51a3aeab95d0a086d040457d3f8643813472b78d1e447e4b1714749287048915

Analysis

max time kernel
276s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CyberSpike-Setup-V1.2.8.msi
Size

70.7MB
MD5

a1f44ab3a671c97af4be10ea09eac393
SHA1

d226a85cfa5b744e94e52abc9341173287c4104a
SHA256

ac14ef2a4ee7b383bad45efa5030034394876013c7258d179e5f1657eeff39bd
SHA512

092b3f17b3f75d402979535b10042eb29ad113eb3246c70f23f945d63da60cbaf2f117d6228543baa0c4fb5bdc3f80972ad88817a4bb2cc877e8007e71efa2e8
SSDEEP

1572864:sUJZMWWS8KaAkws3GmoAcHIhHEc2PsoNWL1eDj+0QV2qS/MdMC9NRNl5NS:h745AkwsFNEDnNIeH+LV2FsMCXN

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Keylogger.exe.config	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\HotPlugins\密码欺骗.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\ProcessManager.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Extra.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Stub\Client.exe	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\CyberSpike.exe	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Regedit.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\HttpServerLib.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\SendMemory.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Mimikatz.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Netstat.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\RemoteDesktop.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Microsoft.Management.Infrastructure.Native.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\x64\SQLite.Interop.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Chat.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Options.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Information.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\CyberSpike.exe.config	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\browser.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\MessagePackLib.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Stub\Load.exe.config	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\System.Management.Automation.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Stub\Load.exe	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\FileSearcher.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\RunPlug_NET.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Fun.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\x86\SQLite.Interop.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Audio.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\ReverseProxy.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\RunPlug.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Microsoft.Management.Infrastructure.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\System.Management.Automation.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Logger.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\HotPlugins\虚拟化互斥.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\NetworkManager.exe	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Stub\Client.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\HotPlugins\AV杀手(驱动).dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\NetworkManager.exe.config	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Miscellaneous.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\RemoteCamera.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Stub\Client.exe.config	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\SystemInfo.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Recovery.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Keylogger.exe	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\SendFile.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\Discord.dll	msiexec.exe
File created	C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\FileManager.dll	msiexec.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIC073.tmp	msiexec.exe
File created	C:\Windows\Installer\e57bc6a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57bc6a.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBDB3.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBCD8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{003B9766-E418-4C8D-9945-7D37225CAD95}	msiexec.exe
File created	C:\Windows\Installer\e57bc6d.msi	msiexec.exe

Loads dropped DLL 4 IoCs

pid	Process
2860	MsiExec.exe
2860	MsiExec.exe
2892	MsiExec.exe
2892	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000005cf4f6141e81f6580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800005cf4f6140000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809005cf4f614000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d5cf4f614000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000005cf4f61400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3940	msiexec.exe
3940	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1772	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1772	msiexec.exe
Token: SeSecurityPrivilege	3940	msiexec.exe
Token: SeCreateTokenPrivilege	1772	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1772	msiexec.exe
Token: SeLockMemoryPrivilege	1772	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1772	msiexec.exe
Token: SeMachineAccountPrivilege	1772	msiexec.exe
Token: SeTcbPrivilege	1772	msiexec.exe
Token: SeSecurityPrivilege	1772	msiexec.exe
Token: SeTakeOwnershipPrivilege	1772	msiexec.exe
Token: SeLoadDriverPrivilege	1772	msiexec.exe
Token: SeSystemProfilePrivilege	1772	msiexec.exe
Token: SeSystemtimePrivilege	1772	msiexec.exe
Token: SeProfSingleProcessPrivilege	1772	msiexec.exe
Token: SeIncBasePriorityPrivilege	1772	msiexec.exe
Token: SeCreatePagefilePrivilege	1772	msiexec.exe
Token: SeCreatePermanentPrivilege	1772	msiexec.exe
Token: SeBackupPrivilege	1772	msiexec.exe
Token: SeRestorePrivilege	1772	msiexec.exe
Token: SeShutdownPrivilege	1772	msiexec.exe
Token: SeDebugPrivilege	1772	msiexec.exe
Token: SeAuditPrivilege	1772	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1772	msiexec.exe
Token: SeChangeNotifyPrivilege	1772	msiexec.exe
Token: SeRemoteShutdownPrivilege	1772	msiexec.exe
Token: SeUndockPrivilege	1772	msiexec.exe
Token: SeSyncAgentPrivilege	1772	msiexec.exe
Token: SeEnableDelegationPrivilege	1772	msiexec.exe
Token: SeManageVolumePrivilege	1772	msiexec.exe
Token: SeImpersonatePrivilege	1772	msiexec.exe
Token: SeCreateGlobalPrivilege	1772	msiexec.exe
Token: SeCreateTokenPrivilege	1772	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1772	msiexec.exe
Token: SeLockMemoryPrivilege	1772	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1772	msiexec.exe
Token: SeMachineAccountPrivilege	1772	msiexec.exe
Token: SeTcbPrivilege	1772	msiexec.exe
Token: SeSecurityPrivilege	1772	msiexec.exe
Token: SeTakeOwnershipPrivilege	1772	msiexec.exe
Token: SeLoadDriverPrivilege	1772	msiexec.exe
Token: SeSystemProfilePrivilege	1772	msiexec.exe
Token: SeSystemtimePrivilege	1772	msiexec.exe
Token: SeProfSingleProcessPrivilege	1772	msiexec.exe
Token: SeIncBasePriorityPrivilege	1772	msiexec.exe
Token: SeCreatePagefilePrivilege	1772	msiexec.exe
Token: SeCreatePermanentPrivilege	1772	msiexec.exe
Token: SeBackupPrivilege	1772	msiexec.exe
Token: SeRestorePrivilege	1772	msiexec.exe
Token: SeShutdownPrivilege	1772	msiexec.exe
Token: SeDebugPrivilege	1772	msiexec.exe
Token: SeAuditPrivilege	1772	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1772	msiexec.exe
Token: SeChangeNotifyPrivilege	1772	msiexec.exe
Token: SeRemoteShutdownPrivilege	1772	msiexec.exe
Token: SeUndockPrivilege	1772	msiexec.exe
Token: SeSyncAgentPrivilege	1772	msiexec.exe
Token: SeEnableDelegationPrivilege	1772	msiexec.exe
Token: SeManageVolumePrivilege	1772	msiexec.exe
Token: SeImpersonatePrivilege	1772	msiexec.exe
Token: SeCreateGlobalPrivilege	1772	msiexec.exe
Token: SeCreateTokenPrivilege	1772	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1772	msiexec.exe
Token: SeLockMemoryPrivilege	1772	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1772	msiexec.exe
1772	msiexec.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 2860	3940	msiexec.exe	88
PID 3940 wrote to memory of 2860	3940	msiexec.exe	88
PID 3940 wrote to memory of 2860	3940	msiexec.exe	88
PID 3940 wrote to memory of 4728	3940	msiexec.exe	98
PID 3940 wrote to memory of 4728	3940	msiexec.exe	98
PID 3940 wrote to memory of 2892	3940	msiexec.exe	100
PID 3940 wrote to memory of 2892	3940	msiexec.exe	100
PID 3940 wrote to memory of 2892	3940	msiexec.exe	100

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\CyberSpike-Setup-V1.2.8.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1772

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7F2ED1EE324A6104F9D0D68B2E653F27 C
  2⤵
  - Loads dropped DLL
  PID:2860
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4728
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D2C7D7E3029EA2E125D7146D7C8E0CD7
  2⤵
  - Loads dropped DLL
  PID:2892

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57bc6b.rbs

Filesize
32KB

MD5
e8dc80951c68bf02d326a72726a9ce4d

SHA1
f4bdcde8a8ba49b1bd0f9c53aa6918c32ed93d3e

SHA256
0ca4e8d2195776dc839389f9b6306dcfc2441ac96656a409ee9d20e2e3ccc166

SHA512
4edda9ed27d7ca9f3e90198cf93430ec68bfeb96bff5e18e11616a2322bb9446a08cb18df4406f2009e87a8027c81660cc2f375349e8501c7f39ee71be68e3ee

Download Submit
C:\Program Files (x86)\CyberSpike Studio\CyberSpike\Plugins\System.Management.Automation.dll

Filesize
6.1MB

MD5
4e83c528d307d3b5da2aed5abbe3ffe8

SHA1
2e84ceccecb30378f84be898711f15b4e157e045

SHA256
0208b783efaf3854f07a31f9bcbb46f9afcd80b12e2ddb8001a9faeccfc2d0f0

SHA512
378f75db718891fd214776d7d5a2bad0c493dcf5c4413308554d2fe3283170aef55de1ff4bdbc0d417e5bef4f6acd3370c48bb33c37f360a606baeff12e6f72a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI57A5.tmp

Filesize
285KB

MD5
b77a2a2768b9cc78a71bbffb9812b978

SHA1
b70e27eb446fe1c3bc8ea03dabbee2739a782e04

SHA256
f74c97b1a53541b059d3bfafe41a79005ce5065f8210d7de9f1b600dc4e28aa0

SHA512
a8b16bc60f8559c78c64ca9e85cd7fd704bba1f55b362465b7accef1bb853d1c9616995a35f972256c57fbe877ce880398ba1fbceaa658604883aa12dcbc4f57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{003B9766-E418-4C8D-9945-7D37225CAD95}\_57A0FCAA677BC563120477.exe

Filesize
66KB

MD5
04525535dd0b6a0206afe4fb3fa5c829

SHA1
c4829cca26792a27811980bdb1223b924b6e90b0

SHA256
bac4051d19a839ada5493c61aad6809fa585c9165da1067053bc5932efead0b7

SHA512
f8417d3f873119a2f7578c79988f293e44c6778c9d7037f875e3f1460a376ae2a964b92a8102ebc28f0d9beab1a4a785756db59955d236fb362ba40310deba6f

Download Submit
C:\Windows\Installer\e57bc6a.msi

Filesize
70.7MB

MD5
a1f44ab3a671c97af4be10ea09eac393

SHA1
d226a85cfa5b744e94e52abc9341173287c4104a

SHA256
ac14ef2a4ee7b383bad45efa5030034394876013c7258d179e5f1657eeff39bd

SHA512
092b3f17b3f75d402979535b10042eb29ad113eb3246c70f23f945d63da60cbaf2f117d6228543baa0c4fb5bdc3f80972ad88817a4bb2cc877e8007e71efa2e8

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
7df8394fa38242a468476b00dbd825db

SHA1
b88c18cc7e8319dcd53d9156861225a06c035ea2

SHA256
1ab031c493e65eee694867bfbcdd211ca8b5aa4befc78d68b81d7d01f5499da3

SHA512
3dc75357ac819081e39343dcd5656695a4ab45458ac093cd6edd270528c149f238439d862d25c8c66179a7d6b4595ca1e33742ca09853a2af58c97cd4b304763

Download Submit
\??\Volume{14f6f45c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{1d86d1c3-dd52-456a-93e9-af065ace048e}_OnDiskSnapshotProp

Filesize
6KB

MD5
76f1be90b8997796509edd5b2bcbfe24

SHA1
dd5b71316f84f9e0989ce8686d8956a09411ce95

SHA256
d4c6391d53cd807058097f706d9cf0589057cf85583debfd35198f5cb9c3ef5c

SHA512
70502b5bc71cd435508c17ff13498b3cb164d95699a2e9640008cb09c56612aad4054410d4ee2f352bee26c10d7f83b39ef0e53447b07216cf2b079840ea8f6b

Download Submit