Analysis
-
max time kernel
1800s -
max time network
1227s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2023 12:38
Behavioral task
behavioral1
Sample
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
Resource
win10-20230621-en
Behavioral task
behavioral2
Sample
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
Resource
win10v2004-20230621-en
General
-
Target
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
-
Size
178KB
-
MD5
223eff1610b432a1f1aa06c60bd7b9a6
-
SHA1
14177730443c65aefeeda3162b324fdedf9cf9e0
-
SHA256
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55
-
SHA512
cf8b097e4d8dae444c4759a6588bcc5769694d34675f17fed5ee6d0b7aa52ed44263b0cc73f4ff422182a01ad8d69b18a71110c4fc4e9dd2233e9cfe833cbd36
-
SSDEEP
3072:Yrl2uRkddO+iR7OZOQ+dzeIP9mwUGU3l2bxW1/9JnOC/fhKJ2hXh3lmG:22uyqOh2g8U12K9dtEWx17
Malware Config
Signatures
-
PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
-
Renames multiple (8290) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies extensions of user files 21 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened for modification C:\Users\Admin\Pictures\StepComplete.png.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\FormatUpdate.raw => C:\Users\Admin\Pictures\FormatUpdate.raw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\LockEnter.crw => C:\Users\Admin\Pictures\LockEnter.crw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\SelectDeny.crw => C:\Users\Admin\Pictures\SelectDeny.crw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\LimitProtect.tif => C:\Users\Admin\Pictures\LimitProtect.tif.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\ExpandOut.png.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\ExpandRepair.tiff.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\FormatUpdate.raw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\ExpandRepair.tiff 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\ResizeSet.raw => C:\Users\Admin\Pictures\ResizeSet.raw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\ExpandOut.png => C:\Users\Admin\Pictures\ExpandOut.png.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\BackupComplete.raw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\LockEnter.crw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\SelectDeny.crw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\ExpandRepair.tiff => C:\Users\Admin\Pictures\ExpandRepair.tiff.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\RequestClose.crw => C:\Users\Admin\Pictures\RequestClose.crw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\LimitProtect.tif.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\StepComplete.png => C:\Users\Admin\Pictures\StepComplete.png.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File renamed C:\Users\Admin\Pictures\BackupComplete.raw => C:\Users\Admin\Pictures\BackupComplete.raw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\RequestClose.crw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\ResizeSet.raw.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 29 IoCs
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened for modification C:\Users\Public\Documents\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Pictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Desktop\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-4129409437-3162877118-52503038-1000\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Links\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Libraries\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Music\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\AccountPictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Videos\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\3D Objects\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Searches\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Music\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Downloads\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Documents\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Videos\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened (read-only) \??\O: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\V: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\X: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\I: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\J: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\L: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\M: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\P: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\Q: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\Y: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\Z: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\A: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\E: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\R: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\S: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\T: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\W: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\B: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\H: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\K: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\N: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\U: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\G: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe -
Drops file in Program Files directory 64 IoCs
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Tongue.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-200.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\it-it\ui-strings.js 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\trdtv2r41.xsl 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-64_altform-colorize.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\download-btn.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-250.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon_hover_2x.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\ui-strings.js.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jawt.h 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Gravel.dxt 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlOuterCircle.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\7-Zip\Lang\ps.txt.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\db2v0801.xsl 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlbumMediumTile.scale-100.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\34.jpg 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-200.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-200_contrast-white.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\japanese_over.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview.png.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ul-oob.xrm-ms 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-400.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Configuration\configuration.sqlite 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-64_altform-unplated.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.contrast-black_scale-100.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\plugin.js.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\WideTile.scale-125.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-100.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-20.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7ca.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\SmallTile.scale-200.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Excluded.txt 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGCORE.DLL.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-hover.svg.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-24.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fill-sign-2x.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\id_get.svg.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOARIANEXT.DLL 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-125.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:4932
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5fae3b590943e89bc36e187eab3a23125
SHA16e4df233b1fa5c64e55cbb985c067f750357397e
SHA256c89fbcca793c8afd4b4e2c4a7bb5e4d0175f42583dc421ae59db594b358396c9
SHA51265cba6795a96222a6eaf75b08656ecc9f63cb2430340f53f9f211c46951d4d12c123b34436fb985d096ccbc8d9c494da8e9e910b6f8a8b2fdd6bdfd4e5e0f0ac
-
Filesize
1KB
MD5dd46628cb2688cd72e468e9038d3dde3
SHA12516ff17706f88b8865ffb006e072f721bd53efa
SHA25610e54d91770f82f584ee98fbf2aaeb38061a5fe7514e7cf3d4b398a6fab33f94
SHA5126e85adf205e17a750048212964420b7ead17e283f7e096be2251952c6a22a3adaa041fc14e235e0717c9542f8b507db9a044d46736da3ce95e3b992eb47aa731
-
Filesize
218.2MB
MD5130bd9dba939ba8748a5035e06e19796
SHA18436309f799d66e80dc16f4de0f3e8c6bd627238
SHA25604b41a2180bedf2cee1a1fc8904ca1ddce6de98bbb85a20c8e835cce7150fb47
SHA512f411bd909e1490df9b388302b03099cfd6103064875985429ac4a824ce1f7c6953db1aed43aaaa2534f7976be9b293b80619a95d1ef7dc1e2de9be4d7cd79ac3
-
Filesize
167.0MB
MD57dd3948b44092730fbf2e9d9bceb35ad
SHA1622172d5fa2417b1c4d0f1560101e46a71451eee
SHA2569f2e506fa50c0e9fe04f00f56a714cc491e9899154945843fd2e0e47d14dda60
SHA5127ad456f1d0cad35759cba893902383113a6781c22383bfb47c7a185749547862dff9fec5cc7837cd336aeb33aa3da56f3c11f666cc550626f92d363f6c4af59f
-
Filesize
1KB
MD5081daa9d9238db2cf3ca1f6650fb12e6
SHA1ca5f629e25fb9d80ecfe7afb4c18a42216e971bd
SHA256b790493b38bfb57fa2ebc31258cff7bffad53184598108b7fab4bd1ed15e731a
SHA5128c8ff42b84906d8252bbcc2f48898cfb0460e4bbbc4984ab99b685bf7f8f0614dc0fab4f0e2553087449a88868762b7057dedd6d73f993bc764f48fca68f115d
-
Filesize
1KB
MD5d987a9c7be3dd61673ff6d2463b312a9
SHA1eff2356ed7758c93449e14966f24466f23ebed3a
SHA256a6be7be64ebdc3f09e0310ae330ac0301ab9970ada907a327d9f53a55d1cb5a2
SHA5125c85dd35709351f5191fbdf8addfcffae8387fbc13cfa5f51123d062d7ab8a5223df162be6a4bca4ecd15aaf5aff733507e2e7de701825e6048ad2876d65e373
-
Filesize
1KB
MD5659d04afec842bd0ace945b891cdf8c3
SHA16f3df67ab1b987a831920254eb05284a887941f0
SHA256b6ae6a9621ce1585379bc2363c7cd4f19a4c8d7dea564f751dd29d3fc896f930
SHA512e6d1d14abb8312e2bcf34d5158273f0a043d6b631e9e242bd74e212276c7deee6c94d4ebbb3dfe730c07eeca81553bb5f19c40e44eae87f2e267801b87fb7af9
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
Filesize1KB
MD523360f4a157df6bb39a0734e387956b0
SHA15922a2ed387d60cb0dbdb39cdfbfd8d734980065
SHA256195d71bb031a3dfdddc0fd9bb4de16b2b177eaff5f40fbae761c735adafd0401
SHA5128f95b1871539ca79daa4ee406113ee976a1b830db50d4345888fe3a8fa43daa10d9c42426a9c200c980cc02189b1fe9f76e2c4ae80a8a99070f0ddf8b22ca389
-
Filesize
78.7MB
MD5b3317d89d41d2a97f09bd6179ab14e3f
SHA1e0c74d76e69f8c39dc1bba16db90eff30f73c9a2
SHA256024c0aaa84a44b2523ed74671d0ff760f4096d9d1a4d18da285edbd3efa4e97b
SHA5120f24c4f1b8c32ea9faeb2583ea1564ba68bec5fda7443fb4a80d47b0697b141bea1c10b1986a5f2d14f58abd69d5b69f8702f913a320111754efb9c9f1caf34e
-
Filesize
1KB
MD5336c1551801c3ac69066cecddb859271
SHA10f14993ca2046e08b252ae053dbe34da7b73c880
SHA256ecf758d8059122ad144e8aaf9e49ff5fe0491daf7b6c7414981d286dc73b4b23
SHA512dcee11044881179670c42c38a47fe6a34728a828195f4adf014c52e0dd4e204d483ba83efcfa83f0986d50f1eb5f39274e89344bda324e15feec59fd2297679e
-
Filesize
1KB
MD5eebb5da952b3c24e042cf65bfad24345
SHA1410e42ae5cb70f3143328d896aa83fc66fb9924a
SHA2562fb9c5aceaada77aa197621a15c9931e602fe2a221fcf322c5e68472c54fa905
SHA512eeb4e1d091390ef2d7d0290afd83d071c99d220356632cbd248857c6cbd3cba2a1360f2eb362b054bccaa2332f808b2984347a4aa70d43659731532e2f83067c
-
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize5.5MB
MD5ead763d8f77f8eff3969203d895837dd
SHA11fdaa250aecebb1b07d5e16f5de13fb5e9d50715
SHA256da0aeaec89465c74cde7bb1ac12e914a81710dc6569642021efae2f338bccd1a
SHA512ed47ee8e9557f566b928c21297fec0b160cfba855643f43d88b2f78715800d7dbc75481152288d4585c4348e71c9915e08b60d09c94cc48c1622b7ac22d107ed
-
Filesize
1KB
MD598764696a76a69c81a12a3246d34571e
SHA142ad3a861105359cda40edede80ea58ea437020c
SHA256cb73803a6fbeed87bc27a51c9624f81a63b34bef220b0ef1bcc13bb1b1426422
SHA5122d36f364fcad5f21a0db20de170b07236ae14aec7917e4251890a994ccb526086e4a1c8e5cc8ce240e456fd95f0bdf8567acacaa1874bd723598f4443479eaf3
-
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize5.3MB
MD597e4c1385e8fe287efb48553005fb576
SHA1c3dc75a24392cd4328c73d455f531c7b08979e5e
SHA2568f75ae81e4c0ed7341e1ca51c44d7b3c7c3a5214b11e2e0c5d14f178e707f4ec
SHA5120abf49ce489a2e3f4abfd8c820a6d857e7088b6759e87db074dbad02a3d673f89c9a8cf3997b3d3134b2658a282cc0ebedc5661d0c4e20fda2eebe128b0b968c
-
Filesize
1KB
MD5e71f141a8e947749c78616278f912549
SHA12bcbdd4fbab8323712a090e4b73964ece82de41f
SHA256eda1bafd5c70b2123aad83854473968c45ab3223fc63c69fbb2cbac4c6852a31
SHA512366b53befbb0cade9dd3fde42ece312a25753991d4c2d9dd681b3def53548a2b33d7242ac2cf9e41c6e96c7ce4b138450ef524952eb239ed3a1e7747485dab44
-
Filesize
1KB
MD5fb6783be18a4ab1c52430d652082f004
SHA126c845f4385d304fdd774de914aa3abca016ff87
SHA2563947823eba94033664800ab4cc80fcc2fe5d05e83dd4f886bf50eb09c93d2dd7
SHA5123771a270b425b0251ae05435f37fef0eaf67d95162d968523675c85967fbf2601809c048f76fdb42518a62fdc956feceab524bfd33808cb4ad921b8d17a33665
-
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize870KB
MD58e25d5535f8ca748056ddac3018829c5
SHA12c2fd27acd28ca23797471964176b2f6889f8608
SHA256f8bf75d25b9099c4baff9632621f74e86aac42bdabf91f38bcdb677cf129e3fd
SHA512d44d27dc1e73800d9b90e2a8dcecc5d540dda43f7bb1c708c07e62353ada90af8a8a7015a46549a95953528e97377fc1aeaa830990262050dac3dbb6a4f59d8c
-
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize5.4MB
MD531cfe66d12fb16206e7cefe3bd723018
SHA11f189847d0de3f622d8d6ea3b8f5dc8f6e8828ba
SHA2567f2bba85cf1cdeaaf97bd44be2a04bbdcc8ac4e6cf44c76522c7b772da3d037f
SHA51257159c45e870425bed30bfb4e7f9d9bb1b1f7d9ed967e4e08c9e991174f2899884eac4f2fca6f627b9557ee11831654fd08951148430c5781dd66c4e6408992d
-
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize4.7MB
MD5add5ddfad97075919d77ba9dabc7027a
SHA1e01fe1dd91ed125898964b09d30479d9a76865a7
SHA2562c9b4bf2ae9677b93781c3ccf481b71027aab6c46a2a4c75b43b95968c561d12
SHA512ad89a7fc9fdceb9d864afe4cc41002308719774da72411c395494def025024c0ea4df2099e314f043e02f52aa5bd5248761e197230f1d5d4282c273812e3339d
-
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize4.9MB
MD5ce8f0806886d7e2fadff244339220c9a
SHA18482cd5943673fb0bfc4a1589cc6cba19bc0d441
SHA256c186d594f6d18601ec33e150911fab1f67b5b8fcccfd0563c10b438537ac15c2
SHA512dec9d57aa71a3252f43208e240cc9cd43ada223261364997198ff5b33a81611148696fd6c214e269b9835d33e9560464ce9550f40ba2b4cc56893777a10ab478
-
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize803KB
MD5e37236de95263aff5de8f78cdd6d2352
SHA1198c1147201f1b75c00934f27b943467058ed8b0
SHA256e0f3a3c701384da9f0458983916553f44894e4f0d0ef7abe51618d95ea1eea8d
SHA5122d076a265beaab4f0f6174e2b86421f24d690e162de39d714cf366c82fcd5c3264b637358588419b815abadf9794ea78083668ee0a0591455ed3b168f12dc5e7
-
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize4.9MB
MD5845b969fca5170f9ff2d1c0a89a0ad8d
SHA1defdd092efbc22d7ecb88502636fa7b5012252ad
SHA256c2c42255b6668f5dbc77440ab0f47681c2b83a831fe01a805a3cdb351f7a64af
SHA5122a760fe7e3464444814e7becae2e84779a21051fccf6de5d37cf835396774cb3f38b8eee29acbdd8cdfa3de34cd8ea8aecfe2ebf2c54ae39fad03c5e80502557
-
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize1011KB
MD5762a8ae222aa130d2a9f0cbc05ebc957
SHA170e9a7e7193a1fb30b266c592160ccc5159d1d22
SHA2564e240c9dc80d7e8ad49ed897404eae5d3c5fcc557538928d06fcc274e0dc729f
SHA512669842f651a9df6f7171bdf822c4f19d97cb21d124c338040c34f810e2f5db2f57f0ab31dd5eb88c0b3b30874d8742b52fa7250066644a180a6e359ff41465bc
-
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize791KB
MD53cb4053cb072370192eb0976b33e1b8b
SHA1c2d8c73648036141377d08a028b5914bd7ad240a
SHA256c79401f0efdf937b63623ab875ce8780b2fb910efda198e4fd1077b0293a2d78
SHA51201359478898fec6f92f8ae993f1c66ad2b78453654f4df31b7d01eb349796666312050042efb07608d3d228f0f9c38b7a671068d72e33efd6c5ccd787cfda76e
-
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize974KB
MD50e0f2d9ce5ac19998c1d0dd92bda89f2
SHA16ffb49f75629789f7055b1d568c6e46d6a939d45
SHA25650ce0cae85099f4242b5736c27f3a1c5abb3a7343b07895a05b53ce2a9c84ee3
SHA512335596740d6b17c6970b0cb350c22a22e6b8846c4eed02a3a6c0a8bc2104cf161a87913c9eb416994fb383087479653566110a4cbf9d9eadf4a25061c0049f9d
-
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize742KB
MD510cbacf9e37ebfe8eda8a273f4302efa
SHA1d93800b27288ac8f1f5b90b84e7b1a1cdf5b3850
SHA256f9c253861d83d3e87e1e5a2200d8fb6855100e329a99611785cb258a0a26fdff
SHA5127fd01e5dbff4e13d317ccfaebdce9df80a7309fac0c3af03e6e89abd1f2764ff8f506d739ab5e1690f22f183c3be12b9b784c7357aa2518653e6a3e548f5ebc6
-
Filesize
1KB
MD5ca7e3209daf2ff611f20be6bfe1b93d5
SHA1a6c62290025f2b0eefa66c523c5d35cba4954690
SHA2567d2993472958feba37b83a481feb0f5a300d6cf89f6c78b5f441377a1f6221e7
SHA5121bfa7333265317343971aff91039fc56d8303aefd68281dc7a1404d44f880668eabf9e350828891c0b204333f484849937fd04582d0f2a41e4aa551e2441e6dc
-
Filesize
1KB
MD571b1f91e928b8dacd932d5a09cd5e3f5
SHA1f617ad4eaecd82a94d57b107466142e06849d59f
SHA256ca596199389c347f04c24a3675dbe71b82fb2c2c3d8d9e3493dd34ab107fefb5
SHA51212f49647625660573ec0f127ae2230525db2888d6217b40d587199617f3b607b053260ff3d44dfe4e957580ac5961dfac8e1ed37fbf524d35ee0c92d9506805c
-
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.PLAY
Filesize2KB
MD5063b9e1f07086ef7df49bf6e4b5dd826
SHA1c6e5baf6fb5a250b5e37ace434f926a38f0bbf78
SHA256f8060644ee05d0e817d9556df2e7ef2fdc57ecdeb07490b71cd0bc960f571d1d
SHA5127e4f820ccb8c8070e1878a4ef810cfb3e7b5dec9fec8f3e6191baef787c21161abf851f14527a11880497f1694e9eccb941ca4e58d56a3343c555f1290e8a119
-
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.PLAY
Filesize2KB
MD586aab6d22c6a58adc8a8b8762d6915d8
SHA1c3cab6a9eaf2a3f9b9cac486c5ccd8bfe2b5d86c
SHA256bc4579f3ee046c76b377127913caf4aedc325c536dd63888ae149e9632377316
SHA5128c9ea8a5fa74c10bd90a30422f85191f9f9c9e188ee751ecca98d80e6da39c400ea676a09f69ae60b5ddaa0bbadf1992a0ece92076d740171c893f88c74f2135
-
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.PLAY
Filesize2KB
MD54663ad3355a344018e820771745fb36b
SHA12f2a2913d8880439cd4161ae09ed2096ea31b770
SHA25620504be19f83302871c5edb16697b095f7c471e8ddb4c8c3d35187e9e22db7e8
SHA51256a3f8635ac18bffe86ee9e4aaf49f2a86fd8904a3861086b7c924af70af99d3e0e496281cb070763ac5d818e922402380a7140b226721e5527b71bf2f1db393
-
Filesize
2KB
MD52e2fd7872ef0d601a782a97a9a97e3ed
SHA1865ff28a3c3de60b67f5fa5af313654db3cc4e15
SHA256a2ddd476fb2460a1e503514beb96402121f138edf182a40169a3defe0769dff6
SHA512dfb95ff93d33aa5ed7af76f013e1692709a162d63c0f6d6066d2682eae8024bf27f41ad85517c2543d588b0802f6e529181f6a4e21a7a0c678f2de72c6f5d688