEffect = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\WaitToKillAppTimeout = "1000" zion.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\User Profile\HttpAcceptLanguageOptOut = "1" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\AutoEndTasks = "1" zion.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Cursors\GestureVisualization = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Desktop\MenuShowDelay = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Mouse\MouseSpeed = "0" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Sound\ExtendedSounds = "No" zion.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\Mouse\MouseSensitivity = "10" zion.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{DD9D7BA4-BCA9-4CAD-8384-2FF4A56C7F56} msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings OpenWith.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\System.IsPinnedToNameSpaceTree = "0" zion.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 122056.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 48962.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 3244 msedge.exe 3244 msedge.exe 872 msedge.exe 872 msedge.exe 1960 identity_helper.exe 1960 identity_helper.exe 5296 msedge.exe 5296 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 2392 msedge.exe 912 msedge.exe 912 msedge.exe 5984 msedge.exe 5984 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 3796 OpenWith.exe 5196 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs
pid Process 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 208 7zG.exe Token: 35 208 7zG.exe Token: SeSecurityPrivilege 208 7zG.exe Token: SeSecurityPrivilege 208 7zG.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe 872 msedge.exe -
Suspicious use of SetWindowsHookEx 28 IoCs
pid Process 3796 OpenWith.exe 2416 zion.exe 2416 zion.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5196 OpenWith.exe 5932 AcroRd32.exe 5932 AcroRd32.exe 5932 AcroRd32.exe 5932 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 872 wrote to memory of 960 872 msedge.exe 84 PID 872 wrote to memory of 960 872 msedge.exe 84 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 4464 872 msedge.exe 85 PID 872 wrote to memory of 3244 872 msedge.exe 86 PID 872 wrote to memory of 3244 872 msedge.exe 86 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 PID 872 wrote to memory of 1120 872 msedge.exe 87 -
System policy modification 1 TTPs 27 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowOnlineTips = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "255" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\TurnOffWinCal = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffSidebar = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput\AllowLanguageFeaturesUninstall = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\MaxTelemetryAllowed = "1" zion.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAMeetNow = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection\AllowTelemetry = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard = "1" zion.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInstrumentation = "1" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle = "0" zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "0" zion.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Windows zion.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\TextInput\AllowLinguisticDataCollection = "0" zion.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81fe546f8,0x7ff81fe54708,0x7ff81fe547182⤵PID:960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:5288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:12⤵PID:5748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6076 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5080 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:12⤵PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8188 /prefetch:82⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:12⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8644 /prefetch:82⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:12⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8744 /prefetch:12⤵PID:2612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:12⤵PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:12⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8468 /prefetch:82⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:6392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:12⤵PID:6608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8055413713158226475,8920550597685986014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:12⤵PID:6616
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4384
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1036
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3796
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3192
-
C:\Users\Admin\Downloads\zion.exe"C:\Users\Admin\Downloads\zion.exe"1⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- Hijack Execution Flow: Executable Installer File Permissions Weakness
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:2416
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24310:156:7zEvent242951⤵
- Suspicious use of AdjustPrivilegeToken
PID:208
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5196 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Velocity_Tweaking_Utility_V1.0.0_cr4cked_by_perf.7z"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5932 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:5464 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C1A29EC37943D0C74B49724CB25B2362 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:3332
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6A2CA3CD08D6ECF07B4314BDBDB94F43 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6A2CA3CD08D6ECF07B4314BDBDB94F43 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:4980
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3208
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x518 0x50c1⤵PID:3796
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Hijack Execution Flow
1Executable Installer File Permissions Weakness
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
70KB
MD50f6e110e02a790b2f0635d0815c12e5c
SHA12411810c083a7fda31c5e6dd6f1f9cf1b971e46c
SHA2562f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605
SHA5122f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f
-
Filesize
41KB
MD5c79d8ef4fd2431bf9ce5fdee0b7a44bf
SHA1ac642399b6b3bf30fe09c17e55ecbbb5774029ff
SHA256535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8
SHA5126b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD50aba6b0a3dd73fe8b58e3523c5d7605b
SHA19127c57b25121436eaf317fea198b69b386f83c7
SHA2568341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac
SHA5126a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb
-
Filesize
43KB
MD5209af4da7e0c3b2a6471a968ba1fc992
SHA12240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA51209201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35
-
Filesize
73KB
MD5cf604c923aae437f0acb62820b25d0fd
SHA184db753fe8494a397246ccd18b3bb47a6830bc98
SHA256e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4
SHA512754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8
-
Filesize
27KB
MD5c3bd38af3c74a1efb0a240bf69a7c700
SHA17e4b80264179518c362bef5aa3d3a0eab00edccd
SHA2561151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8
SHA51241a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD51ddff2d23eb0c79abd14c0e490f23fa6
SHA13c7dccbec903b14aa2f783f15c2ee80175298d2f
SHA256716cffc66a108325564b9cb70a759283031a590aa1dd6282b8a095943c658fec
SHA512c6a1a3f9cf67213ef522dce9ba746b6d76090d1347f71a3602eb77f180abf7328dce231c12732c838e5a5a9166da770a9efd0b9b4e22ac58fe034d0923cbcaf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5c1bfac20b19d39d38a227e546ca758c2
SHA1dcdd6c8ca2aa840a44c61afc368ccbc479be5c94
SHA256d3cdb5315f9c29fe9db7b5f4a26d2734b1bdc925c563a4ccd7c29b011703ce30
SHA51274bebab2efa99d4e38cc2acb004159ef3805e7eede92961f76b2887d940a2a7648710d92d6b6cdf6c0a47fbf2541183d002a2fc52e9271791e6bdfe9d41de36a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD53dacd43a719f9d14b3f1a22a17b2f395
SHA1e7d81ae6e1144a6e7b1712d9f584d350a95c83b6
SHA2566f244be3b86d37ced4ec34a9162c3eadb029ed8f78adb2241fafc77d08b3c7b7
SHA5122892146cd42b077b3ad87b25d606a9ea5c86475d3f98291b304c879f8685d3d13238940acb605fb5bda2075fb19cacfe74377283a9d0ec2a62971fc9209397bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD52ee84f79b80cc3475f4daf3bf0c8476e
SHA1dbbe1d2d7c8282dc2b2c86b70f61d1996a37404c
SHA2567a89c2358704b6a0985bc70fcf9afc1b7faf2e6a846260b56d469fd2a09928e7
SHA51287277baebbf9ee89e676b17ba99ed8d63a129642d75819abcce9a6cf373e4f67f9e0da7aa505e2eb5a854b79ebaf858b7d05f3b835dc320efa06d11355f600c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5d61bf3ce7a9adb1a4fabdf78c79c1d14
SHA1e72d40e30d3380fee43cadc53f0d4b52f3aba2d7
SHA25617d0aef01f3aa24f8cb883c43d89bcd264970403a922c7b34fec048c787f6e9b
SHA512b23dfda596438b9f3d1df5149783ea928200f484b399c2d84816d258376a86e2bb3c27fd84a9499388f2a072d840a30a65a4e1065c047e806584c0a02e1c19ab
-
Filesize
12KB
MD5ebeeaa3b1c8aa421f29106b7bf149451
SHA1799f4aa3fc81259ea5cfe1d5ab2706732218df26
SHA25654d37c51902f3ad5f364ad83bc42fa11cdd95c2ffe91968c762a144602f3bac8
SHA512a4cb3814ce18151bc835c8fad6faaab6a98a9f7f2c994ba76cee47da93257d0b4064cca9ce83d7b8e98dce655bcba2db68bf8fd5bf058f852a2bded9dde572bc
-
Filesize
12KB
MD5eb3673ea9c27e1ce723dd36626ce27c8
SHA19602ac6c48697f801a1bdd59a8b3f5d489d41be5
SHA256aca3f135df93e1f4422d9870f201f7ff8db339484725f50a93f7ff640b6b8e50
SHA512805592cf0ad3e85a7afcae9fa6167d373bbdb26921d4c01b6db8bb4f96a3354515399b8aa227732bcb75de5ca19f9568816401c565fd0083ccab0e9194508160
-
Filesize
1KB
MD569f6c4dea05044cd1e447e5a330c6c6f
SHA1aff00d75ea8a28171299bca9257f61d096378370
SHA256402d657b5ebaa34935ecc843abbd574094fd3e7305838bcc10f0eb9c9158a03c
SHA5120e4adad65db146d444bdddee63f30937c54977b95db0c44f9132eb7532d9c3bc91685ec5c62cc62bba68f048201f2b0b3f518c7b09ff6a1a2b101e15d73fdbd2
-
Filesize
14KB
MD591087d0e7b754f8597f9e31395889d1c
SHA103c9f021edb6c6ea0d374b083645b289bf3cba55
SHA2564664875788902490504cf2fc62645fcb8e1a12ff36c26bf53a3fb619bce98acd
SHA512647798167de061f91dcad17ef9e178fca390f0fa6fabd56dcf45775b92fbf959583f5d84a0046bedc0533a4328c629bd7f8f4b549989e3df94c4cb9f34269f47
-
Filesize
5KB
MD55af2784a5fa0d170c274ac023936bb22
SHA18d629e2ec9165c57418c82b867d7288c706f46aa
SHA2562a0694fe788f84815cf0eb5fcb7ba6d393e7e54414f7f5752bd1fd82b03b6895
SHA5125a666c76abe53827e6c659caabcacc998df9056dadd82874d79ac6b8b3bc307672754f2b69435869154a1e2a9f0a5758762804d78f99d783dfa22253ea976398
-
Filesize
7KB
MD53252c1174898a50470069ab4db00c72a
SHA157ddc64e7e9db7049fc3623e8b8ce8d57448a805
SHA2565d04d0862443de9237f8d370073a3f8734b9421ebdb74a7eba05d7bc370b56b9
SHA51250594cf34544204c0ef01c225416d1d36062e5b4eb364418dd4dc491574950ae55197b7380ea5e2116bd5fcb7ce5562eab1619c284e5a232f8d53b934f0c8468
-
Filesize
8KB
MD5d72527d44cf4e969bcaa8e5dd4ebb57a
SHA119eed7f9581efc2cb333dfee9207355677f0acfe
SHA25643453c89e861b0e834422ba3d4c87c2f92377fd1bbd9a3f7f3754d8680cf89ab
SHA5128a4d1d87dbe4bec6ec351fbebd3cbdb382ca719667c68eb4a2e3b27bdfa9386d560512009fd1936234fa3e36db777a9303c1624b3f6ab5addaca5068b223d55b
-
Filesize
14KB
MD5a199bf821a708b865b02d58a03eb553e
SHA17240c5bd7d9690ca493ed5e6757fe7238512ac8a
SHA2569d9e400f303e1463487d0dd56c359a648460c1189eb59cad591c5ee3f20d2f5a
SHA5125137a8f2ffcd0c62c7bbe05e9a5de833daf47faffa25f30b37a780861b969c90c5193b3462604120036fa4f3dcce1e66b32e124daf204936f9e7fa8fd3b763be
-
Filesize
15KB
MD5bfb8fe2a8165da6103d2f3e718c3e72a
SHA1fa55768bc2c2182dce2482c8b46c1f299690c233
SHA2567a58b19e8003183de159ec4044c2c9337c3765f8b6cff71e1be5de93a91ea28b
SHA51226806452c213e19d662180ea8b8c1ce65a7d90f0e7e127b37f3761fc550e86b688be5a46c9571c3ab3ae7014397d70d1745990757270abb172012d6ad4e77390
-
Filesize
6KB
MD56ba7dbf6daf54f43a5a826ffbb28b0dd
SHA1d770196d57bc9e83cad24f2e9f27bcfd7dc41566
SHA256a9358be15cb72a973fba19b45b39f119d8fab36145b5ac11e9245bf6b92d16ca
SHA512284aed173db082c7377c9569c4589ffdce95c4d06a418f754127712c9abb3d4cf62bc3842a10a75ff8ac97ebba5f53c63214369564a6f829f5909fe8654da693
-
Filesize
9KB
MD5f9d1b9f24b7b98a3988d66a87782b54a
SHA1f119fc9897a1b5565a9fe7c5b2269ba77721f990
SHA25662bb8b85c76413a45a7308686a61e1d6ff6645543bd58c9449cb72faedba499d
SHA5125bb159a275447e44d5019ccc8736769268ddf9848f6d21d41419589df2c14e288243b88d27c192c0b8cce89a852ed93c619afdd2426ebfeb2f19469248eec7b8
-
Filesize
15KB
MD599774b5406253f86ce66314101e89507
SHA18930302e4243e167a0ffb17c7e0abf556ab1754f
SHA256a690056870adeab45bb5f99029a6d05c95e2c93587c7818540ca567faa2447fd
SHA512108bf772bb114d039908dc83d4224cb29214f2622c8dab2492d98cc4bbba572be6dc9406a46d74c516200619cd8024c56ead9827353bad25b4de8dd6d4475332
-
Filesize
6KB
MD5ec6b8d3596fc670a450d061672276ac3
SHA1348b2ecc4c2bb4701494d5bc0d1d2c7adbc620ed
SHA2564a30f2858564d9ba8dfc553faecd153b9917465aaf21096f32ca3e3fb1b5484b
SHA512c5ff571080e58690bfc67adda329ec573e6061fba184abd7ee2319a2295c90645a47c4d2e38e6e5176703f930b797ccc2599a440a0d800bef00d06f469bd9e97
-
Filesize
14KB
MD5b875af7a02d4fed78bb4560f08daea1e
SHA13c449c0e239f603330322fe999b4290970dee3c2
SHA25619917658d19f52a7b85e632ab2d45a8f39bfd703eb85de84b0b140c1b3c8168d
SHA5127df3809503d2475994d76ce91caae4eca6ca699cb17ea0a4ac916c583c623b0b687f09f4e392483fb2d613f373154e4cdfa7af4d058f5f985a087fe1f41e758b
-
Filesize
14KB
MD5ee84d9357ca5eedc992f9eb3760f181d
SHA10b256d5c551291dfcde8bc014fa76a302a835fe4
SHA2561e340034bcdb1b9ac99c3aec4a514d9e1cb32f99249a933e7188bbe07e4d68b5
SHA512548bd615782d662533f43f21fa2c2c732f813dfe1c945bcf7d27e47a728b9c9353a9826bfd46147b28acd6bb24301a8307d1a43907fa6e7c122f0dbfe55da483
-
Filesize
6KB
MD5732ca886b2b8abe54fce587ab48c40e6
SHA19322115a0c91fac49507fdf75aa719e89ba89b98
SHA2563186d429a0a3cab78faf893978cb450329218bfec90eec98e032e50d63842f03
SHA512f80674696b8186daf2a611628e20f649f1d1a6aa43fe61cd87e7f79c3d014b895c2c31477f2ffdad87e6ff5c0548c987ddd3336360c81522e360467aa35c5ccd
-
Filesize
14KB
MD582749aaa5a87dc978778ea1223ea9230
SHA1307ed0ffb99efa085b61a5f9e8c92bbc9ae7b77f
SHA256a212cab54260dee6f83e611291767141040e411d8f4cee782785638fe55ec4ce
SHA5123faad9ed95f07190f391b9b16dcb9690ee3f97449ebafba15a4f0e5ceefb0a5fc5f6be744a6483fb43a57b558d965a2b2aa702750aa3efabad428ae69a4ebd9e
-
Filesize
1KB
MD5c86a492b9ee515aff9ee4ee452618c44
SHA198cd3a0786b0d2eb6d3a03d8ea0d450233ec8b78
SHA25634057a1050adede7431605ce2f6174581f77bb885124fdd2c01b2cdc8fba1c9e
SHA51225793b527155240f9fd0b8614b180b8aa4164af97998f6dc20594d8aa89f8511794475b149ac7321ed3996c4a5aaa31a0f6aa723fddb980a4f5440d11b480608
-
Filesize
5KB
MD51c5a4ee53d5ec76a7667ffca9007708b
SHA1c481428936f7c1351e663ebd0d1120842e794707
SHA256f51c6466f3ee027fe5659eced6503f94caa4afec1ad8f93815e4ad311a6d9988
SHA512f155f9951eef4351b8bac3a1cc23631ccadc9676c624faff4154cd9dbc6a5e11422522bdb8806a09a91ac388fce042bcc15a4eede4a0b99095fb05e7eb26d731
-
Filesize
1KB
MD5800732cec78efee2945e26648979219b
SHA12c50ac919e7643905e5ab2fc8be1bbfabb27d61a
SHA25629d61b02aefd347a656ddeeaeaa7433673a742b25b6137fedfc22b474e0c9585
SHA51237f044d538825907dbdcae085ed1406ff52787271141e67d357ed4af535a708a0b7f7a685106069d0ed303f7025be8715a36fb6bfddd41c14c9dd8ea0b742c06
-
Filesize
5KB
MD5653a19999359632fb1ef7f1e7bdc17b5
SHA11d63ae65b8968d49ad56ed0ac47c266098e4394b
SHA2564adf6dccb13317447a61a8743dbd23abfee90d4f810d18c0c564b3a11213510f
SHA5129a042d9ccacd2755c5e63f36566586e6afcf17b15588b9ec69c3cb7deb1865ef68c68858f10c2aacd3f2a6d3f95682e7a95083c89a6c99e25716ab1d6387f1e7
-
Filesize
5KB
MD5fe02cdedd1433679ab73253cecad7bf2
SHA1bc221ee214bbc08e9020ad761173b2f744af382b
SHA256b93419bbd466aea5944545c446c1229fc4a4206d40fd209e7fcb92d0bb962dfa
SHA512d543852ff7a3fbd8d946e4969f64c22d60a54d83c9ab0dd6261a041b88cdbeb1bc253737c5d17b55b0acb549d190aa6fc5e6c82b8423702322448b71a3b7d8dd
-
Filesize
368B
MD5a959aa76405225336a4d8b6bb74c1630
SHA184c47e0d2884cf440663dc79a8de217507932219
SHA2567a8ef8468f948e88c2da68807eed62ba1460556bc04cf511f99f38651f3f3e9f
SHA512a75f293247aa9e5d1401d11203c22f8ddc37288d0e10d407cd801c327268b3f015599f0acccff4fd6df6f951eea76edadda4a4f106a61cca29df057c892e2265
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD58335e8516eb6a3a90dbd11711c4e06f1
SHA1663e75164e811dcec4303d223e3d07e69dd972f1
SHA2567efa1124bc4bc451bb5f831103f0bacd3ff9daaa3a56e2dd71ca2491647ac61e
SHA5127333590780867b6b8102fb77905d47a425e0af66e0c985fb93d6fa8ee5d05ed82cb739e9c7c8a0c777eb60e81ea7d3f3a4fcf76f8f206b2805ec84228519ce37
-
Filesize
11KB
MD5d56eff41bad2638c4d3870e0e6f670e9
SHA19d734717aacde46433ea06a199b9130fb98b1d86
SHA256289613ecac8d1890c47197550f8433d5ddb1d7140b6478e107be81affee03efc
SHA5123ee0a1d21b98535d44d2a2358f503af118214ccf8f220b68ad80f3dd71da73c9dc8a965f040d18d8782dc3bd621dcd85e432c141649652caf432175196a47518
-
Filesize
12KB
MD500fb74e8b376091f3049b0ccda9f085c
SHA1240ceb11dcf904c7f54c45d916607805df47d677
SHA25688c98c57a59e83a6713d4ec6b151735124138e857a4e6898fe00d9ffbb9b5468
SHA512fc5d6125f54be9a22178bfe894d50699b5c5624379c7051791e22832a95b2cd4db50b77c57c802a58fed6e37e6ed3abb414683ef6da4ee2441747ddfbc5c3641
-
Filesize
3.8MB
MD5bb9e693d2df3edaeceb9d8b6cb2fa1df
SHA10a66c6bca9c11cd5375e7c54897ffc36baab5c27
SHA256201f5728c8000bfa84fea795c6acbba4d216bb2d75d8e239b10f19efc50b8b90
SHA512a7ab242494e1ccb857656870cc2c44911f2f679b14ad3cccbae4d402f0253c0472ffd9b9c2172aa87d8368c6257563042ca9142002e5bc42d8b58e74f7feba79
-
Filesize
1.5MB
MD50330d0bd7341a9afe5b6d161b1ff4aa1
SHA186918e72f2e43c9c664c246e62b41452d662fbf3
SHA25667cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
SHA512850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1
-
Filesize
1.3MB
MD53d78a5ffcec3af798cc1474a324453ae
SHA1faf6b3064e1039099fc1dd78ae36756b084f3666
SHA2562f7ad085fcafce0c04201c7a6e13437a27d09f149a0ba9a701c457723f88a57f
SHA51202ca2a31eafe3bf93ae29ee340dab8195cbb569a78b13ac6a15fcc873802f771c56248b4f694f5cdc6a7c1c03b0c77972657bade5449cb5fa8eeb1cccc0f4433