Analysis
-
max time kernel
855s -
max time network
813s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
23/02/2024, 09:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://
Resource
win11-20240221-en
General
-
Target
http://
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 10 IoCs
pid Process 992 FreeYoutubeDownloader.exe 3804 Free YouTube Downloader.exe 3472 IconDance.exe 3656 Box.exe 1336 Free YouTube Downloader.exe 2868 Box.exe 412 Box.exe 1296 Box.exe 844 Box.exe 4868 Box.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" FreeYoutubeDownloader.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 7 raw.githubusercontent.com 45 raw.githubusercontent.com -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe FreeYoutubeDownloader.exe File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe FreeYoutubeDownloader.exe File opened for modification C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe FreeYoutubeDownloader.exe File created C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini FreeYoutubeDownloader.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{885D9A01-FF0E-4F66-A6AB-FF49006426FF} msedge.exe Key created \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
NTFS ADS 4 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 788772.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 940220.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\IconDance.exe:Zone.Identifier msedge.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1328 vlc.exe -
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 2724 msedge.exe 2724 msedge.exe 3924 msedge.exe 3924 msedge.exe 4588 identity_helper.exe 4588 identity_helper.exe 1652 msedge.exe 1652 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 2208 msedge.exe 1644 msedge.exe 1644 msedge.exe 1608 msedge.exe 1608 msedge.exe 840 msedge.exe 840 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1328 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3804 Free YouTube Downloader.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3804 Free YouTube Downloader.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 1328 vlc.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 3924 msedge.exe 1336 Free YouTube Downloader.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 992 FreeYoutubeDownloader.exe 4012 MiniSearchHost.exe 1328 vlc.exe 3432 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3924 wrote to memory of 1952 3924 msedge.exe 78 PID 3924 wrote to memory of 1952 3924 msedge.exe 78 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 4120 3924 msedge.exe 79 PID 3924 wrote to memory of 2724 3924 msedge.exe 80 PID 3924 wrote to memory of 2724 3924 msedge.exe 80 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81 PID 3924 wrote to memory of 3008 3924 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd82⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:82⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:12⤵PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3456 /prefetch:82⤵PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 /prefetch:82⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1608
-
-
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:992 -
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3804 -
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"4⤵
- Executes dropped EXE
PID:3656
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"4⤵
- Executes dropped EXE
PID:2868
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"4⤵
- Executes dropped EXE
PID:1296
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"4⤵
- Executes dropped EXE
PID:4868
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3204 /prefetch:82⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:840
-
-
C:\Users\Admin\Downloads\IconDance.exe"C:\Users\Admin\Downloads\IconDance.exe"2⤵
- Executes dropped EXE
PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14133644853495655951,16219629659517583548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:1180
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3416
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4012
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantStop.mpg"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1328
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:2656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=3357891⤵PID:4112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd82⤵PID:1644
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:3432
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:1336 -
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"2⤵
- Executes dropped EXE
PID:412
-
-
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"2⤵
- Executes dropped EXE
PID:844
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53b1e59e67b947d63336fe9c8a1a5cebc
SHA15dc7146555c05d8eb1c9680b1b5c98537dd19b91
SHA2567fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263
SHA5122d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0
-
Filesize
152B
MD50e10a8550dceecf34b33a98b85d5fa0b
SHA1357ed761cbff74e7f3f75cd15074b4f7f3bcdce0
SHA2565694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61
SHA512fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87f81bf4-5155-4d94-9c25-2c4fd48ba023.tmp
Filesize1KB
MD5020613abd6fbad42497ea9141f8219e1
SHA163c98cd8ecd0aef9502c2121c40a430efc4edd52
SHA2561154b4ca6109bdecc4bf7ac3929e40bcdc5fc5f5636522bdaa1c41370bef1849
SHA5127b4d6b8a2eb590479507971a1bbf1b276dfe156ca9c7324babf3df985ab20feab0fc957aa0465f5c3315d706affeaee6723ba2a4f2bc8905657013973ced76e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b79abe9-5d12-4fe2-be94-febf116a2a34.tmp
Filesize6KB
MD59c7640451beec795965d9f5306459304
SHA17b394affd3eadb72cf8551c1c1616de496271745
SHA256f30d512c0944de2835e88c4900213988248c06a56e83a25e3f897f478f93a2ae
SHA512a49f47e4acc9769ffe5ea5accdce24ede198c9721452960035414bfda56857e5ebbf1cad3546d82d0865625bc6f7e1a6f333fb9d4404555810103e0a2411fe49
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD51d518b4473325bf5f34a832c76d3a066
SHA1424a5dee6800d4161b09c0643cd4064a79863488
SHA256c03e9db258f44c4874165d27b3d4d674a7960fc8034391a1bdfc226fdc19ca5e
SHA5121ead2ec85fbd360628dd1c64fbab462ceceeb2607351addef499051fabb4696d4f29e10a497dbfbb5f48cff2c12f066b0c60d370b60eda25aad14a28af05b73d
-
Filesize
856B
MD54ae4fdf3158b48ea9bb8600193638c43
SHA1d656d23b8ce311b430092a7d7fd1809c18f716a3
SHA2568a9dfc8a48fbb0bdf9aad545db55419992addf1868831568432a0774056587d6
SHA5121aedad053bb1bb6cd3cefe4568b6461c857736afa19ce43e08c617e4284bbc61139d4fc5252c51e06e9f458ff4008ae83e24eda36c0fc670f7dd72f3137e4bfd
-
Filesize
939B
MD543ddaf6311637a5a8ccc93ee415c65b4
SHA148ced2e93dd4be6a6cb6d84503262347c7c57401
SHA2568bfa5719d60ea53cc748978e743e9ed59de12b1c0ff97d0ffd4daebf96745ac0
SHA512d26552824ea4e3c5315a8dbe159182a65171c234ad1fff3b5ca2fbecae1c86fed5347f4c5cda64ecf1978fa777e3d6255a734861bd2e44d8e5fccaacf9d8b3a4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
939B
MD5f3171a0acd1ea136cf912607270a47e2
SHA1535f7963bf6f82d4c9eeca2f40ee6190aeecf98b
SHA25694c404bd4c3d0d6423099f2cf0ebcd39688230ec048633ebba84157805b37b67
SHA512a9be720885ff9a9c8b900d83390333b846cd4c5e7df910fc3d797b8529792c7629243801b7c479ee66d50da5e658e70a4bf8c903610f893f544b106fe527606c
-
Filesize
6KB
MD585e3e17c70d5feb208e3b2cdfc510a6d
SHA18ceef55758d6414da3327beaee86f4bc90155346
SHA25613c1cdc15cae0cc55f31642cd0ff6e49f2cb1b7edce5182a321e2bb7a1de2754
SHA51263ad117a82b23faa87a05efe6cce46ee73d0a1516bc8dca9b747d17ccff23ff508538d2aebd1cf887ef6daeebd667aa07f1c53d886b823efebe699c94a8171e2
-
Filesize
7KB
MD5b32159d92e840b78a8eb63a1adad6e23
SHA11ff2ec5a951d864d4a381531b1e5090958c98383
SHA25615256ba4057f7c88c7db850f314ec8a485ff30c36d90903f641ed5de242e9b69
SHA51231accb86dcd7b6e977b59bd9b2a9f67ebe77bf90d7347c1cdf9737bffd28f0bc107e386cd6ea9cf7e3a41493572c5db2e647c8f3bce619845bed14922846a360
-
Filesize
6KB
MD5268413a6d3ad87bac5e5619479114168
SHA1dc2189739e3bc9a4034ccb2a90057321ca5fb3da
SHA2569c6b5da4e8641dab3fd1b8586a6ac2126c5bb051832639b2a45fc51bcadd8826
SHA512375fa6d4b36ec719e5ae60aa1adb9eab4afbd0fbcc896c39de164d4f9819e77413c3e8a1abb46ccd2b0ca5c9648d67de1cefa886f68d5e031f9ad3ee76a600b8
-
Filesize
6KB
MD5660e35ee19db277e865d99e840ae7eab
SHA159daac1db5f0a79eaa6309b18b572f05c3ff2b68
SHA2565307979ac1b183f0e864e20021202e6ba443ea621c11882da5c70ff426ab49c3
SHA5124efc682712c41b160afbec8185e807a6dd1437fde112ce8320bc3224114a0fdb80544f34a99b1e0a6d049992cd65be3c761390649c9076ac278678fd8666d1d0
-
Filesize
1KB
MD547c64c6a4d85e10963c42f0c96cfd276
SHA107f29f21240dd8f296be1f78b35811a520245ecc
SHA2562c304c1d7ad9ab0c8bf40e495eb9631b52528d8252da958e7c89e07cd018f31c
SHA512073694f76495e2dbc33a030a4ffc4b099109cc7a393512350f441670ab911e4b3361d324ce04b32a060d0c4c0dbcf46bddd3d3ca348e133443b98fab3cf5c6eb
-
Filesize
1KB
MD5b6d58b6a522a3fbc84dc93c9f0526544
SHA1559025111331df970a9fd1821f543a1efca898f6
SHA2563526358e93935ffeb0137b8e175dbfcadfa6712a113616cdea8d5821e547e388
SHA512a02f0d7a8e9cdc63c614bcacb031fec783da25b1cebb5801139b81818185e9ea79de3c2bb0a28bb65ee84ccfd64f1c01c2362e9f755451a05c0f81265ae9a8a4
-
Filesize
1KB
MD5e6db387faea27bc80d276bc9dbfe598d
SHA1d79eb4cdfa2de05233aedef30778973cbe5e369f
SHA256e2fedd81de9ded7c45ebd2b3b8d7f056987570fc0cf085ec90a91b5bf5e00a31
SHA512a81b1644cd8997ad8dc1c22ae486ab68c5ed4c29f593869ad18caecd69d17826f516f5dc4f109d95384c2de79152054d385d1f60244747ac5d968386c2515c6a
-
Filesize
1KB
MD51cc2530db496d972cc896acb38d37e7f
SHA1ce7af611e572ada1246ffec2947dacae8e9b405b
SHA2569a5df9edb63dd29433bf3cc23a0258783f3878856eb21d8c59df218b7498f162
SHA5120ebc93f85554b53b9a4f5672d7195b06fd5a75835891e8f1bd635a90b13f9366c10578c20f0d31b6567dd44024934ee5266d7010a659641f0e6eb0e8734e0fed
-
Filesize
1KB
MD5cd50f7ddd80fe366841ab24e5dfd5428
SHA1ed8b59554234c0b1d2ccb000206db416bcf647dd
SHA256caf01f6f0b98e43d10af8e7069537b9486d4d75f34f950aeb48cb624deb8eaea
SHA512c44afea919ebb814dc752fcf20d0e9b9d1c76691411fcf14f3f957c157c59efec5e0dd49435e56b79dd3ff3be78bda477d7cedab9eb19254ca5a7e7c4d7d9503
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58c69522827d8913d3fc84b88887faef6
SHA1803789004fac51d880e0b45ea3dfd50801782924
SHA25604970cd41e39cd6fc6523e7486cd64e692dc0b6c5683ed5865e1153e0c3ccae2
SHA512dbe45be10b4db027a3744522b749c79a1e423af543ec53b6b5202c990e10b4799dd4c7a482859291a48ab8e15f029dabab8a07d0588fc502c27ac49bf7eff193
-
Filesize
12KB
MD52cfc11e9f49ed8128331918a9465ed36
SHA1d586611406f2b0596e11ab8b936d523a5fcc486e
SHA2563f39e890476f02b8ff87c82f485292352afd3cd7ed78e78401bdeff44b092654
SHA51270b381064dd8359800074a3017fa84607df3c06e9f0aae658f950c3b2ef3bdfda4221c071ac17f7a29829f7965f7b5101e06809a3ccd0086f23f2f2f90c200a0
-
Filesize
12KB
MD51167c7bd170c13fab49b6c8216d139d2
SHA16ae2b7974eac975dadd5fa703fe3310b4886f4ac
SHA2565c20bde62f722f57026ba8d9ec3e8a0a3c83106096649a414b6de3b08fe95154
SHA51284d2660e65ce867ee6a9ce023073b006a30404732ef275e70251f9e0acc6bff7e53321f33ab00d34f50712bf10a792d308cbd06ede22b053e6408772e57e5d63
-
Filesize
12KB
MD5681816b6df5e72c4cecc9f022c950c25
SHA1e4bbc4e45e264ac2054a9dec4c9cbce140b74a1c
SHA2564598fddadd03a4a882aefc26873f23ee207abe0810adcc4d4eacad23e2d02f21
SHA512947d61368199f767759df2c8b33292b6bd5e6e301f0464c98de8482626c4922dc667e6efd2ceee58e35c5caeb6a818fee1b99d207529626606e4f338e1855ed5
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD582678367fa4297a26727ccc84e0b2f60
SHA10c65ab90390566f7d2f5b4751b9027f6bac1d22a
SHA256fbf7356b28e05edc871dda40b318b147e6d07ece028da3d67c3cfbd30bfa0f29
SHA512e5474444eecac25a06fe26a22dce9aa9311740dca264de1c824a36a7bc55216f301e934667fe0b9c3c7b062694f8a37e45ecce6b3889cb33bb47ecb9bd198db5
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp
Filesize10KB
MD528d32a16ce87d488acc7632092f7d566
SHA1325dd247e49113dd987531ffe7ca26c22ce08c31
SHA256ba6d4f09117c098bd27508a14d44822f13399ebe16d5d2539ad2844157fa4907
SHA5128159021f9d0e28d370faddf7fa41aa9d4bdf7a1aee71779706e43c30486526a0636568d8f90c580da543f8393f546090f71f87382f99e3e0a2b227b04670af57
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
396KB
MD513f4b868603cf0dd6c32702d1bd858c9
SHA1a595ab75e134f5616679be5f11deefdfaae1de15
SHA256cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
SHA512e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24
-
Filesize
301KB
MD57ad8c84dea7bd1e9cbb888734db28961
SHA158e047c7abecdd31d4e3c937b0ee89c98ab06c6a
SHA256a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095
SHA512d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb
-
Filesize
438KB
MD51bb4dd43a8aebc8f3b53acd05e31d5b5
SHA154cd1a4a505b301df636903b2293d995d560887e
SHA256a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02
SHA51294c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce
-
Filesize
153KB
MD5f33a4e991a11baf336a2324f700d874d
SHA19da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20