Resubmissions
30/04/2024, 19:07
240430-xsnlysff98 630/04/2024, 19:02
240430-xp4h1adg51 330/04/2024, 18:59
240430-xm3hxsfe56 3Analysis
-
max time kernel
204s -
max time network
142s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
30/04/2024, 19:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Awesome_Themes_for_Win_10_11.zip
Resource
win11-20240419-en
windows11-21h2-x64
9 signatures
600 seconds
General
-
Target
Awesome_Themes_for_Win_10_11.zip
-
Size
11.0MB
-
MD5
5dd2dd6e7ae7ba639b692ef2b6d3f1a9
-
SHA1
c5d0572b5da16ad7bb4e02c7b72fcf73cc5e60e1
-
SHA256
2e2656188213e45009dedd4f6ed00c31620718d802fa02d7474885a8af687bca
-
SHA512
e10944375345952544343d1215d0a3c13ed2587c9c128443f084f2f0304cf0c7f4118f34ada391a02dae9565873df4474f47241947600bb0b5d6df3c6ecb3c41
-
SSDEEP
196608:EAuqcoJDcYJqsKeEjs44hQ6yshDrtcarr5Ds4ZRi8eNL8ce5XiGTfejhVMhYedk:EvItnKeU0Q6y2Dx5rr5gsvZrX3WFVMho
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\Z: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Q: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\T: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\K: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\T: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\K: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\U: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\U: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\V: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\O: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\G: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\M: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\E: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\V: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\X: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\I: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\N: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\H: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\J: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\P: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Y: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Z: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\G: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\N: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\O: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\A: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\H: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\P: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\A: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\P: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\B: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\G: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\L: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\R: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\X: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Z: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\L: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\R: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\L: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\T: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\U: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\N: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\W: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\A: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\M: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\S: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Y: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\K: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\I: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\E: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\W: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Y: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\J: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\S: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\R: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\H: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\J: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Q: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\X: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\V: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\Q: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\I: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\M: [Setup] Awesome_Themes_for_Win_10_11.exe File opened (read-only) \??\S: [Setup] Awesome_Themes_for_Win_10_11.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3180 powershell.exe 3180 powershell.exe 1372 powershell.exe 1372 powershell.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1664 [Setup] Awesome_Themes_for_Win_10_11.exe Token: SeCreatePagefilePrivilege 1664 [Setup] Awesome_Themes_for_Win_10_11.exe Token: SeDebugPrivilege 3180 powershell.exe Token: SeIncreaseQuotaPrivilege 3180 powershell.exe Token: SeSecurityPrivilege 3180 powershell.exe Token: SeTakeOwnershipPrivilege 3180 powershell.exe Token: SeLoadDriverPrivilege 3180 powershell.exe Token: SeSystemProfilePrivilege 3180 powershell.exe Token: SeSystemtimePrivilege 3180 powershell.exe Token: SeProfSingleProcessPrivilege 3180 powershell.exe Token: SeIncBasePriorityPrivilege 3180 powershell.exe Token: SeCreatePagefilePrivilege 3180 powershell.exe Token: SeBackupPrivilege 3180 powershell.exe Token: SeRestorePrivilege 3180 powershell.exe Token: SeShutdownPrivilege 3180 powershell.exe Token: SeDebugPrivilege 3180 powershell.exe Token: SeSystemEnvironmentPrivilege 3180 powershell.exe Token: SeRemoteShutdownPrivilege 3180 powershell.exe Token: SeUndockPrivilege 3180 powershell.exe Token: SeManageVolumePrivilege 3180 powershell.exe Token: 33 3180 powershell.exe Token: 34 3180 powershell.exe Token: 35 3180 powershell.exe Token: 36 3180 powershell.exe Token: SeShutdownPrivilege 564 [Setup] Awesome_Themes_for_Win_10_11.exe Token: SeCreatePagefilePrivilege 564 [Setup] Awesome_Themes_for_Win_10_11.exe Token: SeDebugPrivilege 1372 powershell.exe Token: SeIncreaseQuotaPrivilege 1372 powershell.exe Token: SeSecurityPrivilege 1372 powershell.exe Token: SeTakeOwnershipPrivilege 1372 powershell.exe Token: SeLoadDriverPrivilege 1372 powershell.exe Token: SeSystemProfilePrivilege 1372 powershell.exe Token: SeSystemtimePrivilege 1372 powershell.exe Token: SeProfSingleProcessPrivilege 1372 powershell.exe Token: SeIncBasePriorityPrivilege 1372 powershell.exe Token: SeCreatePagefilePrivilege 1372 powershell.exe Token: SeBackupPrivilege 1372 powershell.exe Token: SeRestorePrivilege 1372 powershell.exe Token: SeShutdownPrivilege 1372 powershell.exe Token: SeDebugPrivilege 1372 powershell.exe Token: SeSystemEnvironmentPrivilege 1372 powershell.exe Token: SeRemoteShutdownPrivilege 1372 powershell.exe Token: SeUndockPrivilege 1372 powershell.exe Token: SeManageVolumePrivilege 1372 powershell.exe Token: 33 1372 powershell.exe Token: 34 1372 powershell.exe Token: 35 1372 powershell.exe Token: 36 1372 powershell.exe Token: SeDebugPrivilege 1480 taskmgr.exe Token: SeSystemProfilePrivilege 1480 taskmgr.exe Token: SeCreateGlobalPrivilege 1480 taskmgr.exe Token: SeShutdownPrivilege 4668 [Setup] Awesome_Themes_for_Win_10_11.exe Token: SeCreatePagefilePrivilege 4668 [Setup] Awesome_Themes_for_Win_10_11.exe Token: SeDebugPrivilege 1220 powershell.exe Token: SeIncreaseQuotaPrivilege 1220 powershell.exe Token: SeSecurityPrivilege 1220 powershell.exe Token: SeTakeOwnershipPrivilege 1220 powershell.exe Token: SeLoadDriverPrivilege 1220 powershell.exe Token: SeSystemProfilePrivilege 1220 powershell.exe Token: SeSystemtimePrivilege 1220 powershell.exe Token: SeProfSingleProcessPrivilege 1220 powershell.exe Token: SeIncBasePriorityPrivilege 1220 powershell.exe Token: SeCreatePagefilePrivilege 1220 powershell.exe Token: SeBackupPrivilege 1220 powershell.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 564 [Setup] Awesome_Themes_for_Win_10_11.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe 1480 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3524 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1664 wrote to memory of 3180 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 86 PID 1664 wrote to memory of 3180 1664 [Setup] Awesome_Themes_for_Win_10_11.exe 86 PID 564 wrote to memory of 1372 564 [Setup] Awesome_Themes_for_Win_10_11.exe 90 PID 564 wrote to memory of 1372 564 [Setup] Awesome_Themes_for_Win_10_11.exe 90 PID 4668 wrote to memory of 1220 4668 [Setup] Awesome_Themes_for_Win_10_11.exe 102 PID 4668 wrote to memory of 1220 4668 [Setup] Awesome_Themes_for_Win_10_11.exe 102
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Awesome_Themes_for_Win_10_11.zip1⤵PID:4388
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1496
-
C:\Users\Admin\Desktop\[Setup] Awesome_Themes_for_Win_10_11.exe"C:\Users\Admin\Desktop\[Setup] Awesome_Themes_for_Win_10_11.exe"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -Command "(Get-CimInstance -ClassName Win32_VideoController).Caption;"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3180
-
-
C:\Users\Admin\Desktop\[Setup] Awesome_Themes_for_Win_10_11.exe"C:\Users\Admin\Desktop\[Setup] Awesome_Themes_for_Win_10_11.exe"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:564 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -Command "(Get-CimInstance -ClassName Win32_VideoController).Caption;"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1372
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1812
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1480
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3524
-
C:\Users\Admin\Desktop\[Setup] Awesome_Themes_for_Win_10_11.exe"C:\Users\Admin\Desktop\[Setup] Awesome_Themes_for_Win_10_11.exe"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4668 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -Command "(Get-CimInstance -ClassName Win32_VideoController).Caption;"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1220
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\[Setup] Awesome_Themes_for_Win_10_11.exe.log
Filesize2KB
MD504c205a3fc79005c66d4269dc600e0ab
SHA11f128399af931eea6a0fcaf11fafa2fc6eb16b65
SHA2569460dd54a9cd6128a3b63e87c234f9374c8c6320993f59d97092f9b6b331ae9e
SHA5121a1036df8b88c74c373c371ee65ab9c4893d74b9488507604cfa13d82d1bc2d81686521f4d5196ada5e59831eba4f1bbe2b96210b41a3e41aa64bf7ec71f781d
-
Filesize
3KB
MD505850c6c0442ea6966fe2a888f219f4b
SHA1e6b1c8eb783b307672a6f06b785a7e9b78633b46
SHA256f51b54c5f5074076216b2d0a3e66c13e80d8f1da311614ec15c9170dff11ad5a
SHA5129db20e00e103700f67256568e38f9b37f29af3c30f3454a38b3e033c6c2f6bd796c5b5a8c5faa98bb45d7521d76c2bf323d503b8a0196cacbd701167d441c6f9
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
1KB
MD50bf24cb5afce6a795556c5f78e5596d1
SHA1346f801251325229af06f880c0df9b146d29b2cc
SHA2561a9adebf24ba029a5dd5a93807b745becae8790bc5bc7309257ae09bdb66d08d
SHA512538e400a94c04af4ec99c6b00f96a50822aa6c397bed8b4fdc38f045633558f1a7ab8ac67bcf96d1da2f588d90b8f586aed65818cb7062b6f9b9d3a9dbfe6872
-
Filesize
1KB
MD5e67ab234089ef141250c6521ce7160f9
SHA15f41f6f2792ea49624beb224540e49af2d2af64c
SHA2569e6f6d7ba3d7680da46ec97835da89148d3566a7855b38b118ff079f1f62c315
SHA51267ff32bdcbdaeca51bfbbfa1980bc725c89f361ae4629c49f3cc04cb89d5a8502a1de0d96d78b4c38558cff16d1b95ebd2f396c8c9fbc85966e33de6cd56065d
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD52f686552f463dacb3a39e97d1a410c9d
SHA1e4fe9947c26763394b6cd14fa1df940c9af7de73
SHA2566cad84b8c5018d81884c058a9c3482291eaed55fe439371ccf677519652b51b6
SHA5129eb4a075437e51691420c8c25c32a905735c686f6ae2206a852405a3eae902fb6f66e23b8b817e724505257a78c8f174481bdd4b6f229d2c899983c77826a449
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD552b2c896bd2592cfba6006c70afb9c33
SHA185b5af5a859462eb5b9db12e9bdaf60063a098cf
SHA256899500eb02c81213d25e4d0b76cd212b00d1c846cc28e49d2817871bbd41f4b7
SHA512aa2e60992dcbe782d185517369e8dbc440d84b3f4ba098125907eaa416bfadf7fb5f0fdf72dcfaa2860756a6d861e4459245f87b6b02b37218bf19caf5d36bb8
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82