hxxp://bdu-sku[.]com/

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bdu-sku.com/

Score

10^/10

netflix phishing

Malware Config

Signatures

Detected netflix phishing page
phishing netflix

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{A1232C4F-4F08-4FB9-B535-BBF0533543B1}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{A78A493B-83D4-4953-96C4-4DDF4EEEED36}	svchost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
3896	msedge.exe
3896	msedge.exe
3996	identity_helper.exe
3996	identity_helper.exe
5744	msedge.exe
5744	msedge.exe
6004	msedge.exe
6004	msedge.exe
6004	msedge.exe
6004	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4168	SnippingTool.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4168	SnippingTool.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 1764	3896	msedge.exe	90
PID 3896 wrote to memory of 1764	3896	msedge.exe	90
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 2876	3896	msedge.exe	91
PID 3896 wrote to memory of 3600	3896	msedge.exe	92
PID 3896 wrote to memory of 3600	3896	msedge.exe	92
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93
PID 3896 wrote to memory of 992	3896	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bdu-sku.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef73e46f8,0x7ffef73e4708,0x7ffef73e4718
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3556289353024720182,4390145723904539864,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5572 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1616

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f38951143ede15b2f00d3352e458d47

SHA1
1130065985230474657d5f744e99312f22c69485

SHA256
3a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65

SHA512
5376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b533661b945a612876de1e58ce73d065

SHA1
d93286945efeb7f33b49f8e594cdb264884c827e

SHA256
e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65

SHA512
672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
36KB

MD5
31b020e454b14352f75a2a03e5f48ecb

SHA1
b5becea70eacc4e783f409ab792ad5fbbd6018e4

SHA256
186d9a6ce8045659afe2bdb293af223903aa8f6ca4ee8614beff4fdb4987336e

SHA512
a58ca80cb21ee91a2de3003c4fda452a9e729d7887f05afe88e07800fdf9877d4d1e0a5a7944c6008c024fea499649759df5918740c8715b3107e07d54786073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f8b7b1d0d7860877914ece8e882673ad

SHA1
506af8a7cc000eee227c20a936d0f4b0381a0c69

SHA256
91db3d4ea5eea67fcbf80073d7476738d5e2b12d15f5362915b5d23e2524315a

SHA512
7c01434ebaa6206d6c1a95a32aeab040a80bd639f42744392b8e673e9b170c1ee4e18e391d4bc8ee2da4bfb64e07ca7f4e81eb8ed1a5554598cc6d0e030664ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c6135e654d9051e1221f0de0069a9ea3

SHA1
d51b8193231e98b33ea38ad3e15ae428420c1409

SHA256
79a091c9a3fb49458a2fd4a6cd5a9e03d1b1ca2088b4f0e2331d56102ae5b354

SHA512
4721535dfaffbbb927643a5cfb45a4fb7e169bd6db4d5013bb7fe8875eb3ed1c2f21fc4cbaa8434732097c0aa4cc24edd1ed1b3c6e06e4f9a2c83690d6f3ff39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5a4cc7d04beaf4f90a5a3c9aa3b0c5a4

SHA1
748e0a6a763b2a57e9093a54a68b57670f266a63

SHA256
42f7fb84b47555efb124006a8f99126acc422218f397c50481a8974e8045d256

SHA512
1be847daf68fd786399fc69507adc317632c685f85013733cb840bae73c808a968a618acfe1170bdf86c1c63532f66fcbf2c09a08891d7e1ee3aa8d2d271f201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
611B

MD5
a5e1930f5b3b678640da089afd5ea89c

SHA1
c0d389b3bcaa4ed928b08711a01c15e30b3ab981

SHA256
745403b9e26da5a8fdaa383d6ef83e60f3d7407060fc2eac7c16d506379b8e38

SHA512
bd8fedba70748eb67b8b25d6fffc1d2326eb1aa831832bb27db48e718e1f8a0d44d0044ab06c2400c6e0163b4f023de2924595ed8e80ae13fdaa50307bde2ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e43c9444d3401146dfc12a1ef48d6b7c

SHA1
d6e24a87faeafb6d67d94480b6953d060df27fd0

SHA256
9e109788516d36df23f62884fb3d5dd9916626e99a9b075039e3a3963f4578dd

SHA512
e27dd963dfd081ff0ec8eb77369887f411236d0df17d966155f5c2b50d6f4f82835d618743f6a3e18947c1ba28ad7419375c84399e4c4caaed4bd35c3b01f6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
611B

MD5
23d766ccedae759a5c8cc4d6dfbefd1f

SHA1
6ea2d43f000039d0a0de1b1bf52bf25a991a9619

SHA256
7238ad6829f1138ad2293a7bd2839db0ae5bd842f14dcb2ffd13c038696fabde

SHA512
eb33d54a821916e5ed8df23b9fed089b3c666b2e4a093b81b5305e9812f859afd9a4d825ab8621252bb2e202645d1d89b74ded0a4d661ef78a966111a11310ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b31eb599996bac0f61f25b867936471d

SHA1
95eed6a14e41a87a20fa20f1ae051eebc99eadf4

SHA256
40e4c9ebf072b4c31fab82299da8f8f904f68ed7b806f124e740bfbb27e99723

SHA512
56eecad2dbcf671de0490e65e67eae6dd12b1fd0258bdc64a37a66e4d4c7ad379fc1e0557182d3821a64d789d8973fac0b29e447dd4014ec45701d532254da52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
524b9319f20bd35206b1e0bc909ec925

SHA1
df6a9c175d02e1e98a4c78c1123c1af5568d2659

SHA256
2ccc003235d0c90e53a795df1ae1999272a636a86a30f0618182587d2403eec5

SHA512
8c1ea7ba442b3b30a3945ed81f94d7f9e7952ce49250e4d4c875cbc54522e3df5cd76a2b22a07463046563a3ad588d156bb56c2df087484aeae495b037bb4908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
01e7917f0939f24c7c0d98c5242f9468

SHA1
cfa5be88a3761866942c9f56aeacd942f9e4e25c

SHA256
c6e89fed1353b8574e05d924dcfdb9e0ad7b88b289236fa21aa567c4f5ba8b08

SHA512
4c7affdb0c9562af90aa6f350a1e0a1d2b0b6fc77c19f6dbf0eedabddf864f5d8db272d8315525debca2aa5989ca6a6c67d2943ed6b4e35bb210a15704b83c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0701b768a964c2a2fba159a28eacb18a

SHA1
414c915f15d1ed842367ee36d676c00e5164e1f4

SHA256
82bc28db1bbcd75d3ad210dd67dfadb2c0cc4dd1e519534480fbf8c76e8aef61

SHA512
9841607deabc2e4281b86527665c1ad7002898f765ca0402d5c955c529abf854dc5887d95ea7e6a663d67cebf6ad5834f556b32ddc8bdeb935bf14a21e33aff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64a22b48adac82e3202e75f8df5e9158

SHA1
40ca829a304532c4b9c7b3c1369c636cab48d1bf

SHA256
d58d1219435a90b02deef5cadbe3150bbfa20606d94726b983b11d0d388417a1

SHA512
f9f3dac1e4e117f98d2282c6400b7e63398c8e5afbd937c01ab2cf159bca3c0fc55a47fc418d31d757f3e82439eead0f06c475e2540dfef6e26d71a5bbb6fed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ccc314f8795d37449c510722613d346

SHA1
76dca7ef5483c9bbbe123705c76bce6f6ef45be6

SHA256
71e84ed2823bd8b87760e9a4a97be19d56653ba331f66e8b913b6619c076cce8

SHA512
01a6cc815f9b8dad608ff5616b0dde2673cbdaeec1970b7ce0dabd13532b61260fe61529309c8df007b552c0bb3fa7ce3a7a0fef2bc94d13c6dba0ab18c77e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eba8517f3652641367e901d3a54f7581

SHA1
fea9f4fd8d38fa53f21cebbc148d48fb07fe13c6

SHA256
2d7c268095e786a3e6c729a4503a10709df851a8899197637e6d42aa11fce388

SHA512
da857ea24ab0a1f4e1eae0a23c1b50e86c5e4c5781f9cff94eaa20127671ed5b1ed681c9b626366f155ec89e767ca11554a77f0f4c3a42c44cf821654b483517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a3c8694f537d00a78cf6c1ffea1285ad

SHA1
73a40e8cc7208370d632694cc5e4ab631c3972dc

SHA256
67a1aec1da92d9eb2292146973c113404d3c7146eee10a7af5ca6d729b8d59aa

SHA512
21cb20afc2e99e8d2658cdd41adea324bb5781e55243b27a8aa64f71f4c5097fcdde1e39b37d2601f4097b9ac4f74b6609b35788182ca3382f01c7d82d729ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5994f3.TMP

Filesize
48B

MD5
7645e1fd09a3195bc7fcd7e0634808f1

SHA1
3e54850c163a65cb18152a0e62019cdcbfb2991f

SHA256
3d7b011edb1079771ae825ff72a1632d8bdcdfeed55ed1f8a3f41671aac33812

SHA512
016bb5f461a11103c049e2ff2cae1609a7ea87cff28032bc1ff651b97ca6fda79013dcae6b111dd97e8f863969350342c59ecea631a1ed7ba52baf0279cb1c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc433bf85e2d9c3acacd3dcc540217a2

SHA1
adc6c2e21ea21c8711098649ef25563869cac3e8

SHA256
b157bbc21bc79cb82c4bbebe7fa37897d082ce6fb782b67e97f56720ea1945cc

SHA512
239cdde82d06e936c9fe276bf709fd86b56d2d49ba3b541abdbea5c7dff2dd8d9ee218e64dfdad2be419fd7a3d4f056318a37bfb6626001a9012904af25e4f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1aefcc6f3d591be681c0ad8015cd8e94

SHA1
c7d1dfbbeb3410af741b0564b9dc255e3cffc488

SHA256
117fce984bb519ec5dfee3b12368976fc8f730bc90c1afece36d8c729482da7f

SHA512
2646732f500cb3cb1c24d113004615470c1c9453c3d09413417b3e38776cf842fc437fd0dc8b4316bec3f64687aa67e2abc629009867eb4a1b78f12bac4919f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a47dab51973033198659070f58a69760

SHA1
79cb7a2c5f520fef85306571f7ee8caf601036f2

SHA256
977174a2ef8c1fa442775565b33f0a632b3b6e4193058891adc59657b5fc9b4f

SHA512
f1c1beae12308862ae98eada3c9fae83ecf4554f68e6c3089947393b384db2ca420aa4739e825f583d1986410d9f54d5efb8183cf73d2d3ce6e9f67619175a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be90636545631d8bcf105f6cf1cbc415

SHA1
3e2de8051d5227bd06221e4b6b567e6970c9440c

SHA256
2c755e494ec47fda1b9404771803f118765f2e929fa54bceaf93e2b613126970

SHA512
db98c698491fc393271d54d7bf0f00446b78b9b673f180c6f69caa6ef16a55387f2364c8914b43fbfacff7c5dc7903405af833ae2783ceca00bb15d0e7aab59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587e53.TMP

Filesize
871B

MD5
76aeb074fb36c568f5e4de88bd8083b5

SHA1
77607d29ce9031f5f07b7851f04195b467a7aa71

SHA256
2255d781d2f1c14e50d7f3fb9ae9d1383984ca8dba0eac3202c23a4ee116643a

SHA512
19a38a409dc1eeb1cada4479fe0d8c15bb012906469c462c4f33cb7dbef50f8784957c1a0f40c33704966389ed5a6f5fc0b95abc3af98257acafa8ced6841650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
baec8364c29d769a3240adeeccd07ae1

SHA1
d48527bdc89f7e27b3eaabb2d644f1fe08d4c970

SHA256
4a93cc58dfcb6c7aff485c1aa5e0c4acfca0c3f00426fcb58897cd5a0b6569d3

SHA512
3710082a532053395bae1ccbc99a2fec37b9df9dc376c55d99c9d66acec8856d7852b89af416ddf7c7ce3266ad3bc412b975ff0688de3cd8f2ecadef8a337632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c7e118579898e8dff0feb297cef4f33f

SHA1
27c5cbbf85ff60c7fb203cf0a7baf2d13ccc8383

SHA256
b4727148a0d0801c3f55811c92d6bf3bf0e15abc5c3dadf40fe8ae9771bb12d1

SHA512
25069dcfdfbb5875b7ccabae3db3f3c665c99f05776dbfc0ea5839f3df700a1e77fa73de6c3b9c38f47bb8936830e58bbc4112261abcf8972bc365e240ed660a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit