Overview

overview

10

Static

static

3

xxx.exe

windows7-x64

10

xxx.exe

windows10-2004-x64

10

Resubmissions

12-05-2023 12:13

230512-pdv4gsfc6s 10

12-05-2023 12:09

230512-pbqqzsda46 10

11-05-2023 18:52

230511-xh5sgsaa87 10

Analysis

  • max time kernel
    437s
  • max time network
    405s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2023 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xxx.exe

  • Size

    501KB

  • MD5

    1f50fa0d0f6c295a5db3568e9f0684c2

  • SHA1

    6219bd0d064c0fffa91166c498d937cf066ec05e

  • SHA256

    9c7e55441fa5a460320dce5005358d820aec2386982fb3d77d52ce89b3d59744

  • SHA512

    ceb5ca6b0e77ee6ce205b82cf44a5e1976b3e29b97af00933846422781e90e0be7d55f0eb77f19011707b48c64085ea3eb45abc45dacf1062ae426e3bfda59c9

  • SSDEEP

    6144:NouXuOPQveEDZQdgepQD0QYa5N2uAAHIbzAW1+SM/V+z8HD7SN:iiAmE2VQpfwbzd9P8j7SN

Score
10/10
playransomwarespywarestealer

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

    ransomwareplay
  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 39 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xxx.exe
    "C:\Users\Admin\AppData\Local\Temp\xxx.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:1964
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:68832
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x468
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:70116
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\ReadMe.txt
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:68092

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    1
    T1081

    Discovery

    Query Registry

    1
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1914912747-3343861975-731272777-1000\desktop.ini
      Filesize

      1KB

      MD5

      e507d7513a8cb9c85edbbcfff6a9eac3

      SHA1

      122e3e0855ddf0db44c4d65e7da443c9838e3263

      SHA256

      6c1cf620061fb86524a0976386dafdd7f0a6ffc5145a21a2e55fed85ded73aef

      SHA512

      43c4f61a424464ba2d14a6ddd60c44642eaa8aa14773cb353cd58fc82235b70c5b075e9c6c9909cb46fe1ba3776c5311e0df5acfd040c2f6b26e9a13ea5b7ec7

      Download Submit
    • C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata.PLAY
      Filesize

      1KB

      MD5

      a8bf04e3bee2a9a9cc4d352918f5a952

      SHA1

      07ee98f75513942cc08403c53ef6a597d0268169

      SHA256

      7aa94182bdc2e3e9b823f5e74bed8df77782ca165bafbd4af82f08f9884bc519

      SHA512

      c474ca314cb4f196b1369b970d8aca9aef865e715c0765c5dc60f778dc1d8991535c7b1eee859a19d9a5c67b611a066fe30c5450237e3d30c6bd72b972ea43ac

      Download Submit
    • C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml.PLAY
      Filesize

      1KB

      MD5

      bb89c25efe0ac6447285a79235ca35e0

      SHA1

      db5a90db21e5df3223a524da44f2c03bd44bc01a

      SHA256

      386bc10dca5475e61e25141f3ca1bab1190af764c3d42e08136010a293d5d070

      SHA512

      38d10a022aa53e0456930f1a80c6c60d78dba97a9c08dddaa1ef5841ca9f709ce6a29768fa4b153ff059c456ec225e577095e3e6f7d7a828dfa3865da5fb907b

      Download Submit
    • C:\ProgramData\Microsoft Help\Hx.hxn.PLAY
      Filesize

      1KB

      MD5

      d37f530680ec681e6b508eacda7ce1c5

      SHA1

      87fad9d181eeace1cab3dd1c740fc63d874289bb

      SHA256

      bb20cca3fb2edb9fc7e98a65f6919bad531add223d8bd2d8c736dbef555a291c

      SHA512

      3eca1611b878c8ef58d2f9c2af2b7533e27a918706113335194038e7358e56228923dbbf1a277ceb8599128c0278a8998a87eb5c1d854cd492ceb9607490c7f0

      Download Submit
    • C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.PLAY
      Filesize

      14KB

      MD5

      6678440744ef48684e934432b47fc1e1

      SHA1

      79cca65995a49e1b1f20749220db048a52ee2e9e

      SHA256

      8a6740114d03702691375936ccfb6d3180d15a2f8aca79635773f09fe5e0ab26

      SHA512

      e24834881fa7c0b39a5298f412e65f60e79d977530490e58065076e38d04948806d6830296339a63f9d64b2319a178ade31ccbabf9ff676bf1b0b4fba202897f

      Download Submit
    • C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.PLAY
      Filesize

      14KB

      MD5

      814667fb40209d50dbdafca66fa58c4e

      SHA1

      724113d15cb9fd608b754d13c4b447405c2eda5e

      SHA256

      3a4bc7b0cb5779c9ded9ec6e145489fce8d774f7a104edda489fadca37d1d70c

      SHA512

      b7dfef283d75e37962814e915bb71d0430a469bc67799d976e237d66339eb7969d3c71037c37a6f81c4f28ff7a603a8366179a96855d4950e8e37be6c1de97ee

      Download Submit
    • C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.PLAY
      Filesize

      10KB

      MD5

      5656cfe82a9b40fd98ea3b1b63a8e13f

      SHA1

      e7e39637c7786d72773e2770cca18618e33d1a84

      SHA256

      0519e5978cc8696bd9f186bdb6d314a86dcbb394c7f86c9b606c24114764ccce

      SHA512

      a3dc0e8e974288b56e7f950e7dae22cbdbea1b37de5eeacf3f27a7b2772825ede7cc9ee1411f4c841b403968771bedf96b8f727f15cf5b31a8a1c232cd265f43

      Download Submit
    • C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.PLAY
      Filesize

      10KB

      MD5

      827ed5e8cf1db6469810a83600c4d632

      SHA1

      5e9261f3cd6d80d45cf7062b81d3236f16330156

      SHA256

      db9a0383a84107c10bed4283398d248ea89c6391987c93199747773bfc380dd6

      SHA512

      5e332cee3f2878771a17f950bc5e7c5d158c3370aa455a1cf52e45ca7387d169c99b7b5d89eff6364323f7a822681ab24aa4ca04ad4c73770599fc8f43cf3a74

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      845f9119fddadb88ef34a78f2e3f4c62

      SHA1

      46d59a460ec7183901d52c7d4d3fc0bafb11629a

      SHA256

      1d31484ed15e3c3a8fecd0f515882b1f2e60a40a1a534641a7ccc0f0c963b0d1

      SHA512

      eac99345c36980d4e4d0ed8f5bc6863dcb33cfa729390c33149fd0f409b75c7f521c1957acbc923e0c2e1831a45a17845a3c3a1c618667e08bbe381ea86ad74c

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      b0078546141b21f46a5bdcb7b70f3995

      SHA1

      377570f568df9634872bf3e8d96ec36d34e83f0b

      SHA256

      61939fa3ff444d8cd35b4c6c851f84faa768515db063111ac3838b2c641ce454

      SHA512

      70535b83eb315ed05f4bd3998b19724713fa7ded330e1dad9a1533dc9ed2817c729bd8861d5b39728d2e6907c2813df5d0dfa10c86ba748ec15d05a2f2a665ac

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      96efec4f4ef8f4dfebde2ceed62eaf5e

      SHA1

      64a9d6599ad5882e2cac272a25aa9c4a903a5060

      SHA256

      da45c1ffee321c726245bf2e439a646ece6160660093884542018a2fb0fd12e5

      SHA512

      5b8d7207e2afbb551d076b94bd19b00faa94a0288ec5cf24d261686a5c492bb0df0b230b68853109f31d75232aa04a76ca5650dfdab65418cc2c65131b1d087c

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      e8d99630023228748bdcea1bb2a67403

      SHA1

      de39dabbef6f8be197c09b8245a2a5cebaf80f04

      SHA256

      3d1a09b93318151b45d747f37ce280e3150aa0581465cf64460880fe4389ed3b

      SHA512

      7f8c039c01b55602a9246069613f2f9cde6b8bc50954f090aea2fe0706098ef632a677f37f74270b85a7f5a1d274dbe861cf1ded68ddba0bafa32e12f89c0211

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      d50d200bfae088cd805126d1a35a4502

      SHA1

      3eb6b1a4cd1fee8eb3c7e2ea5e8e815bdde48295

      SHA256

      4a4f5ce4b0ec7fd45fed1f30af198fbd0b2ef6a19b1831879668d3093ed8577a

      SHA512

      dee3b0a14eb215833a7ad1fd899fe53d380c477929f1efa0b3dcde54a0475883250f33e797abe0606ee1c86573ab1ec679fce2bffbcc3d673b98a62d70591e5c

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      52cf6dd4b000f6b4abd2d625a6356238

      SHA1

      8c28359ef965d09497b821298d27ee56fe97b5ea

      SHA256

      3499b504568a40760e2947bd98c3adb4fa7870c78de2843a4c3aa65a471d2033

      SHA512

      cda9d06cfc0683b2f34dc537ab4bb6d1d084dcc997ba378c2ae835a1c69ba9ce1a21b2f6c902aebdce962b092363b21ee84ccd8ded266e269198fb270b773227

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      d0b7cadcc5567078dc9a1030be7a2e0b

      SHA1

      40dfc8f6832b849ad40783516765866bf72e511c

      SHA256

      3d23990f5074e391be33ec1c08ebf83b53be8beabdbbc66510dd08283e3cbd43

      SHA512

      d916578ed6a8ce6689e3e75b0fbe2871bfab5696005f73a3b87c3c590587a024c9d9c5fe66928efa202bd43a3cb05c9f19a02ccbefc4c1cce5d4b5d687ce5064

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      b21ecba9a6260ff4a1f60df0186cfc24

      SHA1

      0f7a50630fc27beffd4bf263edb4a62fbfcf3025

      SHA256

      9d256cfed1c02ac96345a782321cc5b90919383a59994473948892e2b15c9b46

      SHA512

      a566017e8a218aad5d8f87cf44f426e7f33c384ad7a3aed8be1b9ef7f81372e74841489b3d9023c3aa2c8d9497a90e1f2c5f3cfd863198db85a1c57ba4a99e83

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      a3d6f4559dcb26c4fc532fb347e321d1

      SHA1

      0344bbd2d825d18b623f18c3ac7c7fb00cb09179

      SHA256

      64099d88da3d0174ed5e8f7a66a5d2a4b1d585369208893d1915178cdd389f0e

      SHA512

      18d162c6e239ee213dc8c8b14cead6406f48e2b34c9f7e3bf08876895c42ec5f015faad42c7f4976c4e5dccd9a3ea2da000227e91b9922047563dfbb7c55a5c4

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      566f3559e9dc27cd2d39d6449f8a3c9e

      SHA1

      f73fb1cbec74e41ee09f6ac07261f204be1b1175

      SHA256

      cb099bc446a42ccc94caf18c5a66fdcf7c779172070af8a9c5c73d5ebc991874

      SHA512

      a8edefc9b38fcb88ab948cfa8f4c9bd39a1b139b54e829b55f5c6bace503b9b53d0685df08af352d70fe55c0977dd81acfc1d8eb4bfdfb7d3126b1d4771ee655

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      2730889601c9f3aa6b8eccc423bf1438

      SHA1

      c1a5463d6945e977acff1f1df00e40b361a988c6

      SHA256

      814d3d4c64f715f4eee9d48d2ab8a39f4d83954406ab27f567b0a72892a13310

      SHA512

      9d54a52e74b24c730483ae3f8f4c77b2ba414589e2dc3f1a0ed673c02aff178af589be688dc9dd948335cb21d98ad6884dc2b3d4d95cd5763dd33f089e1ca357

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      0a3bd6fb10530b2b8b9d715af22a4113

      SHA1

      d394b3ba60fc927321b9dd625fa70ef7bea2867c

      SHA256

      9da58955a5ec02a9acb63da0469e307a9cd46de73f77ad7dd23b39ad84263633

      SHA512

      7b93f9a16dbb2ba5e4575a44850deeb432ac1c55cd504231c8da336e2ad35ed8c27d07b1e57ebda0aaf726e712caa7e9d35ff7d37d7306c87f793cafd8db2126

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      8cf48bca4570ae323bdf2628293c3bff

      SHA1

      89780cb6e01473cf8dafb18257f23a1f975fa94a

      SHA256

      c9d36bc76f8db5ab2fe62f6abf73be3c831a62d574a93892a302fd8ef871d81d

      SHA512

      72f110c53b714a9972bc8d48043a672a41c4962366156eb4bbb8fdc29a8aedf7cd95fc4a0ac6b83930428d068c2a18cc23fa3ce871e1d8777cd6a176df08f483

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      e349803c91dbcf68e0a0094be5c533bc

      SHA1

      fb8c0e2b2124b81657e080c1ad972e4d29d7fc3c

      SHA256

      1a4abe7d4dd5c6986c25ef40a868698b8ab0089b4a62ad91d1eca3116c7e6392

      SHA512

      c85e42e15fe554ed4ae605b298938ce81f06975c0a135f46bd270baa32d5e69568e1307bef2b84888a2c3b771cabe07520112f990cadcb029d8a773578e33ae7

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      b51c19b2d4d5b253423897c9dd0b0896

      SHA1

      f576587d326eb47f2d81651cb42c71ce9eb8b939

      SHA256

      abc8392d5a5829563c03b3daf74b4892ca62a5d8ae625f035f743a90eac9b985

      SHA512

      2655c54df99f7855f1c1388ff2d0d15696089c79d65126ed09eae1f728d6bb2d538f758abcce2415d6880c0f28d2a6cefeaebafcda9c826e497c34d704071459

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      da7ea85404109c98a1f3a24e51cebf62

      SHA1

      3f2972d8865905ac53ef5781ca2415fe80e516f1

      SHA256

      3c5a9f5b293878c5516e1e6ccb6f484c523bd363eff8f6efc009c41f70bf5c06

      SHA512

      93489e1bc907e91c537880560669a52d925e015efde049b2f034a75b923451868507a9828c54657853a6d77565e96015b522b442095d2616d05c701e4ef8e816

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      e51c631b370bda85abd4e903a5a272f5

      SHA1

      eb80cb4e0b0fdfde0ca7a329133d8d7f30748da5

      SHA256

      ad6497e339b45003849566e13b74faa09c56af6840d105ba7afd1607ca052ae2

      SHA512

      1d0a03c7453e3981470170621bd422f16adfa0759159aabc3d77c325257705f811dae7148683c316e332f074aec7e7e5762d9b909f8f0aa3cbe3a681810e945c

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      05272a6f0b9750de7d9b27c82d9d99e0

      SHA1

      467edd11fd3131cfca9b9eb9d827c04bf21aac7b

      SHA256

      c633a7ec3c627670ca0c473f741b1bc9453a3fd7426c535f03d4ce2393b99201

      SHA512

      a746ff8910ba15b5c686b380177c69bca54f71557edcd2bceb17995884dfa320c0d9fb38fe9f977530ea93f50247deb80c12e05e8ed347af245096ce5c37413f

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      a812475e050cfe61b48954fc137e84dd

      SHA1

      ac71b092202e486a573d8e34161c0ae9d48ae7f0

      SHA256

      61ca6ec285acb829b76d320b7c2a576c63c4bb3bcbc35b29d2d5f7f7dc3b6acc

      SHA512

      7e134e282944edb7d79a284f355fc863871e398e44a2545375b9e781ad1c999e5cac73d10af2db025b9da919ec4785d3f86ee52cd593d7f4496066b3122786e6

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      68bbf0d4d2d1eee8d6467fbb342b8747

      SHA1

      2a5b7efa0dcf980be6e67c54c089bc5f72c910b0

      SHA256

      304620223d437873b13866657a4625f1f9be76b39560de0e898e3c2fef29bea4

      SHA512

      61a2a1e2f384459ffaf3674dd4872ebd0edd44b8ea6b611db974768a47f3158ae038cb01922515b87a00af653d6fb49a01e6a65230d1dda7d0f5dc45b7c7e7ec

      Download Submit
    • C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.PLAY
      Filesize

      1KB

      MD5

      5a68a1e0d2bf907f09a687453b034681

      SHA1

      1579a534ea1da370cf3686ba54fbccddcf78a605

      SHA256

      9542e7df3ce56d03dbca88a9fdbcec81db462b38a64e469a9cc137d36c21cbf7

      SHA512

      0fb0eb1fa6ef92cc40b96ee0a6b9bd32644d825be15f956d20acf8ab4f600c9358047c10bbf6c6824cb0b5cfbac27c3ed42a94df0a23227256f102548a35924b

      Download Submit
    • C:\ProgramData\Microsoft Help\nslist.hxl.PLAY
      Filesize

      7KB

      MD5

      89f7a7cd1a09e6c7396fe8b30becadb8

      SHA1

      e6649310a5b50be05a401b5b3a2168a23dd2083d

      SHA256

      b173a86b39a9e2de34170dc72011f0e21fa6b58bdb104bc0ecef717202cc8f72

      SHA512

      6c91193af224df1c402b6509e7dda1f6a9242ef686145f74449c42d4daffc1e610c2771ec90ebce9b2fb8679f2177d3ab87e08412f054362868009011ba9e05f

      Download Submit
    • C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
      Filesize

      1KB

      MD5

      a4d3a7dd036cb8dd1fd968e4b0320bd0

      SHA1

      2b84fd01967694c55788445409b3b41050cc793a

      SHA256

      9ea058cf87e05061fde516de7d777657a871abe7c25e230277cfb5a55e909a78

      SHA512

      82474ac64c9a098de5117c03b795c85c8013308169accab6184c389b5622356b94298dfcb21a555d1dfb3bc8d83292ce59d2669839411ddbef06491c3362f30a

      Download Submit
    • C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.PLAY
      Filesize

      1011KB

      MD5

      c496eab7f69ed2503be8dfe8c4460c82

      SHA1

      e1c8c70e235a13d87e2c2225173c8b44a89aa0a3

      SHA256

      972b10496ba668ed83be420a67c037a8262a0ceb9fcb6a17f1d3589f14fdcdef

      SHA512

      f8059f3d3008a4c39a289362f9d09b6bce528bc80c740533eebe7f501e8b6bf3679c86a4680e604eb58e45a6387b1b68ba924c148cc71069adbb4159aef7a176

      Download Submit
    • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY
      Filesize

      1KB

      MD5

      6743ba881a13aa14cb26648e28a463aa

      SHA1

      a1567431f4bfd0fcd49b421c0f30a8f13d19dc4c

      SHA256

      708fa09ddbe9d2b08288ba949b5d1cbe14d9da66199bcb18dd2659a6a1d49da2

      SHA512

      0e69b1eddfb62dd1b31f1183f05f92b54949c82f6d988dd420c8c1421f04996e216d0b393fd30a8026e255e723fb90dc21647960534c05f7cae54a71433e2cbd

      Download Submit
    • C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
      Filesize

      5.5MB

      MD5

      e68030048fe11ab33c38bdcc3a94d430

      SHA1

      51e2f1d3cd4f8574fc182822854f36386c4fa002

      SHA256

      e049179ae276c6b41fd81e026e36139ee8f5d62f320baaaa36c24c31caf20257

      SHA512

      d94ac6f4764360ad9ea9df3986e65cc48ff8fbf1324389d35d829f874b36d6b334337968496e01620eb2ac7b1989ff1b99a9998af4e9237a687b09d13bf921a6

      Download Submit
    • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY
      Filesize

      1KB

      MD5

      901143135dbeb8428f111b473f0184e1

      SHA1

      75fd62802cac9167c48d615045b29ae4112eca90

      SHA256

      7a8ba435aeda49ecc2c47ac331b50d449a087f1808c5742ea4e507ba6243f889

      SHA512

      baa4b65d204d583599a5c9a5201252903c0b479eaedac1979e943c2134d8c12d895b985ad13397d6638bfd2072a7064c6cedcf76519ec87d44318a5f8f2ef8a4

      Download Submit
    • C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
      Filesize

      5.3MB

      MD5

      1b71b839bae9d0b5156497ac66f96efa

      SHA1

      55e0f93b14c5aae41e20d3ead3060867b03e33a0

      SHA256

      5dc32d4f1dc45963db5afe5166c7201ec404d052eee3df836264622b9262ff8a

      SHA512

      6d365219c665c93de95cc7d40863a7422452d1dca710fac8c3bb6ef5c2881ecc265555448a34fa79a61ec428aad9415b0e5635593a5c0b098ecc6dc29b6c3610

      Download Submit
    • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY
      Filesize

      1KB

      MD5

      4edcb1c3ca22c64c433e378f9e6ce44a

      SHA1

      6ecfc946e96d3e6313c124f798c3bd65393c6af6

      SHA256

      577b8a315a3b3f28976c32d5b23185ccea1f4621acea6c4ba4211bcc68f3b00a

      SHA512

      3c3089318acf310501de96a85adb67700faa7ffd27bd2f7446daf536f86361edf8f5e88672270b247c18d6a5c832d9995ad26d3fc24d82ef55358a2aa33c2520

      Download Submit
    • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY
      Filesize

      1KB

      MD5

      05c0db985c24e670e4997c26c1b0134e

      SHA1

      b261930f5f8a25d4018e11cd3e0467499abab5ad

      SHA256

      86fd998fd705188f48526bb0daa2d473326c837214865e8568134e804a0d4946

      SHA512

      715872044ca0cafdab0c34c4e84145d09ce646d40424c8d78480bb8dcea6d7c674978baff6a2ef343d35cdc4d0d4177d26203d3a95562dcff23c725d35c8f243

      Download Submit
    • C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
      Filesize

      870KB

      MD5

      046579497f8854a74f33463f6d496719

      SHA1

      7b23f1798cb0fd2859f6a35b8adf9fbe74f7cf1e

      SHA256

      1eddae3e799d44be71a72b9be9c1f17fb7436c9c42ae571087b2495058ef8731

      SHA512

      c4b08e69ffb7782dcb68ea533390c73384e09c748e49cb3bdc9c1345e44db9da292561d488bb100788add194562724203abc4cf73fbcac90bc5779a249199496

      Download Submit
    • C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
      Filesize

      5.4MB

      MD5

      2e1fa29cb1367012f157f2194ccbedd9

      SHA1

      1bb96553bcf3b6d263a929105bfe2f001640e00f

      SHA256

      2b17c18cd8e7d7a3ce58cb00359846913f19ac5459eb8c333212943405250eae

      SHA512

      88b73ba58054c41d85637a448dfe82d0127112c74b4f99927a3ea1a479e7b6ae89b6da78289aaa1728f74ca96d89a4bdf980d990882be919e1676d5063134e17

      Download Submit
    • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
      Filesize

      4.7MB

      MD5

      548270f56fd98c817815d7d3ab98fe11

      SHA1

      e2fa5e1b5139a6b2c6b14bba359d9a7bd6590f10

      SHA256

      d7ef77d63fae9de9fffd89fd434a2762298daa27a0f65e4966f062b8f010d4d2

      SHA512

      45c800b2d4eca4b29b3422c25f76d18c4d0b8dc7d6b07ba45644b60f8b9db16b1198807c6c7d192e72f18b9ca344bf471c926f18c10271f2582b7e9a16b1c3a0

      Download Submit
    • C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
      Filesize

      4.9MB

      MD5

      538ac72f72a0051b5caa2fd24c431092

      SHA1

      5b77f46ac4a6a1005e29d9379fb35979d4a5b7d1

      SHA256

      b727663f8fbfa31890aa01743cd70f7f120002fcd845f64c140e238912fe578a

      SHA512

      2699d06fc145fce33a9a125af240f18d80a9cb89ee33bc5f5bfd903197a4cd5b06550a9560b69b621229695167c07b8f0b6f70e7635f2704f71b43fd66a7319f

      Download Submit
    • C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
      Filesize

      803KB

      MD5

      fa61772fc3a817e6d7ed44bcecd420f1

      SHA1

      d76549dbf20f09eddf2fb2730e1b67fb72b28f58

      SHA256

      57fec1269e42a14fe547fd99c768a2152f71598c1d198f95734b0415b7b3b614

      SHA512

      458b89a9302678ccd39e547c8641059f6089d4520c8ff9298862e9d071d16edc210f6c243a0ce8e5be03b26f617a4dec42291e5defcc7796723d4a2da9b236ad

      Download Submit
    • C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
      Filesize

      4.9MB

      MD5

      3e69b426c52001ff75f1e9dd3df94c46

      SHA1

      baa98d89d084542442a2d79deb68449675139d6e

      SHA256

      3bd519b13db87cc1f4e69f6291d7ed95a25032a60185fe1dd071c6b8c8d6d534

      SHA512

      9c85b4ce14e87845a25112a0ff7ff1976d65482e54274f5ed5b5743cba24fc6166f5cc7a0b2fcc2ba4ea47321effee25e43921228ac6c90d76c424a9fbba702c

      Download Submit
    • C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
      Filesize

      1011KB

      MD5

      afc1a5b010c132490bf4571ebbff5c57

      SHA1

      7dbea0c3729f6de0812b62c1914716fce58b0bc4

      SHA256

      77647c03f184cffda45684d30a4dcb9767fe0379000dd8b79abfceb298df1873

      SHA512

      3236a892dc28b6a5ae79a116f5d7efd1d2ab89226927c6590f98f3631a8dbdb1e057982512a14934fc119efa9beffc5ef823e2f43c543328845f6ed045509a62

      Download Submit
    • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
      Filesize

      791KB

      MD5

      69c9df1e7b15f9664b7728199f51e6f3

      SHA1

      f56e62125c65e5f658e93790d8440e0cfff93272

      SHA256

      ef28ccccd8027cdab546799bf8cd424e3d202ac943e26aa947b13a93d22a429e

      SHA512

      a2fe5ce9d761d40bcdb244047e1e90ff4d8bc5089b2dbdc884d13ac5f1316dedbe1d3fa80b513ac54d1f60eb8d341241b1fc2c96ebc9a4463884bf2f54e49101

      Download Submit
    • C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
      Filesize

      974KB

      MD5

      4229a18c1cab7a43aefd1f683dc37e3e

      SHA1

      83b62ed892ae07da01d8a6bd08d7504f2555a8fe

      SHA256

      1b2d3d95951fcbbdb7f94160399908a7b43b5cdddf58ed6fb3552aafc2d36220

      SHA512

      322b1ae4d327997869211312ea225f7348b283a6f2ced5f9def24f62c8196b7db93184b077e45e7fc6216c6858ac7a08ec6b4551cb6bc188515262123e673cf3

      Download Submit
    • C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
      Filesize

      742KB

      MD5

      099d06acb27c79e6040a475d1816ddbf

      SHA1

      8e72c356653c4043206f73671c1d60d5358972b9

      SHA256

      6d5a8c698275bb1a191394a06ce9a82c6dd4939cd88e4d963524f2fa4ab59125

      SHA512

      58a2c55ed04b6b0579c77546fdaa43376e198eab857f97a06e1ace62bc50c2a1f3d672ff8bc851c9c9d4d1b7e77a1a2182e3e08231cb735e1b8ab8ed83c3fb9d

      Download Submit
    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY
      Filesize

      1KB

      MD5

      765c6e7ce32562336a16d4852f694b44

      SHA1

      db728a1e521019cc953b83e666dfa91b87d0e29b

      SHA256

      001318c5caa0c698f6497ed58f654516bbef820d0b620d0ab9d08bfbb57e32bb

      SHA512

      4d1ec8aaf1490a8b33bf458700ce670c165a2f102bb6ba7386a8118831d5f963b83643a1cc165c73701752cc9932ba3c288349bb06ab89b79cc700eefb20782e

      Download Submit
    • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY
      Filesize

      1KB

      MD5

      07b63bcd40eb42e333048462f230a361

      SHA1

      3c31204abcf8c248f59b7e48d8c99e2bba9beddc

      SHA256

      d169a4484f9cc18d12614b3faa688f0f39187c56e06bcd9b229a968a176e1e13

      SHA512

      5bad5653be1cb5ef8c5f1e35dedc329e04b0125e21eb2bf4701e3cc481c988c0c3529fdc2ab82c1e11140d7044bfce2d2b59ba4026cf075bc915f386ac7cefb9

      Download Submit
    • C:\ReadMe.txt
      Filesize

      190B

      MD5

      0e7ad025fb73e48ebda6e7448ab3c90c

      SHA1

      ba37e7fd61958107c91c1910b37cdb8393641cba

      SHA256

      f279049adc079c5212e98cf96c433f4864bdd324d965031eaf101b120e9a84c3

      SHA512

      37a9fd2bf0fa05cfcd51bc2b092a58cbaeab1659b50e63f05e0227cf338e912e9f5abde617137f66fee889ea7c58081906763cc86ca4fafc611fe049dd4ad1d1

      Download Submit
    • memory/1964-54-0x0000000000400000-0x000000000042C000-memory.dmp
      Filesize

      176KB

      Download