Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
17-07-2023 14:20
Behavioral task
behavioral1
Sample
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
Resource
win10v2004-20230703-en
General
-
Target
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
-
Size
178KB
-
MD5
223eff1610b432a1f1aa06c60bd7b9a6
-
SHA1
14177730443c65aefeeda3162b324fdedf9cf9e0
-
SHA256
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55
-
SHA512
cf8b097e4d8dae444c4759a6588bcc5769694d34675f17fed5ee6d0b7aa52ed44263b0cc73f4ff422182a01ad8d69b18a71110c4fc4e9dd2233e9cfe833cbd36
-
SSDEEP
3072:Yrl2uRkddO+iR7OZOQ+dzeIP9mwUGU3l2bxW1/9JnOC/fhKJ2hXh3lmG:22uyqOh2g8U12K9dtEWx17
Malware Config
Signatures
-
PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
-
Renames multiple (8469) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 39 IoCs
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened for modification C:\Users\Admin\Searches\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Music\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Recorded TV\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Music\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Videos\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Downloads\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Documents\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Pictures\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Documents\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-2969888527-3102471180-2307688834-1000\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Links\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Videos\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Desktop\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Users\Public\Libraries\desktop.ini 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened (read-only) \??\H: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\S: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\I: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\N: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\T: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\V: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\W: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\P: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\Q: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\A: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\B: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\J: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\K: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\L: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\O: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\R: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\U: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\Z: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\E: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\G: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\M: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\X: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened (read-only) \??\Y: 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe -
Drops file in Program Files directory 64 IoCs
Processes:
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exedescription ioc process File opened for modification C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\gfserrorfromgroove.ico.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLLIBR.REST.IDX_DLL 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\TexturedBlue.css 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ACT3.SAM.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\EquityReport.Dotx.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287417.WMF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME05.CSS.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck.css.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OLMAPI32.DLL 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153516.WMF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TAIL.WMF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01682_.WMF 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL065.XML 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange.css.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Fortaleza 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\background.gif 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0186362.WMF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SY00132_.WMF.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\PIXEL.ELM.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ENV98SP.POC.PLAY 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 71396 NOTEPAD.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:2780
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" F:\ReadMe.txt1⤵PID:70984
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\ReadMe.txt1⤵
- Opens file in notepad (likely ransom note)
PID:71396
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5a728dc28de11fb64226d70224e3cfa5a
SHA199f3e270b232c81bed391cbb4348031ddf7044f5
SHA2560670d206059a941197f198298c0a9fabe3be9a85bade24eab9cc9e0e5cec9721
SHA512fc923fb7af9b9877216dd93c226b651e5f611e51f2aa2742931c7ea36e72517ee0642763b78f671f1e645016f035a4b9a1bf5d35cb04a6527d48b626236d3416
-
Filesize
1KB
MD5f29747cdd71ad5eadab57cb4fc5d3694
SHA1781c129c7e7920811d0ffbeec37962874552648a
SHA256a1a79459bbd2300bbadf6ef3d310563e3c7d080270f50f12a12a1a5e939d6fa5
SHA512809d8c0c0d1c30a424ade2f2c11991d6e7a87b9d7c074f6c439066d892d21a84d2b8d88679bb24519c44a7abb487d0e4bb4559ea2f2d1aa4d6fc0907921db1b1
-
Filesize
1KB
MD598965188e10a2ba187d1c8295cdf2068
SHA19237f3f1e2dc2642e9939a3f7d4d8182523f81eb
SHA256033c21585f77d2767fff8423de1a111eda6d7e79b741f1e44e9125fe44edf6cc
SHA512921b9e8491b1f9c11d907de2ddf13ec9b78223cf89eec2aac0ea48315e03222518eb7ce6956887c9d3ed4e16a09b03fc16a7026ac3a907d0983f38e2598c0f9f
-
Filesize
1KB
MD56fc2014c901c7420e6b82faa5102c46d
SHA1cf5cbe621de39ef3ead02672ab21566c618bf442
SHA256cdf3a6f0501d97f214613010fef4771ad1946011efd9319d598671d6ce40faa9
SHA512b2b81ef3d809fbd16f5e13a819bcfffa987553164b05f37e869f260a4c82e37327822c9138e62f6e83262e87d9148a6ed76efc2e4ef05a86c15ae51b8ab9cbae
-
Filesize
14KB
MD5038c4b30aafc3791ae89859a2f5f91e0
SHA198379ea68cdfa914574f0f8cb9760cd4776b13cf
SHA2567170ed30bbdde70219556643c03799d8fe959dc9d336fdb8ec6bf8c1a5ac1047
SHA512ab400fe2783ffbeab479b18d258dffb916ea9ce2a0cc4e7d8c7aec9c0e65264b115107ba45630147a309953a8c155a60869912eb05fb7e7c9caf13d2b7936939
-
Filesize
14KB
MD5c3b6cbf733410d10d669be21ac4e8d88
SHA1df671a748e93cbfe8019f7825df394bf36a27d42
SHA256ea1a6f056d17b8d6ba5ee3c947b05ad8b833611b30ad382422ba7ddf56c6695e
SHA512b048fbb0effb0c31cd609d0e6ba7ab2bdba3ab716a0c11b2055f6e677aedfdad424f6256dc975acaebc626e0351d5c3e46311a9ed8cf55f8bd2bbc88722d6895
-
Filesize
10KB
MD56a3bcd0cbe40fa51e9b22154173703a9
SHA13eedf112252c9e9e531306d98663a58ea2bb256c
SHA25670a7ae5a4b7b97c9f1797066cbc209714e40e80e4230776952d3d77c1c38e401
SHA5123757f99373297ff0ac5d4875ca881bac16422ce7ad5d374bab26b1f1f8e59bcd5161fc093b2aaee571d76017e41967937b86e3a54700a6cd380a5feec9a076f2
-
Filesize
10KB
MD5e5e3ccb4b7ca019509897647b8019f1e
SHA18ce5fd3830b8474ba2f4b00c0b62eab8f1f82299
SHA2564c2a8716a717ce77fcdb90ae629171de264b707b7072ba78dc4f8aa24ed3b7ba
SHA5120ca1d61a0b86d0c49e34299eaafd01acc995fa3a443bbe878ff605daca128d243c2a64f93364ba787f417177a67c6cdf0c08d1caf9b35e46d982fac8094aba2f
-
Filesize
1KB
MD58283058f758f169cbaa1e3f05b39c5d5
SHA1bb9ae5993b971bda5a0260cbc2daedaf35d598f0
SHA256fcd0e9aa19b13774b4f34ebcc4f13d1506f73a6eb14e141e5f22e13668ccefc2
SHA51222ed119d66389e5dd6a29e75f02e3fe84d20284e91631501500d56185879edc018f1c08c268f1cc94fe0adefd237fe6affeaa55abcc794292aa2ef24d69f94ac
-
Filesize
1KB
MD5f62778f67a18420d5240b46d49bfc337
SHA1635d5180efca3493aa875bdb35f05c3b1543c584
SHA25637f66a2230be5c3f06c47a478a8885c027b8f93733351d2e280048164e54ff8c
SHA512340ebbbdc82947bc4e2941d56093e282ac577f81482512dffaa76530a0e347a569b45d1c0b3708ac63305a6cacbf132e2d729850af479daf9cbfdad7232d9917
-
Filesize
1KB
MD5251d529a05e585ea53f7250ad5d35adf
SHA1dadccc05bb0b31ca905d3577c0d7fa8c5e000403
SHA2562445c16aafacb9a445bf8bab1c0f0467aac064519fc8d6a78070a201c714333c
SHA51262ce8ccedd5000b4ab96404c1875f7596d06ef79b80a856742c088bed13be465f55058f55f871faf58535d56f27f8270c21fda2a7b89e92e0832b0d63c4c139f
-
Filesize
1KB
MD5776f0ec3a03ccecd7ceef326e44faae2
SHA1d743b866d846de995d53ae49d7bf4de17752ed12
SHA2563c56f4d17507fcc9f5f3a280862c6c6cae4aca559776051e8819df980c84a1c5
SHA512d2fd9ee4edbc26b82caa76a38142120fdc67f4d9ea242feb679f3a03b7264f60160b35f76c02ae4693b49c0c80d65fd983d4a89b8b98e5835d5ccb7ac7442873
-
Filesize
1KB
MD5a76f7eaf13a14a5f70c63f2ea884250c
SHA15098fc4c79790f3c929bbb6dbf6cf4f4b28140aa
SHA256392693d79ccc6301c9031cd3fd5981410d4d114777670905fd31d5d9404c85ba
SHA512667d33c2d4c84ecff5f23ee0126b8109dcfc7164b13227508fb6a8c91c87ed6268f9b363a2b2b3d4de4593119d13fd6e9a58e461043fdbfd5c6cd64b0b3160b8
-
Filesize
1KB
MD5b23d99c5d800bb1af3349546b2251de2
SHA13778f2c9d61b6d63497f143f29c727a01aa6c2b0
SHA256343e0879380f0f7d1e23a087a3744eb7de96604df7321c15acc79255db42487b
SHA512567caf695f6e47ff0e1100ddbbeb25755a505e251676afdfc8ee395e9dc3c0bbd5992a14ae8035feb9226a31dffa918d8fed32cc75ef7e310d106f61ab0394c4
-
Filesize
1KB
MD5b9d1944b79e55e16d3575ea694e8bf00
SHA183ccf165ca594e63cfd16233d901c0969e811589
SHA256e55bd84a4948050e01f46b0eeb948553a12cd4f3736cd97f84a287eaf26550e2
SHA512340325e11888ed525c7a09e1a60d3aa7031f8509b398ae0ca3c57cb31ef15d79bf05a85beaabb3f05fc69399b9d5a093f139e4475d6470d20b1f2741bd339a50
-
Filesize
1KB
MD53c7e8ff25d6cb4e2329e9bda14d96429
SHA19f25abdda8c2fbb1084b1a1a122cf6c2bd4c7129
SHA2568f78f2a5cffb8e4786b412fc6bd206b12aca8688dc684dea55547814b097bb5e
SHA51278b0708c905aceb5b04ef1b1390affc734f36463913f5e0a0b91baf49d96aae3451b446da1d440f7264b7d79ca9271678ef182a71a1b50b266963a3c54331909
-
Filesize
1KB
MD5ce228156d54cf13777a133bf966840bd
SHA1b1759de92b899e49d532417f232621bd204a1917
SHA2561f65e0c9ed0299cf0cc381c59f8864817671fe295bf320f8406fa9c420d61d41
SHA512c8f38f989d17f81eca30faf4afccbd7d788b981e43e626a9df86c0facdc5fe578e0f8a45f7831f9bac356c7a403771efc81db26e763bbfc9a102c480e5b62948
-
Filesize
1KB
MD5a5296e1052b741c17c9ddbbba5d9c157
SHA1e236aaa6b91cb9beb6c9ac75920d488ac6644c16
SHA2566c454a93f262a96381d807b8f9fe7447e34811eab98dfb87a9ae6e62916df294
SHA51250b2f8ecae6ba53432c1758d1d292ac8bb10fc46ddc62ebaf7cc99e3d18a8cd75f5d4a28b6d5fe0fd20dca64b6cb2c9d01f2d98d748666d02b3c77296635071c
-
Filesize
1KB
MD57552aca47096ae4d39f552beda103e37
SHA115858b56d66b05db4ca099cc2106f5a142d8a2ea
SHA256d0ba8dbdd28501a40547a17f86230e8144217b0b054aa2db409bcb1a3d8943f1
SHA5127bdf605f0777ac7d959b0868c73052763318e2e55f91af8e5c00cb1ec9083408c8dbde3934ae6fa7dbc04213c947a662e33507122cd53f80a80c46c483f81b10
-
Filesize
1KB
MD5b3af8e677d027b208d8928c89cc85a38
SHA153c626a6081d461558ba7394b71c6a870eca2f03
SHA256246e8e5098188e36ae2b5ec45e09e82af02291a1a2938a5affceb8972836a9c7
SHA512f48ad0d368103ca7283551c8dc071f3cc47d3ed07fe0deb9b6ce687b8e5cadde50773afae4f154e5ef3a5347b5740a5da6a3dbf839574521b0408e30d76c1fc6
-
Filesize
1KB
MD5323ed22c538a4e6fd1a0ca5a82a00d19
SHA17b32c5888f9150ea78cead0ea953effedd9f7a9b
SHA2567c0e848aae453a26819963c259856a11b7d83852e64f5fb2bf3c24f54a593427
SHA512de8c13a7cc53061d32a5bcd94cd1f1220c2b4f1d988acd0eb293962c4ee285fb4a28f4e0aa77c308ed95f3330d1d01bb7f3bf2264bd2bbb91e61cf2ef36f8f3f
-
Filesize
1KB
MD5b866bbb519dee60085412e57cade580e
SHA16233e878ee91a5903732f55b9c31dcfacc28b50b
SHA2561844484cdf110d31f54214f7a6e518bce921084856ecf8cb4b7315320ae1fd26
SHA5122c7d59a859d3fcee61834f3b1ebf805858f5b59995731c933cbf5052bf7438512bd20623c13a3e3fa51bb6a9daad1422a40ef546e8ac6b00a011edc1e88183ce
-
Filesize
1KB
MD53d461edfac77c2b95708ab7d3dacb979
SHA13626bc1363b024ac49f63e4f50825da56c2c7252
SHA2566e7f272984271df6dea6b93becd37df9ffd3cf03d7f5038c1999957d68bf5c99
SHA512ea66c9912af42bf64347b5f506f7de05a77ab5750fb96d33b38090a232f2f13d280929bc6492829650f9a48bdf89dbd7271e74f992c7cc2552eaf8de9243105f
-
Filesize
1KB
MD5d01c3bef6661c93879c54e5546c9cbef
SHA177fbf5d5be61d216f24e79f7bb9a9cf486a48174
SHA256fedf39b2dc6a75b8853c9f0fe5aacddf93346558035985eb47b5a496414d80dc
SHA512c8866aad78977ebcd7157d97c2658a339c7d99da477d3318feecdb500a6c23a677a1a7c0954265eeccf4a750737a2e8255676bcf94d5d6393b04130e0a3d86ae
-
Filesize
1KB
MD5f6939d116ee93d448c8099439477ff1b
SHA1787a3d10dda40f04e7b1c352f59cf7a3346ff7d5
SHA25603ef31bf401c5bd257e8a3bc6196d6eba110135326a56d42fbc1ef50cf326752
SHA512a967158ebca71a0e5a89c1f1d238069ad094c0aa71f91cc76555e3a31482b3fc497051a629f84516e266fc11104ff74fafbb9b0527210b29aeaedca4ff377cae
-
Filesize
1KB
MD57bda55c86e68f47e95bae7e27f131b71
SHA1e1c1131e32227e3a1db059f792c39c682d8b47d5
SHA256324969bbfdad6a588179fa2b86ed4a7533ca23c11fa8a1de20035d8a8e1b616a
SHA512aa13680cf13b55d6e6a89040cdd789dde8797c9f0cdf403d15a6fd73193b989154bf347abd2a0d778e2df20275d3ce1a2b3d90bab9a15a2a826178c19d98724d
-
Filesize
1KB
MD55bceb6cd2d45fb0e0c03bf46f089eabe
SHA1b5c6e9675bf22a9949547991a6d94c3496327f91
SHA256797f08852a1eefd2c7e1ff3436471de8beab2626052dabe12bac3892a5b7e6e3
SHA51282a65390fe62863eaf06164509097eb6c2c83be75d23041d5d05d706f97821672980f647066a738cdb97d7c8fee8cf3241e0b4c3f495d6d7e009842a264c4161
-
Filesize
1KB
MD52107ba1e611bdae08888d080a4275242
SHA1ec8274eeafa6716396b2b63cde37a6a76b27864d
SHA2560bf2d314971f5c9b690d5324e3c474bf257c4cf0fcf68149f45c866046094484
SHA512fea52992a62d519f6e5aa1102e50167b0f6416fcdb8960c943587b31014973e39761b54b0fab00b635eef51a44d7227e0cbf4b832ed7312057574ceb7d5ce3a5
-
Filesize
1KB
MD5df9764a3622a96f2c04eaf0078e0fcda
SHA10c4701ee9aa45857cefc1e6c3862da2c0edecaaa
SHA2562ce14968f1854fa5a2a28b2cb207b01875c03e2f3d8894f7b4b2b4f01c6f622a
SHA5128231d8947de15697b4e3f6ce9296d5efd343e91e1fa9d301384a6cfd2b511e67dba82897193092d79deb4e1d2e7ecb6e8829fe28cd38c1f2b7e4a72b70feb377
-
Filesize
7KB
MD553fabb59927af1395a21d88d4d747b77
SHA194a45f191151869dd0ae2df3c8dc617f7b6f8f88
SHA2561f5fe7369f4ec132d9b41add9eacfacac0f73120650208f0262949fab5fe34fb
SHA5125be19a7acbce83ee99283833ade1702391ef315e2f8b7ca3682f0613693553ec52b19b39e63d7178e45f7e5e95c053c42d56202ff6b73174aa766052db9bb56a
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
Filesize1KB
MD5d45377082bfe6046354fafeac5d8468f
SHA19a2e49a00410e1c3c6ae9967f25aa137568705b9
SHA25636628174904b587f71a18d5cf9dfca91913e2874a27437c2b6507ed2afccc735
SHA512e08306cb7402ce429d480ca287f997fe9d96a59d5b4f41e6e6dfeaf3e460cd16ecfb901d7f0974ad7b0a6f28371cdcc50118e4c307069c4608933401a9541b8d
-
C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.PLAY
Filesize1011KB
MD52f56340e84811706603c546200c257b0
SHA1fc4419c6d6867491ec9243efac648f81fd5fbf39
SHA2560851ee5f834f4dd0098dc32c5a01f507d42d7f05b5cfd66e44e47b61739f4065
SHA512e1864abeaf7c03ac084a1b8b164e819f74ba7c1369f35ae56bacdf6bff9b966b3a94a540842f5e314a30fe77b8094e88ee990d760bb0eafd371076c1813c1463
-
Filesize
1KB
MD5cf1018d9f965df7f80492e172e17e7ea
SHA1bd56915bfe0523d15e68f95ddea1c5cb09d8df13
SHA256ed78fd9519c8a1c4baa9f9b3546d15ca7992603b5d5bf3b9b39b1b01dc9e8a71
SHA5120a624d82d14b8edf1906eb402638a9721358fc8c77c020a79d39526a3e10f333f95f2bbcb722f85784a05fe580eeb0586295b27c9db022e777ef5026eeff4d75
-
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize5.5MB
MD50e8a4ff8be058b3c72539375d70ea5a0
SHA131b7e0b19386dad7ec9366e8fb06a02b02701016
SHA256c7c6e9dbdb124c329d58218baca0c8181cb61c77b1f40dd942947a407defbc41
SHA512ef04db66cf49524b0f648200f8e270ff98da115e4cf4822c89ca5ab6c3d761317bf6519980d797f875e512a1ecaa7db601fcd6358cdf023d3d7f5c4487c4803d
-
Filesize
1KB
MD5af55ba2218909dda56fde0127d86e113
SHA1be8eb09a4471091e7feca859f739c84d277fbb13
SHA2563dfe64384207bcdefbece0830713ffb83603e7c82499d7ecbf9b42b57bd4bb0c
SHA5120ff9a0e8f0d7b124c001a4f5aa145469dea79a4d80b1328dd08dff0239fcbfe08e776ca91698d716cda69e3e67b231456be4b4c3b8c3770fbb8642a570f9684a
-
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize5.3MB
MD5691b587eeea79485f196bfbcafd1162a
SHA14959b00de21f7b1bad4e48cd8f8195e224777b69
SHA256746cb5541fab3b2080123f2ff1f6cba0fe9546b8ba0f968e8f95a830c87f77c9
SHA5123a3e092771621c6d662e6fe11eba89347253a3812820556470f84fa7f7b87480d91dee69eeb73035b44d617eb766206c14763c2849fe3b1a19b1e2ac11c9142e
-
Filesize
1KB
MD50b3a6e6db4c76a9e671b3585c38f023b
SHA16fca77cce67d1af38109fb16dbcdd379f63687ae
SHA256c541aadb781e1a4403b9fef1612fbf0f0e4119ceca0cf7151bc5a0acc8d9a9c0
SHA512303b5edd0a41931bbfcb75d7de581fb329634a9b17c1991ad738c9f270378428360b0675d21f21c433cfbc049d51872a8e05177b5ad0889776c33b50f33e771e
-
Filesize
1KB
MD5c9bf0269a7d02d6c6fa5b38156d1fceb
SHA18f0fd5d7dad7065f2755fdc65a1a610e092da232
SHA256eccacf307fa6137c3b70a0d47ac10f042c6268291fd1b71f05a1aa9474b0847e
SHA512986414b35ce4aacb2ea0cea31661e201b5eb2bf9c11ee3926c353eb956ed6bfbcd3b8362a4b06aeb060bf1789c6d081556cc9ee51795920a61b9a70c5365e5e4
-
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize870KB
MD505672e06c253465b34b0305cd6f7b2ed
SHA11f0199a825b5951539c1fa9fafe83a4b26170987
SHA256be501d45eefc2ba29384a1479a08c967ee303edd54a7e971ee9bedeb499776b6
SHA5128d281a6dc5524817052c7fb51571927c092d3f07dc6da0a76719e3e1338afd69d7f24b09a2b74bd900b3b972564040e96ed396906e6ae761dbe8dda82efed0b9
-
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize5.4MB
MD520f729a1e1c047bb1b3c8cf2fed87ed2
SHA1d2b4b85c09b0262e2b6ece2cac149f1e49862a4d
SHA256673eb065bc01e1fd5a044f64c82d6ddddea4303e44f0ab9c9e4af75da682114c
SHA512a2ffbb1e82f66ddd1f760d88ed05d20660155c11930c531d236359bda7cdf9cb0414aa551dc55034deb12b58dde3825d10ec8628fb80abb97862c6de339fe78d
-
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize4.7MB
MD56d7dcce3e1473a25dfd2667e9c02d9d7
SHA18306c5e604dc6115a4c7677ab556c5b16fa91ed6
SHA25632cf219483c5c8e7d2f92c41dd42084288a66741a2f37d918911207ecc6c2a76
SHA51258a18c203af9fc24683e90c2322b34a62d65c2905f1a4d0eca1411605bbe76df27a9814de0b68ef5c64db4749ec929c738bf37bf27fa1b159d6ab9c1250a077d
-
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize4.9MB
MD56f3fc35a8e0d8842c3d5d94f1abb9097
SHA127e2695fb1b0f50f9bac85833eb40d80b183a27b
SHA2565a901ec54314c4ba5e0fdb6908b0629117f60b32e8a4fbb53ad502fef64a36bc
SHA512cb3402f6bb47cb894df34398e12bf6545961be8bd50be8fc92f2460a717c517d996eacd248b62efe1779ac4ac0eee835747b11ec43e06ac0a7c37bb102dfcffa
-
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize803KB
MD53bac8dbb11d6193244e17dced90f26f5
SHA1c847933970bb9666c64b86da00034670ec64d8d7
SHA256aa5bb11a1f57f80d200791d1b15e57378e840974e0e7d5fb283e9809b4286c05
SHA512604df4a481932abef639b4e56124af91ad230583a2f825b1e931802cf5337b839ce564190515340ffb6abe61606d2ed47eced823226350de5a092fa3b11a7204
-
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize4.9MB
MD5bfefae5bc169ea90b589249d225afe3b
SHA1ffb52e9fdddd8ea41629bc9b724262ff1be25346
SHA256be67a1f829d2d9a2d9cea2b51bd9dd3a771a2309a190188f43e4a2434a44f6af
SHA51211538c18dc1e58031598fdc025afe5cdf4ac781e4dda3ab5f4e0d72edd31e5ffada0f1d4661218560b8a23c636626d600fb8b287203321794d5a73da1161a27a
-
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize1011KB
MD57492b30c3f3fbac041530bb2a61a9d32
SHA1e7afd4d64faa5f3e26ab44d41264cd861854abaa
SHA256b338f83897116457cd51ada3d567c816f301183601a354bee7bc640c6be1285c
SHA512cb2f52089832af2af35a2c98fbd93c846513ef5ba3deb1e58d1e90d4818fb3a17d4092d6c2370e494386d1fd7c9a7d825acf7bc3d9912a60527e3f44fe93749c
-
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize791KB
MD55156d3cd05a2e9ee3a248e1cc5c99933
SHA1c3c7f0c7b2047d1e1578045c6b817da16805855e
SHA256537f98f7051ba51b255e6f3191fa9bbdce49501144ab06534f4954acc15d460b
SHA512427fed8f7710dd7282b64e350d84cb6e502ca4b8275194ba7574e377601358878adafa3cbd38972229c72e37cba926dc67dcc9b26ee01a41de27acdd977652ee
-
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize974KB
MD593f3ce823601272ec677ae3719e8ba27
SHA13e3830e39b9145aa05fe0bbe2006c0581723e43b
SHA256867a1cff61e69a17af2c4e7f178fbdee6ee432ad5e8a3b4c000221e2360dc540
SHA512f0519079a56d0d3ceecc9b70ac24e686cc6cdeb7fe915fdd46297d4a4067fbd337c7b7f59397c321916016fec49571ffdcba142b49418f6d42656b297e6b61ff
-
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize742KB
MD5e084d6179d8a4d20e7aa21ee150400ca
SHA1c57ff65b0a14e9fdad1d9d0b08cd0759a9c5906d
SHA2568175a7461dca6e30b2fa6e5d76c97ba5b1660999f29d5e824675cd1873487459
SHA5126195763f856390d71e7d13294f5f523388dc80852a9d7239677e94de7433ef5ed53aa75c008a2d9f41b6f6de325f6cc79d45a93a2ed1861fde836895ee3bf240
-
Filesize
1KB
MD585dd630cc3fc5754703fa19c6bbb36c1
SHA15ef001e739a94de207bdcc2705b6ad75fa5d3345
SHA2562b3c3d21c01fcc4055f7cc7bbfcf783542dd6f60895f892782841dbc0f9a4e4d
SHA512a1c02071c12b09948b66e88dc74e31c8e9c81dad3542d2fe805d820f977f2ca4c6d59cd68fadf0c4ad143011f89fe301de234371381e45bea76a413a521f84fa
-
Filesize
1KB
MD5ac75a8042cf481fe5cf60586005cb69c
SHA1fec4aa7be3da286406f31e972495d01af2150a47
SHA2560d16cd11b7bf85a88a134a94e6892fe011a1af663da8fba2cb147c2611750478
SHA512c3e3895570b2d2fd93be6543d53145f7585f90142801afd533dc63a74d443bbf15870e08f7cc244022e710acd413088725eae7b093430a2433a634efe2fbaf13
-
Filesize
31B
MD5af5c0a0fd6fa8bc8e59f6221a1705ee6
SHA12db1c8d26aecfdb8a827a67a5cbf16c4f9977f0d
SHA2566e55acc025ea4888fdf070a1707b6e04a509b24772e81d64595ea6b2848dd71f
SHA51283fc1952bf5a1aa3fc4109b667655dfad4fd7a72c45ef66d5119a281f24afe939412577d8c3dc0d3ba0ce494bf32ebe11525749ba4181e4314973e6f3a36786d
-
Filesize
31B
MD5af5c0a0fd6fa8bc8e59f6221a1705ee6
SHA12db1c8d26aecfdb8a827a67a5cbf16c4f9977f0d
SHA2566e55acc025ea4888fdf070a1707b6e04a509b24772e81d64595ea6b2848dd71f
SHA51283fc1952bf5a1aa3fc4109b667655dfad4fd7a72c45ef66d5119a281f24afe939412577d8c3dc0d3ba0ce494bf32ebe11525749ba4181e4314973e6f3a36786d