hxxps://www[.]youtube[.]com/watch?v=LJ3tzeHSgJs&t=717s

Analysis

max time kernel
660s
max time network
658s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-11-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=LJ3tzeHSgJs&t=717s

Score

10^/10

discovery evasion trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	Dock_64.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	Dock_64.exe

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4760-860-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1015-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1038-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1068-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1109-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1131-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1152-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1180-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1189-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1202-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1221-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1232-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1237-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1243-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1269-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1301-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1343-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1373-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1399-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1428-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1455-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1469-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx
behavioral1/memory/4760-1475-0x00007FF633480000-0x00007FF634BB7000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Mydock.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dockmod.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\GroupByKey:PID = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 0c0001008421de39000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\FFlags = "18874385"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\Mode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\NodeSlot = "7"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{0C3794F3-B545-43AA-A329-C37430C58D2A}\LogicalViewMode = "3"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4976	explorer.exe
4976	explorer.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2292	msedge.exe
2292	msedge.exe
4144	msedge.exe
4144	msedge.exe
3380	identity_helper.exe
3380	identity_helper.exe
5056	msedge.exe
5056	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
2380	msedge.exe
2380	msedge.exe
1004	Mydock.exe
1004	Mydock.exe
4760	Dock_64.exe
4760	Dock_64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4760	Dock_64.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: 33	2228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2228	AUDIODG.EXE
Token: SeDebugPrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4976	explorer.exe
Token: SeCreatePagefilePrivilege	4976	explorer.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe
Token: SeShutdownPrivilege	4760	Dock_64.exe
Token: SeCreatePagefilePrivilege	4760	Dock_64.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe
4760	Dock_64.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4760	Dock_64.exe
1100	Dockmod64.exe
1100	Dockmod64.exe
1100	Dockmod64.exe
1100	Dockmod64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4376	4144	msedge.exe	78
PID 4144 wrote to memory of 4376	4144	msedge.exe	78
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 488	4144	msedge.exe	79
PID 4144 wrote to memory of 2292	4144	msedge.exe	80
PID 4144 wrote to memory of 2292	4144	msedge.exe	80
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81
PID 4144 wrote to memory of 868	4144	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/watch?v=LJ3tzeHSgJs&t=717s
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc86c63cb8,0x7ffc86c63cc8,0x7ffc86c63cd8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4064 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,6425059604338451165,11146733888084897278,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1532

C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\Mydock.exe
"C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\Mydock.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1004
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\dock_64.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2220

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1184
- C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\Dock_64.exe
  "C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\Dock_64.exe"
  2⤵
  - UAC bypass
  - Enumerates connected drives
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4760

C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\dockmod.exe
"C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\dockmod.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1028
- C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\Dockmod64.exe
  "C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\Dockmod64.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1100

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{53362C32-A296-4F2D-A2F8-FD984D08340B}
1⤵
- System Location Discovery: System Language Discovery
PID:3808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1144

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:4976

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3132

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
52KB

MD5
dacf8a28f3ee5b18822a421ab28c6e40

SHA1
adbc1eccebb4b17f1e722d5405b7e5f44b9ba358

SHA256
2735644eff757df6a16a38c90a1e965fbbce565f67381918333516e17a091ac2

SHA512
0a86b792a17c958287b8ec9849e3e42dd1b7dc8b5e1300578b45b281558990f0588708a188782842f89d6d98560dc34e41536ab672daa9f6c3dc9fc6aaafc21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
67KB

MD5
672459215c78c87c86cfe4af0efe598f

SHA1
cad4b454aa573f8c199cd63f3eb8b8f9c25f03c3

SHA256
d17075e32e425f00b58b4d38c3b733019d49990bca81e3a9fbe059460f30e6b8

SHA512
eb01a2d53bfb29e8925d9d96c02c245bda9a388c1a6f4415717711f9d0acc3942f9b6dd670b2f66ec5e23ba4a168a5ce1df47df204d690091817e61e86fa05ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
20KB

MD5
e289d2e9803f4638958b0b5c8145151d

SHA1
01d526196a4814482d2ab7a3725cf8a1ed3d5acf

SHA256
1e3f997dac17c7efebc0c89760d7751fa7d224e20bc8bb91556909392c166563

SHA512
7ce02c1a99198bb9b945107804d29104fbf21042916751f16f9c28c621dff4ffd98ac90331b09d591ff3307cfd109111cdd3c20a3d20acfe080a91f8ec8396ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\624707299fb1250a_0

Filesize
255B

MD5
307d7ceb0b5cbd91c18876af39656ce6

SHA1
de57fb43d5552c0d63797f5fa70a2ac594647c69

SHA256
0cd9d75317fb46b574e0316ac20b14f1dbcdc27cf00907f3b4b9e23999d7b913

SHA512
f7d4c5229d1d5b06d04d4c8787c19920fed0b774455956ce22ab05b1620ced8f0b289d73a86b6d8a2bcda804450e4c59ff790d78f25df60cb95e4f4d20f27915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5dab6e32a512ec4_0

Filesize
244B

MD5
93059ddea17c3520683f20d060de8a6b

SHA1
149cfd9d16c956eee7a9d8943232b4be3af37410

SHA256
216cb41e5faecc150fddfb7730fc57a13131b13bc630bef5606f18d619a3cbcd

SHA512
69fd2658500412d916f5f73c1f1f9c21f454638c345df6e1c9bd09d870ce0506d5a406dde5b6e7fbd6e53f049e6a75a043417b6b40495d12d2143ef006a75429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
480B

MD5
e0eebbf6ec2466e9b46aa4836963d013

SHA1
62c2d229ffe6f796b705f5582bc614d9a2b6e25e

SHA256
5a4d489c0492f23a67955c2d8e97a99a802db268a80f0762b88e953446a6e8dd

SHA512
785e326356c0c26574973af2dbfbe182ad8620debd787f60bcd5b33a7831783d890d1eecefdd1eb1525a034cc56743459e4d8a7495b8a5aa1f3942a5e24ab6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f921128dae49473bcc45c430eaab953e

SHA1
cb57e0511a3ecee1257f970bf6ecbb1fcc155ca2

SHA256
dc97f74f79dd29a75df5a7b17f6b933be9955ed60625449c5a7389e49919d38a

SHA512
7b712834c7658324ff331e8bf4df50fd5b1928582f4828446f485ab984ca883010ce3df49e1ffd7bef0ef5dd02e508bee9ee44f8f22e992f49f0c67a6c1b682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
fa4d8ea70f6ba854539dee0268ab8745

SHA1
7d072d0244ee7cdff69f0b8990352871fa447fbf

SHA256
ddb1333a47a6d3a3fbf724deb158c93daa938998ebd2f5533cc9dc3452d2de27

SHA512
9182cee457df090f43129f504daa80cb6446bc67baa465a707fd6beaac8b2042a56c43db6fa8fa5f6b5f8a6d68c9c34189e0ad875d1794c334879646a15c21fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d11e2be2d5fbf6d43cf0a7765cbf5023

SHA1
e8d3a90209b36cde5c7fc3c2d87eb9d26202af3c

SHA256
dcbfc8a1e90be0e351b6069ac063f3993789ba72b350d656aaa6f973fa3179c8

SHA512
71dbf80cb8c884daf91dfbca27e2f390a4f739d2a2cc1b98bfa58315bed93fc82c658ec2b09429099b8ebd37d73629f6c2763e17adcb3ca6eff94ab0676db460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c010e07e9c6f5d94fe8da9d07120927d

SHA1
07e132b26c08f2e7595bb271c7cba45f76eead3a

SHA256
f86d4f2f1db38b2335e9e8891fec37de65a29a3c1b15943626295df04098bfd2

SHA512
5f114acfb85661f8637aa8aaafbe7930f3ab8d3321369e88fedd0f3c84d744463e58c5315237e756f93d13abeef2f01dabb91e76590e888e5cc274aedfb5605e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be2546ed7751a7407364631158891356

SHA1
aeaa565526cc06709449413656194d455e3bdf2e

SHA256
cc7f30a2cd6ec6d0ada8f9007018ab156b3b2a68449224ecb6f80d27c9701110

SHA512
89519cc2b481b957b4ef78555bc7d7def02fb80d1b30d119966f104ed8880c71dbc19003536c11842da7bdd87562e379b93447f5fc1990e1b21f358769943e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12df2a4a8b60004dc9a53583862ebcbb

SHA1
4cfbfb9912a3b794edf2f1d8f2450ef761d410fa

SHA256
71a2c3446b41596dd255e61bd7a8940669bb85babee3a0cc85cea056017ed50f

SHA512
2d31adb325c6957e6a62d8ff03d40c4a22a5ccd91383f19a38bb2bdf8e5e30c4994aca6521fa4d4f82206f18b71cd998384e27243e2ae9f1924e8bf338fd1799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
365ab43e0216bfdc82a83274ab29cc93

SHA1
8e8215068f0f2b41ff02aa97939b5feb024ebb0b

SHA256
f96450ee96a5528004fc96621e6cf1c62a871e696423c643d4c687cfe4f5917d

SHA512
f2133ad102b88bd4a1d90591b676b00d41c932ae21eba19b9c40bbd5b018f23bba2021297ecf214411b4489e615de466a5842974eb7061215b806ea81878d0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8d3a891bcee50f30123d1b3e399eb15

SHA1
c5e13baf0acf1292936918e61e75171b73a1d3d0

SHA256
bdeff148e6b43ae8d592fb5109803822bbf9f7aa43a0fe067edd97870b28782f

SHA512
d49a23e7e9b7bebffc15a349a6d9bad02a8e497b80554fe3c19306d86003fdc58a078d23e4649b7a6a2efa554be91a84469b49a8e927ad122adcdfce4498ef01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41f4c883a1a4a30ab26d63a73a5186ed

SHA1
0a467f1aa4148f25874c733d252f45e57ab6d4f0

SHA256
c22f10714fb29f29a27f0c0fc2e2a69df90356b32e38f0a08aa5bc97024998a3

SHA512
adbcb7210dbceabdd2b8cb10c568b98f672d46f791882157437ed810c9b31f51e0d8ab1c562a48d068cd8356ad56f97a633fc7fa29de97893173f1a7493c9d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b51ec04140fd3a1e5d9130b52e5e204f

SHA1
12669c18b4f4833164a6ae58e9145c4d219c4626

SHA256
10ab4168865b0d2e9fc6f208f3c62b38be3cfbd82d17a122bae11816b8aa1c0a

SHA512
aba268022cbcc52b06513701a7908624117466dc36a8102bfa5820ffb45919359523857476f69771711aa107c402209f0efd5f7e8247d861cdc1316a10c86455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53c2d4c6ce798225ece5073302fa2975

SHA1
01e9ccfca7b3b8c269130fb79d2dfd94a38f14a5

SHA256
1dead2ddffba3847d385b31c7e53205bd703b788256216ebe7e19c5905d9e72a

SHA512
e032d250e634b2ddf1072888c1e83be81b692365a6687aa17e139fb81a8dd6f5b05a6cb3c0752e52e87dfa8f27ce62ac00314cb30eb790d1ac852a25df30351d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be07501ffe9c3cc465367fe9e3facbe2

SHA1
c5c03c5f7f0da0dfb76576747419796af65cfb9e

SHA256
eb87c7276b65bca50e5e26e08ace0c574c715a2535f53dde8ba34355de1bca5c

SHA512
d1a389f2ef68f9b8575ccd051ebf22fe6fa8ca3d2c94cb22a347f0a165c820ca9629e7c0c00a932f0d015378d5ac93bcd35736cafbf71b92608dc571f72511e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bed00ce450b77b80ca25b0d8056bf52e

SHA1
aa68031fba54ec0cd284c81c373ec2382826653b

SHA256
7ec1637ee682f7deb1ef718b97adbabd900a5d82c03a78eddb3d1bc4265cb85d

SHA512
2c754061f206bff8cfa1537af8ae46bc5ed911cff924af2bf510dd9393e0c1fdc7ec5d52071ddefedc502aee607a3795cc0f2475589723f41234adbd0ea3358f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74666eecbd88ac150bd16406f1dbb458

SHA1
7c464355240a2b249260a4225ada7311cf2437b8

SHA256
cd7735ff5686c597bf8a6af47295c74c86136af5fb96c3246eaaa960d57293e8

SHA512
4bc35178779e76e03d30685563c9a07694295e7e6f279a7fc1e96b65ca11ca85af6578d6d12e836ad7128549b771a688153e3ba26374a46e098dad97e42dc29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f136a2a6-560c-49db-b832-8c9ba05acd65\index-dir\the-real-index

Filesize
2KB

MD5
b05b3f5264508494276fe6e744ab1952

SHA1
aa37ad2928a1dc315ebf69b99ddf3f8b89ce0836

SHA256
39fc06bc8982f4bd64d6ac50d57d42da2a9322c4a385dcf552df93827a216e42

SHA512
10e6ba1da41a64b9a8ddbf664a12af5ae22bb12b20a2b56b5e03551bc90bfbbd0ff0924255adc467b9a9a51f0f7f6f352aafc7f136e40ebaf3e28bffa097fa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f136a2a6-560c-49db-b832-8c9ba05acd65\index-dir\the-real-index

Filesize
2KB

MD5
fdd2cc4902f0a3e7912c58d40859ab92

SHA1
dc7b110a6edcadb5953959fe402306615f846daa

SHA256
c0ab9bb1433d0d7d29a6a4129dce884fad39afa68e5ce68c32e319bab793d4ae

SHA512
7a27dba5574442ce11b3b0b5efecd84545e18f94828ff344a9b2ff2415ae01993c79468ca4db5726f2c0a2c3681664c18097649635c77160fba94d537c35e0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f136a2a6-560c-49db-b832-8c9ba05acd65\index-dir\the-real-index~RFe58080a.TMP

Filesize
48B

MD5
507850ef97bee56a73baba5579d6a873

SHA1
5176ed41c8004bcf64373a095c8d7e733cfdd38d

SHA256
94bdd8288ec7131840f13c9c1e625a65121aaedd3864a0d53078348d5588b793

SHA512
d1e96c272f8b730b88c91af5b7bf630474cf8543cccafe94b197d651f598003b596db3d2f72b7ca32abce3b72dc2d10b6ef4712154e02c02019f4583a2eae53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
33b3ce4625cabea86035f19e1cc87ae1

SHA1
91cd6edb00cc6acee764c4cc2fa45e51c0ed83da

SHA256
732e55ffa2e603b822c565c72bde4e7f1237afa85fec02121879d00c43c9c027

SHA512
8386430afcb12eb7ec9d5b17b7d8a38f2d3a2fbd2753a297a905c6b30ea3faff78921ebc4a9b110bf91592d375b119400ec0af0691214e46382084daf58ade69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6ddd588340a158a0f541cc6cec32dd0b

SHA1
7e4ea7bcadd4810da4c78279385be2f884972ef2

SHA256
fdb5f5c1dcb61657428d1fa73ea5b9df6e0856cd1373f088e918656b0cb6b074

SHA512
00f351a589b113b67a945b30ee3f474d047da6a5698822baafea68cb2a8e32ef2cd3fa46fbea5185a47b004fc4584aa01f8834abe54939363441d8f2e726f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
4bacde2928c833b085d12b09827053f5

SHA1
39d9cd4b9e2012be80ea3bd8f95aa494a14c0abb

SHA256
a94f9263cdfc2b6847b3302d29b783a5b8d4a1f63f144158b4678e34333df92d

SHA512
96aa17ad0f4eac509249372aef3912cf1b1adf100187b25436ae025c323ec99acb7e560a0474d6318d295de054ebe9f6928e4a1ade831ecb7e28555120bd8caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3f1c2651b66e740e4eaaefb6d8d84947

SHA1
2f7953793f94765520699916a666ecbcfe84ee51

SHA256
326e46518be6528b1e866e1abf1eed42c01d344558316d831b75c9381389e41b

SHA512
50d6941742f24e20d9281586dc775c1d145b227975b176f75a5ab5bd1e258799f284011d673240512cfe1065cec6c7277706ca84cd2558a39f876f1e17aa7bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ac6c.TMP

Filesize
89B

MD5
789524d7020926643f43860784bc14c7

SHA1
03ce909a3db98c1b4331667ac3fa875aa5cd30c7

SHA256
66d0b7682319cece42d2b0da08f1db71561bc3e28c4a067c01cfa2b6c93047a6

SHA512
9f9b8a544fecd57ffc875186b4ce90132c5cdd0a74000bf50c44681e4b2d6f19ce303b1b1db89053cef43698db3d7568301827c59166dc5d314b447d57d8e739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d1efbe177db08afcba19ea1bcc8be5504e691327\index.txt

Filesize
96B

MD5
4ef5409bd6b968b101475b1a5b582d53

SHA1
3ddb03b6201d2a8d0b2e0464b4c01d314c692820

SHA256
8ddbc85a3d0de00eeb1e38b3d2ab7003955b08b6f43c60ad9283acf2e6b1c9a1

SHA512
a2967f83d1fde5a97dd1050eef7bd4805a865c7a212523eca4897d21f427a168bb959f0292b43330775854def19ef5b476e8adc8f272fc1ebdd47855db874ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d1efbe177db08afcba19ea1bcc8be5504e691327\index.txt~RFe595a1c.TMP

Filesize
103B

MD5
16b0d0cfad0c6f8debd0cb6cd1349973

SHA1
0aeb3e934dae45a54d0a89e2f65021a23834e11d

SHA256
57874fc96e9fdad9190b8ac06cd91438b9f97c4facf0abc7506779e7338a1654

SHA512
2cf2ef0314f83d699bdd690e3142e1c5b6815dd323dd7414966ae9c7f5c67a8372ab01369cb96db73ec885b0631faa40376181efb595eff1d0f5a48ba9f1f6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
c59f247c1340bb3ff96897c9632c0b0c

SHA1
e7f13048953873e6c21d017391c3d2ce518f24f2

SHA256
f7786c0b843c9a3dc915219d0e2845107abf3ff33c93eb926e18d1714a5e08cd

SHA512
da8828bf6cadf6386009df78569760f9c6ef08e76258242b2b8965994786417abf26f83700a5d8ffc11d9a7db383807f7b074c47f91042eb79c093cdbd3d54be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6da631ae7b62b34fb64b76c5100d28c7

SHA1
a547a32a795765e71d481e6551efb4db084926d1

SHA256
5b5a4876a6568ca7c1cf22f8c1117ddbdce6df8a03a81f243e0fcfbcf6d36e46

SHA512
0a6d9fb756bc4d6029a5f5177b90d3e2f1f1896f208b06dd8a1c67c0adadca5af0746bd3522981c372348fdcb8c485d05a257b1a63af20b68f63109027ba6a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fba6.TMP

Filesize
48B

MD5
7894a8434820126550be0b43de27fd40

SHA1
3389a1fb410b40a44cde9db13c964c553f160508

SHA256
c22347f59e24fa41042286298b351db8db19ca0cc631d5af8f0f3d6854b443ee

SHA512
18767492950e60d5ee554cc6830e55e4566a01c9b17437c652ee5caecdba376973013ee9ab8ef62d4abba4b1f46fb9a3d1e825e41b739942cf4a521c08db69e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
3a00c7d546cef52bb8f07f4d48cd25b7

SHA1
3b77c64f774880bc3ef449d8b4af72bc8818af0b

SHA256
5be78cacd5ab9cfb477d05fe16032e4ccb0d2d15959ba8ce145265c77172a1f3

SHA512
a46658192d2144558721c7fb1f5a1ba006e09d7f89a6e6d77d27f3581ce9201b90cbe5f1f692ca23d8cef990c3984e699359b0004e7b7d8f18fec5369dd7f563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
2105e012296b6aa544dc6097577ad228

SHA1
f77112a4f1c1b229aad054a1106adddba4644c5a

SHA256
64c7e79a254eda80e2ebab688e20f43c16e1b7b7bd0f1544ac30a812ce5d4ab7

SHA512
86d5a824b24ff601d00c7298314bdf463ec97835fb10bfdcbf42973bc7a2fbaef8e458120625fb3e6038835fa9f8ad55b324abc9aa96920ef3cab2baddd921d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
cb05d5c5804b0ccc946f3db294ed82c7

SHA1
2ce7ed03d0b48b014bd22f1598e23568b099c747

SHA256
f38c8dab95018e47e8377cc293e8a0ef94f1fd0ea0a301c0da7b77cbcc43ac27

SHA512
060339b7334c3d5331b62a07322048742e9fb819c2b2a90ac23e3e31a715c98d811724aa5a20db7b9552393d04ad5f08f7b981a9b9016c25b685b82f3c672b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c0ca.TMP

Filesize
706B

MD5
0ea7b2515226dd344602210d10531743

SHA1
b79b072bb6172d8f14103d3ce66a2473d2cf96ff

SHA256
10cb0b2a0704adeb23fa8cfeba4c2fd6c4ffe73f45e3944a5296162c4c79afa5

SHA512
dffe6f047ea909fe59ee04f2b0032989ee767d5ac3b80bfc5b074b72bc380138b84ac24c0e084d3983702ada4d7b79186c4e7d7677a24496a1d2a6e911c5f089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0893789c9f4017ff587cab3fdc6abca5

SHA1
8305c6d2ddfe34d80a0d3504a0840055f1bc4455

SHA256
ac29ce44b23743618f46b65ae3039a381548c727b734a02b86ab9d0e07063e8c

SHA512
b150b1928adaf766008eb45400191f777260d1c4a392bf1c152be1da4bc11b0a1eb6aa876491092d2ae99920970ab7aee56f11c134d74da533fee30adbb7639d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3515e13bb566bdc16ec3efae7a825dd

SHA1
5abaa7e9b1097ed94311cb606b5a1f2734affa5b

SHA256
ec1a32dbd33e4b362303e519a9f62997c446718d0da6f7ae0a665e3beab0cae3

SHA512
7acb634e826528201de367c879072e2ee7cb593e59292a4dd0275e559389c859e66c132985996e8ed66a5a8876951fe9702f0bf26212b7650a8299114ea680ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40c7775607bce3c5ec9633d2c6b828c4

SHA1
09cbaa4777f65bd9959686e98a92f46c2c2d2ead

SHA256
09da1f59042599c0981c1cfd266e4cf9efe3a9e47b114461755e38e82c73d177

SHA512
a1ec3469d913f78470ee0c462fbcc11eebdfeb363d551b0f1a7b1f1cb11bb804ce20293768e8a4941d3308b444b7945556ad73bab428948b0f4b5284418ad65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
84e28893201d510852e976925defcc4b

SHA1
00d5ff39c457da872d5c8184f34e01cc4d130346

SHA256
64b8d46c0adfaf99e2cb4971750f6523ee1a8cc48da31ad3e7701bc6480953ba

SHA512
1be9c1f0b688701f88605e51b3fea5c8459d93a35e8587d36a67dfc0d636cab7d074104ae26303d2db5f8261d7d308144d8a6e805c07e6723697650eb0eea11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
293e8bc14941c7092a2bd38732b1220e

SHA1
52f771eb9add042b7997f473015c33c9e91bf3b6

SHA256
d2d7482208cd43fb85e389ac722acc37d14ff24e0a02c8e739f16d1fe1d2d9bf

SHA512
ba1805a2bcb6bd22ad6707a19b6e8ae92155a9762c1762d60eb397bfce54ec20e83d0248f91f84f4d1332f0a26ae0c8404223af4d524be2950e60ec13af90287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
0d04335401a0c55289790ca4d4bb6e40

SHA1
b517c0f2fe0f949be4e2232d57b829ab3fc3da95

SHA256
e195d22e93dc4efc5c7cd8f6ccb01ed2276adad6137581a3fc5d5d910904620a

SHA512
e8a445948f1722aa5f03fd619bce96de1e3b364391abe530d6d22fc41a3f36cf0119fabbc9dc20e004a96eea1035e9be9345b47a74f006131c4bc40e39bfbfab

Download Submit
C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR.zip

Filesize
38.7MB

MD5
18b02a37a0e2f0ee9e6c69ba09852820

SHA1
b30b419769e849ba5911e5cc8ff1f26968a767aa

SHA256
4c37f8178fba251ba706f75c77037b4bf785cdaf187370445ff7a7462c6e5ccb

SHA512
92a173633b548015b58f20a22855b9e4c5f43817e3dffe8c970fd62246b3ce0dfd203c2e29917cf3bef29116b197e1bbfadef28b06c84917be2cd119caf9b977

Download Submit
C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\cache.ico\2061671562848_

Filesize
10KB

MD5
99052ab73e7e43800df51327e1aa9d89

SHA1
2852bd11bd4df01b1d743ee4a340189ceae5c171

SHA256
c278012f41c56d5662cd54a1a4d96a8424851c9e3b70ebcba988d6db1853d1fe

SHA512
75b2933bf0bb88499ed752a3a506b7e4540ca9cd98d5142f4a0128555c0c5c8b3aadf631339752c9d33851d0e4af9fbce083c98c6bbaebfe1308f31dccf2b89e

Download Submit
C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\config.ini

Filesize
4KB

MD5
b9452483fe91f8debe8a71a8de99933b

SHA1
e8ab998084c0d87bf4877febedf3d86eff72c312

SHA256
b64f6c864533d000a124d0c5f7a9f1c008458e343bc87235cffbf5e31c28f0a1

SHA512
d6c3c5b9b023d60cbe3ca758ce874d9313d12664ec7d3d48825ad6a61be8576749626f4e46617f275cdcb00e38182153e7c9ee7260e73f3fba58ee59d57b24c7

Download Submit
C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\config.ini

Filesize
5KB

MD5
cf24e14b751c5c36b6c9d7c42e6e42f5

SHA1
cb58d94fd125e117225e0483cb78cd675b502bb6

SHA256
861195e6b2bbabf3cc8dd85123eda59e1d828cad4a76fe109117bd8afb304f96

SHA512
69e0b76c3ecfc0df93391de258ca7c70c8381721f5a4dfddd3138ed6ce098e1a3111af2a5f53318c9b03ecccb7f1d0aaf15ef60a6f2b299641c39b6a4575dff7

Download Submit
C:\Users\Admin\Downloads\MyDockFinder 2024 by VIN STAR\MyDockFinder 2024\config.ini

Filesize
4KB

MD5
3271b5b556b9d4135d3d23cec065dccf

SHA1
6859dd3b639ead9068122cd9a61a078f51cbb034

SHA256
b4a4b40abc138696bba0047c50388f4e0496a71ccc42f4ff2da8774c8ca62bf8

SHA512
f190467e62a6cd7698ed0bcd42579c3f04acbc4e73dc42dfa4961956aa4bc7b4c610b9edf7b6b00b8279447c8a74ed857d10b1a959dc1f3056ad755d884cc95e

Download Submit
memory/4760-1232-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1343-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1132-0x000001E07FEC0000-0x000001E07FF27000-memory.dmp

Filesize
412KB

Download
memory/4760-1152-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1180-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1189-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1202-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1222-0x000001E07FEC0000-0x000001E07FF27000-memory.dmp

Filesize
412KB

Download
memory/4760-1221-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-860-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1237-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1243-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1269-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1301-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1109-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1131-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1110-0x000001E07FEC0000-0x000001E07FF27000-memory.dmp

Filesize
412KB

Download
memory/4760-1373-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1400-0x000001E07FEC0000-0x000001E07FF27000-memory.dmp

Filesize
412KB

Download
memory/4760-1399-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1068-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1428-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1069-0x000001E07FEC0000-0x000001E07FF27000-memory.dmp

Filesize
412KB

Download
memory/4760-1455-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1469-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1475-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1038-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1015-0x00007FF633480000-0x00007FF634BB7000-memory.dmp

Filesize
23.2MB

Download
memory/4760-1016-0x000001E07FEC0000-0x000001E07FF27000-memory.dmp

Filesize
412KB

Download
memory/4760-1017-0x000001E002C00000-0x000001E002C44000-memory.dmp

Filesize
272KB

Download