Analysis

  • max time kernel
    150s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-02-2024 16:13

General

  • Target

    WinIconMakerFreeSetup.msi

  • Size

    35.2MB

  • MD5

    1414b254f44bba8e17b01983dc22adde

  • SHA1

    a12059b028647968a03d9483815dc5c13bb4b841

  • SHA256

    474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

  • SHA512

    1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

  • SSDEEP

    786432:XotrfQO1b8zWttlyhgMglwI4nFbZ2s7i4iOXmditJf0nnPl1x:4trPozWtPyhXJdi4i7EtW91

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 8 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 25 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\WinIconMakerFreeSetup.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:5112
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4768
      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe
        "C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1384
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:4692
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2c8
      1⤵
        PID:4056

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Config.Msi\e599746.rbs

        Filesize

        15KB

        MD5

        09a4f87773874ee39d6bba5fd9fc5740

        SHA1

        ed9b5339faa78e3440acebeb232a6c0864c10a88

        SHA256

        04a63fc62029ad22e1fe267ae4cb4853b45608ec57152250e67abe327c4150ce

        SHA512

        0002c6d078f6570b6e9dcdf57b24f8fd8c13e69d3d48af4ebce898d023bb2be287a3024e4fd13050fbd2a048258988f6b2cfbcc878c6f992394feb1459ffd178

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPKernel.dll

        Filesize

        3.2MB

        MD5

        00098438ab2cc364ce45d98902fb2b2a

        SHA1

        2a88a24a659f9a7962a4b6602b96d12249d2c790

        SHA256

        bffea8bdb7811b3d52473c07ef2c539dcac00df6bce60c7cafebf8c7beefa52b

        SHA512

        ca430ad171f53bbf3e7d670a9ba2961e3a0777abb640fa64cb722a1eb434f4c86bb71e2b3f6be9f1e3081e13a21fb38fb491a53134e9ac84f71c5fec237abf5b

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\CPPlayer.exe

        Filesize

        17.3MB

        MD5

        b39fb3cf854f8628c2f38298e0965687

        SHA1

        5931c9f88231e2cbb86010224a4d8604809e7fc7

        SHA256

        fa203e315d9cf5190da708dea03ff34c1df172c992df671aa3db2f5513a70d76

        SHA512

        133c98145e4bc2012198593bfe23c0b3b965a69e3bec7eab4718832daf9013cbe96f040acd64ea0b1d46631ef96c1f779b7f0d5b1b5ca32c14b20c5b8995c2b2

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Fitness.raw

        Filesize

        5.8MB

        MD5

        67565ca5e464eb4cf970fcff3d73d28a

        SHA1

        9ad642857222691f9e532727233d42a2ffa98330

        SHA256

        f8f5766d57653559927075c6328e613ea292a4da0e185feafbe3d353ef9cb27b

        SHA512

        7123d2177ec3250c85870f4ab51799ae506ad711528c298963396d5b90d93260bbeacc085b4d7a93c640a35b0d2de3873e72a8f23f75ada3378fe7ab34cc422c

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

        Filesize

        384KB

        MD5

        effb49b87af8fd83cb8bfb7f459d12ea

        SHA1

        b37534f95317a09994e25090236470aa576e0ce0

        SHA256

        a5b48cb35fdc6574d6727386f861d797db38f90731c5bf93db74506f11c41e4f

        SHA512

        bc30333e61a972e259d7778603664985aaad7ef5683115de8ca867b610ca1003bdc8b8369877a0e3e741366be2497a5a2ff5698861f1c221f2d790a5b913a73e

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\GImageView.dll

        Filesize

        320KB

        MD5

        977c024c0d72dd6cb5261fa7ea4270d3

        SHA1

        07a47547dd5ba980132b7d3149b21bc58164399a

        SHA256

        b1eaa24faff0030197c411a78edb17054591638aab14e6e716c8ad52ac832490

        SHA512

        dde60a85adf890af914546a462c2c6e73b14da334d35930d7d426c91dec8c2af4909242dc61e1b97efaaf18f5fa0efd52264535a7efb8a923eff79c2c94a7a3e

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ImageZoom.dll

        Filesize

        283KB

        MD5

        b01a100820095dc05fdaa0d1c3b5ca14

        SHA1

        70af3c7337248cd4dc8c65d5ba1d18d3fba926b0

        SHA256

        ee7205fa96539f9d9e62f5a403a06004c6c7235b7caee368dcb0db3a765c21ad

        SHA512

        883891959202294edceb3a6360f450182d59e097bb4b0f9fe18b5316c6591aee04d0cd5bf01c1b23d1727b59eeee7c148e56eea2a7436902170993318386933a

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\License.txt

        Filesize

        3KB

        MD5

        cc5d000307075f7c16eb5cf2c8606c8d

        SHA1

        0169dbed302b8a3d142522e6bcb6040609d07232

        SHA256

        66014baaf612e3aa3084b0c9d7fd95041606f6157236ea10e80865e7cee4cab4

        SHA512

        d8cc2a3ae2bda1ad7d07f5ca4645c60d67bbb719ea8c42696e749604205b43fbb8630060924a486fee7f8f38984e53ab9c9016eabf8a548f9eec177d5d8b268e

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

        Filesize

        524B

        MD5

        6bb5d2aad0ae1b4a82e7ddf7cf58802a

        SHA1

        70f7482f5f5c89ce09e26d745c532a9415cd5313

        SHA256

        9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

        SHA512

        3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

        Filesize

        548B

        MD5

        ce3ab3bd3ff80fce88dcb0ea3d48a0c9

        SHA1

        c6ba2c252c6d102911015d0211f6cab48095931c

        SHA256

        f7205c5c0a629d0cc60e30e288e339f08616be67b55757d4a403a2b54e23922b

        SHA512

        211e247ea82458fd68bcc91a6731e9e3630a9d5901f4be4af6099ad15a90caf2826e14846951fdd7d3b199994fd3ac97ca9e325cf0dfeb9474aea9b0d6339dd3

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Player.dll

        Filesize

        84KB

        MD5

        08c68e4121ceeac71745015bf17126cc

        SHA1

        103792ab800377092aabefbf4b94d0a882afdc3c

        SHA256

        e18254dd1e074eb57971d91ab62502611dee96aba1203f2b21810d8d0e761b3a

        SHA512

        d66c9db8a876260f4b86604dd71a52b72dd91d79b7d1da711c45577b0dddbda8e46802f6184c2cd63a202f58cdb04d51da865968b7b203b8c5c2a76a8cfb5bce

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\Readme.txt

        Filesize

        1KB

        MD5

        969c656269ca1f8437d76200e7620bcd

        SHA1

        80c6b239567b19e358250c8cbda9f100e6b0c28a

        SHA256

        dad36f230fb9f65767b07006df1f73d04ad55863f17c1d0343771ce6c5e2ccfc

        SHA512

        030ba239643d0d2e68283ec428dbf916021b7e3939d2ad7df4ef7101cf581341e50b7900dd6aed32582df8c66539d0d5032106b9e41a95cf2886a25941f15941

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SDL2.dll

        Filesize

        1.2MB

        MD5

        71e603e402afd0fdba84a781c9934446

        SHA1

        b3a529f7e470e478a77404846d17c1ad2ff017cb

        SHA256

        5ff3186465a347ce8a13991fdb659f77ee21ae5dc9813b9fb2aadafda8a86491

        SHA512

        45aba98b564e4c18bc8fccb71ad4cf1f03770a916c074c1cbf8546f1385dba6e041c67fd870f792a5eec233b8d19bbbe4c4d047015266ac5c060caf037af9c28

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\SharpWnd.dll

        Filesize

        281KB

        MD5

        a555f73041756d249093a1d6a6f28448

        SHA1

        bc75a0047342fb157047c19193c02a8149187656

        SHA256

        2ad9292c875cb8b71a437b0da803d07867d2ed8deae4568f2be1f623755d5b60

        SHA512

        cb2166fcf3a73e60fef9b90102f6aba3a913cc0e84ca0a5c4cd43c52d21ad1696040215b302d2a46d61599024679cb2477fdaffedcc88396ae9c7ff1c649c84d

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

        Filesize

        9.3MB

        MD5

        54b0221dc97992b5170cac659aa60ae6

        SHA1

        8a0df459f134cee59cc442c3d98386fc2f6a532c

        SHA256

        b66dadc8e64a0179e7af465800092937ecb020dba8f0b12efe7001d004b9ca7b

        SHA512

        cecea736365373a5ebfecf18e2fd4d8a0052cb14e31247461cac99d8b0d50c50139fb610e68553379aba3e6839cb314b02b4c84e2313f44758d864066078f464

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avcodec-55.dll

        Filesize

        7.4MB

        MD5

        40a07cb8bdaf977efec40f317e740cab

        SHA1

        50096e564d19a8799b4eb136f3282c4ed6aa59e8

        SHA256

        3a57bc0b97b9b376e75dc674e3a58303db2cb3bfd4a3933e1a75f16bd6bc31c8

        SHA512

        c64e866365f0bd94ecd588f886429df9387b985fee2d03d8fb03bae799266a14d4f02249c01aff6214f7072cd678700a9ad3abedb8c3e81977837255a4741bc2

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avfilter-4.dll

        Filesize

        1.5MB

        MD5

        6b007bedabaa20fb6d445bc62f1091d3

        SHA1

        d3905661051c4415ac92bd5492100a5f2df6f659

        SHA256

        bfc20232c4ecf4aece403d005624c82a64a2d54d5d84720341dc6d45b3522ba5

        SHA512

        7b0cb0959434437f31ab3e6df721be412de003979f19a66d3855ee4c87fe8a79d5cc4b42e6cf453be9289575854d2176d2bfff88a9308f5ab9f0895c0a899cfa

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

        Filesize

        704KB

        MD5

        80f62731b82aa5931296957d40642e45

        SHA1

        c22970049da19835cd34dd921ba2050b14332003

        SHA256

        f34d2d4417d85775d275a94ee8fe7a92832edc05a86bdb96669d869cfefbee3a

        SHA512

        8f1c4d370891e161f765fd6226347d840e0095438795c999154ea6a01d1d214affeae1022a41487dc1c777844396ebdc6fabc6c2c30b1f69ef03911439ed7c4d

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avformat-55.dll

        Filesize

        3.0MB

        MD5

        fb9763ac3b3f51551b4a77e833c395fb

        SHA1

        9a3f8e9225f214b31b4e703fe428b0537a7cac63

        SHA256

        c0fb1896ee5838e9f8bd1e4495367baffa0e71aa2d3785944d5b470f29aec53a

        SHA512

        6eecdf0d290e259fcb1c8aa9da5f3ca32f760c9039b84b11f40b63b39b1119152bde54d2c6e1c7d0a1af9f64c6a340501f934000a2f3e232612f525dd9b0c7fd

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\avutil-52.dll

        Filesize

        327KB

        MD5

        f832d24b70a2f4583c57a5fa9b6f0d68

        SHA1

        092ce5cb6bfe6eadde62c4cfb911eab2474196f8

        SHA256

        67a0f7d47ceff1407b9c4851032346a9b81a75fee6569274f15d092610f04cdc

        SHA512

        41048c023871b485718ae219f0d79bbe01a0704f8d2107d68ead2262e3f66737718afbb636b02109d1a2b427aab04dd394ef82d8014298fa3fdee0c61bfab185

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\awebform.resources.dll

        Filesize

        481KB

        MD5

        0e77bfad6b92733c3296a04719375901

        SHA1

        982674869e2e76ee10937e946aad828ebea818ff

        SHA256

        87810c5d06310b6e61398314300646a0582fad7a99dba8368a06c886a59a38af

        SHA512

        391f6558d5b3241b1e1490763c80633b288e0b8a770815116530b352fb81ab7d18784d9103669c903e6b5b501cb8a062517dc599609bb269b86bf16cb8e8e7bf

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

        Filesize

        576KB

        MD5

        167cae09a71fa46febe0a2cb522db79a

        SHA1

        f6d158bcf00242182c7845000d7aebdeddaf7518

        SHA256

        18c53d1c428652a490062716bdf3f0506b99b32ae5c1e474263c436218e1c9ac

        SHA512

        8e3fd84851952c95654a93beb74cfbc35ff51c5aaf49997e15607e6d1b0802c5bd995119046919c6f82991d5f34273c71f84c041179f6ac5c6758cd97b627ef9

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\ax.mem.dll

        Filesize

        448KB

        MD5

        a96e92ad76bc8611f5ea30f41f2a29ed

        SHA1

        d670228fb2a75f283d7824de2e9386d1361206e3

        SHA256

        cea72c9c4ca13869e87f1f08d157c403b0620d6108f141436c7ff93b8ff50eb4

        SHA512

        9d8627bfa0975b66f16cf37b9383bffb6f059634913b4394e2bd14943b224dcb757736afd3e78125c6a5732e011c1bde44269c3c3781af14c45e9344c3156723

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corem.dll

        Filesize

        52KB

        MD5

        71f601f8151e34ef31307ab4e46e902d

        SHA1

        1f3d312e2f4755b7f2decca1dedb91bc795288ea

        SHA256

        deac6221d0abe480012e836e5e9dd915828ae55401f0c46fb7ce8049c380c698

        SHA512

        377e6c9540616cad77cf151a31f6461338910d441a12b26175d8bcc2020eba83f621b0df1756123b58fb4358786fcb6a3e187af11123f100a91255218a616aa9

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\corez.dll

        Filesize

        92KB

        MD5

        355f1b97cad97743a8e70dd2803e2f9d

        SHA1

        c7c12bc74483874cbdd39343d149509be355c2d9

        SHA256

        00d4986dfff92cfdd45576da9100d49f374a8dba1a476cfc8dc7cf50f5a6735f

        SHA512

        eb7f8d7b68ab01a95de5aad0023fc4c51c3828138610b488c92ca3ab5c320305f295467972b542c7fe436d08e21ba7926a997702e4383ce5f4cbc674f62479b7

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pnras12i.dll

        Filesize

        1.7MB

        MD5

        3f7663206ef2069d0cc16cc1e813d7aa

        SHA1

        2ef1cc5457cb36b4e50de36a9a86b8c7ddf02092

        SHA256

        7896a7429e431a74eb43be3a235dfd1d6625e8634f6ad247c2eb13e8d3d298ff

        SHA512

        2e9f33bb0f776168e600d90a1fea188bc30d587e140b0cb2479384b347aa034152f242ff61e26f8e3fccaf473a2e940641e3db16570dfb1c15b5bc80f8593e34

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\postproc-52.dll

        Filesize

        185KB

        MD5

        f75d1b175e1687ee0a9b9e4a7abd123b

        SHA1

        026f4db79aa8db651964acf17233302d1809de1e

        SHA256

        72180a408b13b7d98c0bc2395b886a5c3aa0b2dea39ef081e193f60ef373365f

        SHA512

        200aec20c95b1ec2e7d1bb33ed89d846a128847b82c9d09aa2788b258967e750718414f05bdec0cf2e4f9c7af697404e19caccac354a1a62db52e76c6a45886b

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadGC2.dll

        Filesize

        68KB

        MD5

        6f346d712c867cf942d6b599adb61081

        SHA1

        24d942dfc2d0c7256c50b80204bb30f0d98b887a

        SHA256

        72e6c8dd77fa7e10a7b05ef6c3e21d3f7e4147301b0bf6e416b2d33d4e19a9c3

        SHA512

        1f95a211d5dd3e58d4e2682f6bf2c5380b230e9907e2882097b77b99520cd2c788f43ad2abcce617dd8ded0043e4ef1c8b6e083c44688b23109868e6cdd2364c

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\pthreadVC2.dll

        Filesize

        44KB

        MD5

        54aeddc619eed2faeee9533d58f778b9

        SHA1

        ca9d723b87e0c688450b34f2a606c957391fbbf4

        SHA256

        ee15e6e3f82c48461eb638c1ea11019ae9e3e303e067e879115c6272139026e7

        SHA512

        7cec39f32804109b3d502027d1ec42a594c1e4a2d93512195c60bd41aad7e32a8b0eb21a0ee859fecb403ee939eebc4608d9d27a4002b8c282de32f696136506

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swresample-0.dll

        Filesize

        101KB

        MD5

        77bceb240f65c91d26299a334a0cf8e1

        SHA1

        de9d588a25252d9660fe0247508eadfa6f8a7834

        SHA256

        d179c01c646d821cf745ae5e66ffc7ed394a61a595ecc2bccf27dc144ba91a2c

        SHA512

        b380b592c39fd22302fc4a36aa6f773a79253230f0dd73ad129500654dbdf24c5a0b0ae3b2a4ffd762da4f9705a0c8e48ad4372d85cdb6271c5d3f315c82a281

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\swscale-2.dll

        Filesize

        490KB

        MD5

        2985c39796fb4a5f4357a1a7a134ad45

        SHA1

        305dc537a03e0137a529dc30bfd2fc6c185402a3

        SHA256

        4f17b1ceea162390f64f54a3d13de4bb9e553da1e51ae7061545b7843ddad9ca

        SHA512

        4764dbf01defe417d587adbee16901bf374e0548d4a00f4f977f058dbe00c54712fd25162e1bf1986b55521cc2f005e7ed8e78db15e6cabfddc6b6924ec423b8

      • C:\Users\Admin\AppData\Local\Programs\WinIcon Maker Free\templates\bank.wav

        Filesize

        4.0MB

        MD5

        a60d3072a719260abb73a4011ff30642

        SHA1

        cfbf6fac5fdedd793c902b31359c7c94d8e85b52

        SHA256

        523e7e3cc6be48a5f8ac28517a68557ce7d051d047c84d868a00e21ca600c1c8

        SHA512

        425d425e78829b98476fe72b82204423aa52b64b7a0aca92550b371291e557118b3445c28d5494980539e894e1126380dd837eebcaaedfffddd36aaddaf717b9

      • C:\Windows\Installer\e599745.msi

        Filesize

        35.2MB

        MD5

        1414b254f44bba8e17b01983dc22adde

        SHA1

        a12059b028647968a03d9483815dc5c13bb4b841

        SHA256

        474fbd180a26139e8013595adedc0ce2bb434677ae667093f86d4a59b11c7045

        SHA512

        1ea087707ab1f63af26950714d11376bd284984dca4069ab5adf5e35b766b82c6f65447d770ada792a4d1e334e6f5952c0f917e227f3b318986bea819f33e899

      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

        Filesize

        5.2MB

        MD5

        72a2c5e7b9f1fc17755d89fc86715a66

        SHA1

        8a65380c0c8aba0068c628840e4a51c1cf8e9519

        SHA256

        af3ea8aae21a13ac89ae224dfb00d4289bde46698892d2d6f3f706ff8af84446

        SHA512

        ea8ff88b812fc8d77ecd61ccc9b0bcde986fc0f1fa0fdf9ec02ed46f8e9989538472223aea9640ca6bcb2ccc3a3999ac3e72adf3b2d02a76ed67c1c5f96bf766

      • \??\Volume{57af6234-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{af1c25b7-61ba-4f68-810c-87667473f5b7}_OnDiskSnapshotProp

        Filesize

        6KB

        MD5

        7b6e600369e1adeb53aacfe2e2a6c43e

        SHA1

        68503d1e77f06ca3c02bd422222b7db00696d043

        SHA256

        b686c1ff746598d1a34ff6ce77ac651504c763eb06b057995fabe997100117b4

        SHA512

        46671e4098f159af22aa0ec6acf904f19c2ba40e869d8aa3fd1c1763e83d4e4ea31aa71aba3cb35ab070f28f1a179269b64404538d2c9c7b828aa3736dd44e09

      • memory/1384-99-0x0000000006D60000-0x0000000006D6B000-memory.dmp

        Filesize

        44KB

      • memory/1384-121-0x0000000074130000-0x000000007419A000-memory.dmp

        Filesize

        424KB

      • memory/1384-122-0x0000000073060000-0x00000000730EB000-memory.dmp

        Filesize

        556KB

      • memory/1384-120-0x00000000730F0000-0x000000007327E000-memory.dmp

        Filesize

        1.6MB

      • memory/1384-128-0x0000000073030000-0x0000000073053000-memory.dmp

        Filesize

        140KB

      • memory/1384-130-0x0000000072C30000-0x0000000072C67000-memory.dmp

        Filesize

        220KB

      • memory/1384-117-0x0000000000400000-0x0000000001554000-memory.dmp

        Filesize

        17.3MB

      • memory/1384-116-0x00000000741A0000-0x00000000744AE000-memory.dmp

        Filesize

        3.1MB

      • memory/1384-131-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/1384-133-0x0000000071D50000-0x0000000071F0E000-memory.dmp

        Filesize

        1.7MB

      • memory/1384-115-0x0000000073280000-0x0000000074128000-memory.dmp

        Filesize

        14.7MB

      • memory/1384-107-0x0000000006EB0000-0x0000000006ECA000-memory.dmp

        Filesize

        104KB

      • memory/1384-101-0x0000000006D70000-0x0000000006D80000-memory.dmp

        Filesize

        64KB

      • memory/1384-103-0x0000000006D80000-0x0000000006D99000-memory.dmp

        Filesize

        100KB

      • memory/1384-67-0x0000000001740000-0x0000000001741000-memory.dmp

        Filesize

        4KB

      • memory/1384-144-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/1384-143-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/1384-145-0x0000000006820000-0x0000000006979000-memory.dmp

        Filesize

        1.3MB

      • memory/1384-147-0x0000000000400000-0x0000000001554000-memory.dmp

        Filesize

        17.3MB