Analysis
-
max time kernel
300s -
max time network
301s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-06-2024 12:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.modrinth.com/data/DFqQfIBR/versions/vQKpDviw/CraftPresence-2.3.9%2B1.20.2.jar
Resource
win11-20240426-en
General
-
Target
https://cdn.modrinth.com/data/DFqQfIBR/versions/vQKpDviw/CraftPresence-2.3.9%2B1.20.2.jar
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618926338155576" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\CraftPresence-2.3.9+1.20.2.jar:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe 4776 chrome.exe 4776 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3284 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeRestorePrivilege 3284 7zFM.exe Token: 35 3284 7zFM.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe Token: SeShutdownPrivilege 3140 chrome.exe Token: SeCreatePagefilePrivilege 3140 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3284 7zFM.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe 3140 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1104 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3140 wrote to memory of 4984 3140 chrome.exe 77 PID 3140 wrote to memory of 4984 3140 chrome.exe 77 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 3476 3140 chrome.exe 78 PID 3140 wrote to memory of 4740 3140 chrome.exe 79 PID 3140 wrote to memory of 4740 3140 chrome.exe 79 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80 PID 3140 wrote to memory of 2260 3140 chrome.exe 80
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.modrinth.com/data/DFqQfIBR/versions/vQKpDviw/CraftPresence-2.3.9%2B1.20.2.jar1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff363eab58,0x7fff363eab68,0x7fff363eab782⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:22⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:82⤵PID:4740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:82⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:12⤵PID:2288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:12⤵PID:1040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:82⤵PID:5084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:82⤵PID:860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:82⤵
- NTFS ADS
PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:82⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=992 --field-trial-handle=1768,i,13337196805375462077,9155864109308296936,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:772
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2480
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CraftPresence-2.3.9+1.20.2.jar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3284
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1104
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
929B
MD54ff82b6f2254f88edf12c5201f19de9b
SHA11b76a889283e5070af753d63a687ffd477a7b38b
SHA2563576f508c4753ae95f97f4d523855d014fd5a98a9c37e5b8c5ef9944cfc8b1a8
SHA512f5c0b58f8603fbf50546baf4a51abd6973827dc849ff446e02cb6ecc586b606ab9588a094e2a305cb36a895d27fe93c7b3cf888265e13f7cf0b135699c142cef
-
Filesize
1KB
MD50803bee22f5eaebc1879c6e91ee91694
SHA1cbd0f7d4e9048d132f187ed914f2ea09d2319da5
SHA2560dc5962f097d7b80ba8a79047e9fc39910c5281d9ed4749085f04a04ab3a6d67
SHA5126a58c78f0afe777af84ae24f6b0f7765ea4fa2530cf366938d8e213480c22060da5f88e7bb4ac7171d75d99a13e7b3524d3b9e8c9f6c550528fdf872f38de8ca
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD55d7485f4688d38960fafbe62703974d6
SHA1a6cb763e8259ec05786c9bd005f1325dd66e519c
SHA256fcdd254fdecb3a6529f30784b5e93ffd3628b09cb7215d0bd059b1038c1c4859
SHA5121865df1d6d103127bad2a7febb624854d2a1c31b9ddb2389c289f671d135af5995a226eeac587fae57d8c0525c3567b27863b62612e1067acbccf3fcddef2b7a
-
Filesize
7KB
MD526ea5628c4bc5c49402a30bc67ae7e4c
SHA1b5e3d2e6ef6d659f0fc0c43e9702a7451badecbf
SHA256fe3516c12351c6ccfe4ef26019d31c723533a1892cf376e7f3d4b9241a0e404f
SHA5121a9a2723a5dc95b53142def459130ec90a029e076ad9037ba0f15a9b507e1bb69f4e3eac306e388179566104f79ab6b1a88203d1ce7e25b8bec3012f659ade70
-
Filesize
7KB
MD5a6bdfaee163de4092fa00a4c0ecedffa
SHA17a569ea32af6e4ad829077abd99d43348ef72a03
SHA256ce946401d70d5c99a27552055ffad1bf65f56cae82d0c3f93f70028184d85e1c
SHA512fbfe05af3f3a35ab112aefd1495cf1c8152aa363a3ddc3450c809b231b76bcf9d781438ede2c6962c2e656365c33538659d1d449f70e037c1f8c794eb6716a8d
-
Filesize
130KB
MD56b96cfa4b90cc5fea93696a017b99e17
SHA12a0693ace40b7146817d21c1280cbdf20c8585a3
SHA2567128b2cb9f88ae7b9d512280584ee00a6c45407c08e3d02d7cd5d307ca9c10dd
SHA512ba2965708f58b0d60a947f2ae29c6b6a511a10a17522744ac32a38c7345960b034d88769f339d89717d809b678d3db0893c0fcbb67350325014f8e8af270a54f
-
Filesize
92KB
MD51ace32aae8777b25c590bb46a4b42308
SHA18939f3294e9c5c26e41103cb6b75a1147319e244
SHA256f747e8e1eac2e7acbcc85844bc7b1521a1fa2f3b2ff1ff620601ac9d751aad7c
SHA512e8af50f35e9fa7fade587b53f22be422b729460ea81f426567f0c13427dc6cc3784c080ea2ee183e47d88df5d12615e2e23e0a5f44375be490a94edbd635d9ec
-
Filesize
88KB
MD539ba5fc72cb3864a03f90040739a68b8
SHA19103f420939aeacf14ec65cceff8be803ca20b5f
SHA256498b1d4e48e58a340503a9cbbe64c633d058d106f8e8d8d2d7e90f3f6786e5bd
SHA512936d05caad0f0ff60a59ec3bf6f423f7af0e08e8d7958d8453751b479ace5c4a2061e9b1ae5bb33f0d0bf0c2301067cf522e7fea2d9a1ec82bd07b68dfa0bb0d
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5643bd05d5a2a61cea15ca384ef728d9b
SHA1d263a46373da09b1d7c20e3c607016b7b221311e
SHA256f0d07235fe5aeb9fe463bf0e1fa7b50c53768763ea61840aead602fb076a9525
SHA512fc004b28c3eaa9cbda9b7eb94179148aa97279e18112b737dd049eb5d21015e140a321c0000f7d97307bf45193ac68109f411249a849c46ed060c362fbc773ce
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5394f971f95da279c2ebf1a4113ce8426
SHA174f73a16920c5919ccb7788e3c2429c291da34d3
SHA2565555d03ce11acdeae26b199b7bdf7220be2f8a4668800c29644740857576659f
SHA5121ea93d43096e70a182b4a5011b20b2a0c3558b907039c8ead7c3f89cc360b8ee635789b15398ef42f6a0c74a98d9f070290d5e98f786017e4d6bc3e25a042f33
-
Filesize
2.3MB
MD536beff32b691c67f1645b3e8c836acc3
SHA1f23488f673fb383e362e86759dd546f15714bbb4
SHA256ad107ebf34992b85ed37242e53645499cfc9cffd9671da99b0293c7e29297a42
SHA5122460d1db20597364b4ce9d8f2a0942968fc0f540343fc13f62728396c6f5e3b022badf7cb4cd111092ca8648421dada805405504445c35688f5f497f18c3eab2
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98