Analysis Overview
SHA256
006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55
Threat Level: Known bad
The file 006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe was found to be: Known bad.
Malicious Activity Summary
Play family
Play ransomware payload
PLAY Ransomware, PlayCrypt
Renames multiple (8469) files with added filename extension
Renames multiple (8327) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-17 14:20
Signatures
Play family
Play ransomware payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-17 14:20
Reported
2023-07-17 14:23
Platform
win10v2004-20230703-en
Max time kernel
77s
Max time network
136s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (8327) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_ko.properties | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.ELM.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.winmd | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-250.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-114x114-precomposed.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\ui-strings.js.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.scale-400.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-100.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCallbacks.h | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAB.TTF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AudienceNetwork.winmd | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\index.txt | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-60.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.scale-100.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line.cur | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psm1 | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-oob.xrm-ms.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\Maple.gif | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\NETWORK.ELM | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xeccf.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\DefaultResourceDictionary.xaml | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_hover.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\ui-strings.js.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons2x.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\169.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\1.jpg | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo_2x.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\jmxremote.password.template | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-72_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Dtmf_9_Loud.m4a | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-16_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\th-TH\Microsoft.UI.Xaml.Phone.dll.mui | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
"C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.137.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.130.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.22.249.211:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 211.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
memory/972-133-0x0000000000930000-0x000000000095C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-618519468-4027732583-1827558364-1000\desktop.ini
| MD5 | 52da2963d30f231d9f964ded2989bf18 |
| SHA1 | edbc12fe4fb33be9fbe9a3ba5d9fab4d98c884b0 |
| SHA256 | 8a30375366b4c81b91a43a052666f77b573f8dc3736e814d92744a2a0217a405 |
| SHA512 | 9e8f7c2d8470e677bcbb1db3ec7bc7565edbbcbacfbdf096859c132b25ef47ade5e1f57863adba502f59f7737a1975b890ccc62df64adb9690fe1009e80b3fbd |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-17 14:20
Reported
2023-07-17 14:23
Platform
win7-20230712-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (8469) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\gfserrorfromgroove.ico.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLLIBR.REST.IDX_DLL | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\TexturedBlue.css | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ACT3.SAM.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\EquityReport.Dotx.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0287417.WMF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME05.CSS.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck.css.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OLMAPI32.DLL | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153516.WMF.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TAIL.WMF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01682_.WMF | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\RSSFeeds.css | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL065.XML | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\SETUP.XML.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange.css.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Fortaleza | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\background.gif | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0186362.WMF.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SY00132_.WMF.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\PIXEL.ELM.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\ENV98SP.POC.PLAY | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png | C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
"C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" F:\ReadMe.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\ReadMe.txt
Network
Files
memory/2780-54-0x0000000000120000-0x000000000014C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-2969888527-3102471180-2307688834-1000\desktop.ini
| MD5 | a728dc28de11fb64226d70224e3cfa5a |
| SHA1 | 99f3e270b232c81bed391cbb4348031ddf7044f5 |
| SHA256 | 0670d206059a941197f198298c0a9fabe3be9a85bade24eab9cc9e0e5cec9721 |
| SHA512 | fc923fb7af9b9877216dd93c226b651e5f611e51f2aa2742931c7ea36e72517ee0642763b78f671f1e645016f035a4b9a1bf5d35cb04a6527d48b626236d3416 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
| MD5 | d45377082bfe6046354fafeac5d8468f |
| SHA1 | 9a2e49a00410e1c3c6ae9967f25aa137568705b9 |
| SHA256 | 36628174904b587f71a18d5cf9dfca91913e2874a27437c2b6507ed2afccc735 |
| SHA512 | e08306cb7402ce429d480ca287f997fe9d96a59d5b4f41e6e6dfeaf3e460cd16ecfb901d7f0974ad7b0a6f28371cdcc50118e4c307069c4608933401a9541b8d |
C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.PLAY
| MD5 | df9764a3622a96f2c04eaf0078e0fcda |
| SHA1 | 0c4701ee9aa45857cefc1e6c3862da2c0edecaaa |
| SHA256 | 2ce14968f1854fa5a2a28b2cb207b01875c03e2f3d8894f7b4b2b4f01c6f622a |
| SHA512 | 8231d8947de15697b4e3f6ce9296d5efd343e91e1fa9d301384a6cfd2b511e67dba82897193092d79deb4e1d2e7ecb6e8829fe28cd38c1f2b7e4a72b70feb377 |
C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.PLAY
| MD5 | 5bceb6cd2d45fb0e0c03bf46f089eabe |
| SHA1 | b5c6e9675bf22a9949547991a6d94c3496327f91 |
| SHA256 | 797f08852a1eefd2c7e1ff3436471de8beab2626052dabe12bac3892a5b7e6e3 |
| SHA512 | 82a65390fe62863eaf06164509097eb6c2c83be75d23041d5d05d706f97821672980f647066a738cdb97d7c8fee8cf3241e0b4c3f495d6d7e009842a264c4161 |
C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.PLAY
| MD5 | f6939d116ee93d448c8099439477ff1b |
| SHA1 | 787a3d10dda40f04e7b1c352f59cf7a3346ff7d5 |
| SHA256 | 03ef31bf401c5bd257e8a3bc6196d6eba110135326a56d42fbc1ef50cf326752 |
| SHA512 | a967158ebca71a0e5a89c1f1d238069ad094c0aa71f91cc76555e3a31482b3fc497051a629f84516e266fc11104ff74fafbb9b0527210b29aeaedca4ff377cae |
C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.PLAY
| MD5 | 3d461edfac77c2b95708ab7d3dacb979 |
| SHA1 | 3626bc1363b024ac49f63e4f50825da56c2c7252 |
| SHA256 | 6e7f272984271df6dea6b93becd37df9ffd3cf03d7f5038c1999957d68bf5c99 |
| SHA512 | ea66c9912af42bf64347b5f506f7de05a77ab5750fb96d33b38090a232f2f13d280929bc6492829650f9a48bdf89dbd7271e74f992c7cc2552eaf8de9243105f |
C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.PLAY
| MD5 | 323ed22c538a4e6fd1a0ca5a82a00d19 |
| SHA1 | 7b32c5888f9150ea78cead0ea953effedd9f7a9b |
| SHA256 | 7c0e848aae453a26819963c259856a11b7d83852e64f5fb2bf3c24f54a593427 |
| SHA512 | de8c13a7cc53061d32a5bcd94cd1f1220c2b4f1d988acd0eb293962c4ee285fb4a28f4e0aa77c308ed95f3330d1d01bb7f3bf2264bd2bbb91e61cf2ef36f8f3f |
C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.PLAY
| MD5 | 7552aca47096ae4d39f552beda103e37 |
| SHA1 | 15858b56d66b05db4ca099cc2106f5a142d8a2ea |
| SHA256 | d0ba8dbdd28501a40547a17f86230e8144217b0b054aa2db409bcb1a3d8943f1 |
| SHA512 | 7bdf605f0777ac7d959b0868c73052763318e2e55f91af8e5c00cb1ec9083408c8dbde3934ae6fa7dbc04213c947a662e33507122cd53f80a80c46c483f81b10 |
C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.PLAY
| MD5 | ce228156d54cf13777a133bf966840bd |
| SHA1 | b1759de92b899e49d532417f232621bd204a1917 |
| SHA256 | 1f65e0c9ed0299cf0cc381c59f8864817671fe295bf320f8406fa9c420d61d41 |
| SHA512 | c8f38f989d17f81eca30faf4afccbd7d788b981e43e626a9df86c0facdc5fe578e0f8a45f7831f9bac356c7a403771efc81db26e763bbfc9a102c480e5b62948 |
C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.PLAY
| MD5 | b9d1944b79e55e16d3575ea694e8bf00 |
| SHA1 | 83ccf165ca594e63cfd16233d901c0969e811589 |
| SHA256 | e55bd84a4948050e01f46b0eeb948553a12cd4f3736cd97f84a287eaf26550e2 |
| SHA512 | 340325e11888ed525c7a09e1a60d3aa7031f8509b398ae0ca3c57cb31ef15d79bf05a85beaabb3f05fc69399b9d5a093f139e4475d6470d20b1f2741bd339a50 |
C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.PLAY
| MD5 | a76f7eaf13a14a5f70c63f2ea884250c |
| SHA1 | 5098fc4c79790f3c929bbb6dbf6cf4f4b28140aa |
| SHA256 | 392693d79ccc6301c9031cd3fd5981410d4d114777670905fd31d5d9404c85ba |
| SHA512 | 667d33c2d4c84ecff5f23ee0126b8109dcfc7164b13227508fb6a8c91c87ed6268f9b363a2b2b3d4de4593119d13fd6e9a58e461043fdbfd5c6cd64b0b3160b8 |
C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.PLAY
| MD5 | 251d529a05e585ea53f7250ad5d35adf |
| SHA1 | dadccc05bb0b31ca905d3577c0d7fa8c5e000403 |
| SHA256 | 2445c16aafacb9a445bf8bab1c0f0467aac064519fc8d6a78070a201c714333c |
| SHA512 | 62ce8ccedd5000b4ab96404c1875f7596d06ef79b80a856742c088bed13be465f55058f55f871faf58535d56f27f8270c21fda2a7b89e92e0832b0d63c4c139f |
C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.PLAY
| MD5 | 8283058f758f169cbaa1e3f05b39c5d5 |
| SHA1 | bb9ae5993b971bda5a0260cbc2daedaf35d598f0 |
| SHA256 | fcd0e9aa19b13774b4f34ebcc4f13d1506f73a6eb14e141e5f22e13668ccefc2 |
| SHA512 | 22ed119d66389e5dd6a29e75f02e3fe84d20284e91631501500d56185879edc018f1c08c268f1cc94fe0adefd237fe6affeaa55abcc794292aa2ef24d69f94ac |
C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.PLAY
| MD5 | 6a3bcd0cbe40fa51e9b22154173703a9 |
| SHA1 | 3eedf112252c9e9e531306d98663a58ea2bb256c |
| SHA256 | 70a7ae5a4b7b97c9f1797066cbc209714e40e80e4230776952d3d77c1c38e401 |
| SHA512 | 3757f99373297ff0ac5d4875ca881bac16422ce7ad5d374bab26b1f1f8e59bcd5161fc093b2aaee571d76017e41967937b86e3a54700a6cd380a5feec9a076f2 |
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.PLAY
| MD5 | 038c4b30aafc3791ae89859a2f5f91e0 |
| SHA1 | 98379ea68cdfa914574f0f8cb9760cd4776b13cf |
| SHA256 | 7170ed30bbdde70219556643c03799d8fe959dc9d336fdb8ec6bf8c1a5ac1047 |
| SHA512 | ab400fe2783ffbeab479b18d258dffb916ea9ce2a0cc4e7d8c7aec9c0e65264b115107ba45630147a309953a8c155a60869912eb05fb7e7c9caf13d2b7936939 |
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml.PLAY
| MD5 | 98965188e10a2ba187d1c8295cdf2068 |
| SHA1 | 9237f3f1e2dc2642e9939a3f7d4d8182523f81eb |
| SHA256 | 033c21585f77d2767fff8423de1a111eda6d7e79b741f1e44e9125fe44edf6cc |
| SHA512 | 921b9e8491b1f9c11d907de2ddf13ec9b78223cf89eec2aac0ea48315e03222518eb7ce6956887c9d3ed4e16a09b03fc16a7026ac3a907d0983f38e2598c0f9f |
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
| MD5 | 6d7dcce3e1473a25dfd2667e9c02d9d7 |
| SHA1 | 8306c5e604dc6115a4c7677ab556c5b16fa91ed6 |
| SHA256 | 32cf219483c5c8e7d2f92c41dd42084288a66741a2f37d918911207ecc6c2a76 |
| SHA512 | 58a18c203af9fc24683e90c2322b34a62d65c2905f1a4d0eca1411605bbe76df27a9814de0b68ef5c64db4749ec929c738bf37bf27fa1b159d6ab9c1250a077d |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY
| MD5 | ac75a8042cf481fe5cf60586005cb69c |
| SHA1 | fec4aa7be3da286406f31e972495d01af2150a47 |
| SHA256 | 0d16cd11b7bf85a88a134a94e6892fe011a1af663da8fba2cb147c2611750478 |
| SHA512 | c3e3895570b2d2fd93be6543d53145f7585f90142801afd533dc63a74d443bbf15870e08f7cc244022e710acd413088725eae7b093430a2433a634efe2fbaf13 |
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
| MD5 | e084d6179d8a4d20e7aa21ee150400ca |
| SHA1 | c57ff65b0a14e9fdad1d9d0b08cd0759a9c5906d |
| SHA256 | 8175a7461dca6e30b2fa6e5d76c97ba5b1660999f29d5e824675cd1873487459 |
| SHA512 | 6195763f856390d71e7d13294f5f523388dc80852a9d7239677e94de7433ef5ed53aa75c008a2d9f41b6f6de325f6cc79d45a93a2ed1861fde836895ee3bf240 |
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
| MD5 | 93f3ce823601272ec677ae3719e8ba27 |
| SHA1 | 3e3830e39b9145aa05fe0bbe2006c0581723e43b |
| SHA256 | 867a1cff61e69a17af2c4e7f178fbdee6ee432ad5e8a3b4c000221e2360dc540 |
| SHA512 | f0519079a56d0d3ceecc9b70ac24e686cc6cdeb7fe915fdd46297d4a4067fbd337c7b7f59397c321916016fec49571ffdcba142b49418f6d42656b297e6b61ff |
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
| MD5 | 7492b30c3f3fbac041530bb2a61a9d32 |
| SHA1 | e7afd4d64faa5f3e26ab44d41264cd861854abaa |
| SHA256 | b338f83897116457cd51ada3d567c816f301183601a354bee7bc640c6be1285c |
| SHA512 | cb2f52089832af2af35a2c98fbd93c846513ef5ba3deb1e58d1e90d4818fb3a17d4092d6c2370e494386d1fd7c9a7d825acf7bc3d9912a60527e3f44fe93749c |
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
| MD5 | bfefae5bc169ea90b589249d225afe3b |
| SHA1 | ffb52e9fdddd8ea41629bc9b724262ff1be25346 |
| SHA256 | be67a1f829d2d9a2d9cea2b51bd9dd3a771a2309a190188f43e4a2434a44f6af |
| SHA512 | 11538c18dc1e58031598fdc025afe5cdf4ac781e4dda3ab5f4e0d72edd31e5ffada0f1d4661218560b8a23c636626d600fb8b287203321794d5a73da1161a27a |
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
| MD5 | 6f3fc35a8e0d8842c3d5d94f1abb9097 |
| SHA1 | 27e2695fb1b0f50f9bac85833eb40d80b183a27b |
| SHA256 | 5a901ec54314c4ba5e0fdb6908b0629117f60b32e8a4fbb53ad502fef64a36bc |
| SHA512 | cb3402f6bb47cb894df34398e12bf6545961be8bd50be8fc92f2460a717c517d996eacd248b62efe1779ac4ac0eee835747b11ec43e06ac0a7c37bb102dfcffa |
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
| MD5 | 20f729a1e1c047bb1b3c8cf2fed87ed2 |
| SHA1 | d2b4b85c09b0262e2b6ece2cac149f1e49862a4d |
| SHA256 | 673eb065bc01e1fd5a044f64c82d6ddddea4303e44f0ab9c9e4af75da682114c |
| SHA512 | a2ffbb1e82f66ddd1f760d88ed05d20660155c11930c531d236359bda7cdf9cb0414aa551dc55034deb12b58dde3825d10ec8628fb80abb97862c6de339fe78d |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY
| MD5 | c9bf0269a7d02d6c6fa5b38156d1fceb |
| SHA1 | 8f0fd5d7dad7065f2755fdc65a1a610e092da232 |
| SHA256 | eccacf307fa6137c3b70a0d47ac10f042c6268291fd1b71f05a1aa9474b0847e |
| SHA512 | 986414b35ce4aacb2ea0cea31661e201b5eb2bf9c11ee3926c353eb956ed6bfbcd3b8362a4b06aeb060bf1789c6d081556cc9ee51795920a61b9a70c5365e5e4 |
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
| MD5 | 691b587eeea79485f196bfbcafd1162a |
| SHA1 | 4959b00de21f7b1bad4e48cd8f8195e224777b69 |
| SHA256 | 746cb5541fab3b2080123f2ff1f6cba0fe9546b8ba0f968e8f95a830c87f77c9 |
| SHA512 | 3a3e092771621c6d662e6fe11eba89347253a3812820556470f84fa7f7b87480d91dee69eeb73035b44d617eb766206c14763c2849fe3b1a19b1e2ac11c9142e |
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
| MD5 | 0e8a4ff8be058b3c72539375d70ea5a0 |
| SHA1 | 31b7e0b19386dad7ec9366e8fb06a02b02701016 |
| SHA256 | c7c6e9dbdb124c329d58218baca0c8181cb61c77b1f40dd942947a407defbc41 |
| SHA512 | ef04db66cf49524b0f648200f8e270ff98da115e4cf4822c89ca5ab6c3d761317bf6519980d797f875e512a1ecaa7db601fcd6358cdf023d3d7f5c4487c4803d |
C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.PLAY
| MD5 | 2f56340e84811706603c546200c257b0 |
| SHA1 | fc4419c6d6867491ec9243efac648f81fd5fbf39 |
| SHA256 | 0851ee5f834f4dd0098dc32c5a01f507d42d7f05b5cfd66e44e47b61739f4065 |
| SHA512 | e1864abeaf7c03ac084a1b8b164e819f74ba7c1369f35ae56bacdf6bff9b966b3a94a540842f5e314a30fe77b8094e88ee990d760bb0eafd371076c1813c1463 |
C:\ProgramData\Microsoft Help\nslist.hxl.PLAY
| MD5 | 53fabb59927af1395a21d88d4d747b77 |
| SHA1 | 94a45f191151869dd0ae2df3c8dc617f7b6f8f88 |
| SHA256 | 1f5fe7369f4ec132d9b41add9eacfacac0f73120650208f0262949fab5fe34fb |
| SHA512 | 5be19a7acbce83ee99283833ade1702391ef315e2f8b7ca3682f0613693553ec52b19b39e63d7178e45f7e5e95c053c42d56202ff6b73174aa766052db9bb56a |
C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.PLAY
| MD5 | 2107ba1e611bdae08888d080a4275242 |
| SHA1 | ec8274eeafa6716396b2b63cde37a6a76b27864d |
| SHA256 | 0bf2d314971f5c9b690d5324e3c474bf257c4cf0fcf68149f45c866046094484 |
| SHA512 | fea52992a62d519f6e5aa1102e50167b0f6416fcdb8960c943587b31014973e39761b54b0fab00b635eef51a44d7227e0cbf4b832ed7312057574ceb7d5ce3a5 |
C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.PLAY
| MD5 | 7bda55c86e68f47e95bae7e27f131b71 |
| SHA1 | e1c1131e32227e3a1db059f792c39c682d8b47d5 |
| SHA256 | 324969bbfdad6a588179fa2b86ed4a7533ca23c11fa8a1de20035d8a8e1b616a |
| SHA512 | aa13680cf13b55d6e6a89040cdd789dde8797c9f0cdf403d15a6fd73193b989154bf347abd2a0d778e2df20275d3ce1a2b3d90bab9a15a2a826178c19d98724d |
C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.PLAY
| MD5 | d01c3bef6661c93879c54e5546c9cbef |
| SHA1 | 77fbf5d5be61d216f24e79f7bb9a9cf486a48174 |
| SHA256 | fedf39b2dc6a75b8853c9f0fe5aacddf93346558035985eb47b5a496414d80dc |
| SHA512 | c8866aad78977ebcd7157d97c2658a339c7d99da477d3318feecdb500a6c23a677a1a7c0954265eeccf4a750737a2e8255676bcf94d5d6393b04130e0a3d86ae |
C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.PLAY
| MD5 | b866bbb519dee60085412e57cade580e |
| SHA1 | 6233e878ee91a5903732f55b9c31dcfacc28b50b |
| SHA256 | 1844484cdf110d31f54214f7a6e518bce921084856ecf8cb4b7315320ae1fd26 |
| SHA512 | 2c7d59a859d3fcee61834f3b1ebf805858f5b59995731c933cbf5052bf7438512bd20623c13a3e3fa51bb6a9daad1422a40ef546e8ac6b00a011edc1e88183ce |
C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.PLAY
| MD5 | b3af8e677d027b208d8928c89cc85a38 |
| SHA1 | 53c626a6081d461558ba7394b71c6a870eca2f03 |
| SHA256 | 246e8e5098188e36ae2b5ec45e09e82af02291a1a2938a5affceb8972836a9c7 |
| SHA512 | f48ad0d368103ca7283551c8dc071f3cc47d3ed07fe0deb9b6ce687b8e5cadde50773afae4f154e5ef3a5347b5740a5da6a3dbf839574521b0408e30d76c1fc6 |
C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.PLAY
| MD5 | a5296e1052b741c17c9ddbbba5d9c157 |
| SHA1 | e236aaa6b91cb9beb6c9ac75920d488ac6644c16 |
| SHA256 | 6c454a93f262a96381d807b8f9fe7447e34811eab98dfb87a9ae6e62916df294 |
| SHA512 | 50b2f8ecae6ba53432c1758d1d292ac8bb10fc46ddc62ebaf7cc99e3d18a8cd75f5d4a28b6d5fe0fd20dca64b6cb2c9d01f2d98d748666d02b3c77296635071c |
C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.PLAY
| MD5 | 3c7e8ff25d6cb4e2329e9bda14d96429 |
| SHA1 | 9f25abdda8c2fbb1084b1a1a122cf6c2bd4c7129 |
| SHA256 | 8f78f2a5cffb8e4786b412fc6bd206b12aca8688dc684dea55547814b097bb5e |
| SHA512 | 78b0708c905aceb5b04ef1b1390affc734f36463913f5e0a0b91baf49d96aae3451b446da1d440f7264b7d79ca9271678ef182a71a1b50b266963a3c54331909 |
C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.PLAY
| MD5 | b23d99c5d800bb1af3349546b2251de2 |
| SHA1 | 3778f2c9d61b6d63497f143f29c727a01aa6c2b0 |
| SHA256 | 343e0879380f0f7d1e23a087a3744eb7de96604df7321c15acc79255db42487b |
| SHA512 | 567caf695f6e47ff0e1100ddbbeb25755a505e251676afdfc8ee395e9dc3c0bbd5992a14ae8035feb9226a31dffa918d8fed32cc75ef7e310d106f61ab0394c4 |
C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.PLAY
| MD5 | 776f0ec3a03ccecd7ceef326e44faae2 |
| SHA1 | d743b866d846de995d53ae49d7bf4de17752ed12 |
| SHA256 | 3c56f4d17507fcc9f5f3a280862c6c6cae4aca559776051e8819df980c84a1c5 |
| SHA512 | d2fd9ee4edbc26b82caa76a38142120fdc67f4d9ea242feb679f3a03b7264f60160b35f76c02ae4693b49c0c80d65fd983d4a89b8b98e5835d5ccb7ac7442873 |
C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.PLAY
| MD5 | f62778f67a18420d5240b46d49bfc337 |
| SHA1 | 635d5180efca3493aa875bdb35f05c3b1543c584 |
| SHA256 | 37f66a2230be5c3f06c47a478a8885c027b8f93733351d2e280048164e54ff8c |
| SHA512 | 340ebbbdc82947bc4e2941d56093e282ac577f81482512dffaa76530a0e347a569b45d1c0b3708ac63305a6cacbf132e2d729850af479daf9cbfdad7232d9917 |
C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.PLAY
| MD5 | e5e3ccb4b7ca019509897647b8019f1e |
| SHA1 | 8ce5fd3830b8474ba2f4b00c0b62eab8f1f82299 |
| SHA256 | 4c2a8716a717ce77fcdb90ae629171de264b707b7072ba78dc4f8aa24ed3b7ba |
| SHA512 | 0ca1d61a0b86d0c49e34299eaafd01acc995fa3a443bbe878ff605daca128d243c2a64f93364ba787f417177a67c6cdf0c08d1caf9b35e46d982fac8094aba2f |
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.PLAY
| MD5 | c3b6cbf733410d10d669be21ac4e8d88 |
| SHA1 | df671a748e93cbfe8019f7825df394bf36a27d42 |
| SHA256 | ea1a6f056d17b8d6ba5ee3c947b05ad8b833611b30ad382422ba7ddf56c6695e |
| SHA512 | b048fbb0effb0c31cd609d0e6ba7ab2bdba3ab716a0c11b2055f6e677aedfdad424f6256dc975acaebc626e0351d5c3e46311a9ed8cf55f8bd2bbc88722d6895 |
C:\ProgramData\Microsoft Help\Hx.hxn.PLAY
| MD5 | 6fc2014c901c7420e6b82faa5102c46d |
| SHA1 | cf5cbe621de39ef3ead02672ab21566c618bf442 |
| SHA256 | cdf3a6f0501d97f214613010fef4771ad1946011efd9319d598671d6ce40faa9 |
| SHA512 | b2b81ef3d809fbd16f5e13a819bcfffa987553164b05f37e869f260a4c82e37327822c9138e62f6e83262e87d9148a6ed76efc2e4ef05a86c15ae51b8ab9cbae |
C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata.PLAY
| MD5 | f29747cdd71ad5eadab57cb4fc5d3694 |
| SHA1 | 781c129c7e7920811d0ffbeec37962874552648a |
| SHA256 | a1a79459bbd2300bbadf6ef3d310563e3c7d080270f50f12a12a1a5e939d6fa5 |
| SHA512 | 809d8c0c0d1c30a424ade2f2c11991d6e7a87b9d7c074f6c439066d892d21a84d2b8d88679bb24519c44a7abb487d0e4bb4559ea2f2d1aa4d6fc0907921db1b1 |
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
| MD5 | 5156d3cd05a2e9ee3a248e1cc5c99933 |
| SHA1 | c3c7f0c7b2047d1e1578045c6b817da16805855e |
| SHA256 | 537f98f7051ba51b255e6f3191fa9bbdce49501144ab06534f4954acc15d460b |
| SHA512 | 427fed8f7710dd7282b64e350d84cb6e502ca4b8275194ba7574e377601358878adafa3cbd38972229c72e37cba926dc67dcc9b26ee01a41de27acdd977652ee |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY
| MD5 | 85dd630cc3fc5754703fa19c6bbb36c1 |
| SHA1 | 5ef001e739a94de207bdcc2705b6ad75fa5d3345 |
| SHA256 | 2b3c3d21c01fcc4055f7cc7bbfcf783542dd6f60895f892782841dbc0f9a4e4d |
| SHA512 | a1c02071c12b09948b66e88dc74e31c8e9c81dad3542d2fe805d820f977f2ca4c6d59cd68fadf0c4ad143011f89fe301de234371381e45bea76a413a521f84fa |
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
| MD5 | 3bac8dbb11d6193244e17dced90f26f5 |
| SHA1 | c847933970bb9666c64b86da00034670ec64d8d7 |
| SHA256 | aa5bb11a1f57f80d200791d1b15e57378e840974e0e7d5fb283e9809b4286c05 |
| SHA512 | 604df4a481932abef639b4e56124af91ad230583a2f825b1e931802cf5337b839ce564190515340ffb6abe61606d2ed47eced823226350de5a092fa3b11a7204 |
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
| MD5 | 05672e06c253465b34b0305cd6f7b2ed |
| SHA1 | 1f0199a825b5951539c1fa9fafe83a4b26170987 |
| SHA256 | be501d45eefc2ba29384a1479a08c967ee303edd54a7e971ee9bedeb499776b6 |
| SHA512 | 8d281a6dc5524817052c7fb51571927c092d3f07dc6da0a76719e3e1338afd69d7f24b09a2b74bd900b3b972564040e96ed396906e6ae761dbe8dda82efed0b9 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY
| MD5 | 0b3a6e6db4c76a9e671b3585c38f023b |
| SHA1 | 6fca77cce67d1af38109fb16dbcdd379f63687ae |
| SHA256 | c541aadb781e1a4403b9fef1612fbf0f0e4119ceca0cf7151bc5a0acc8d9a9c0 |
| SHA512 | 303b5edd0a41931bbfcb75d7de581fb329634a9b17c1991ad738c9f270378428360b0675d21f21c433cfbc049d51872a8e05177b5ad0889776c33b50f33e771e |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY
| MD5 | af55ba2218909dda56fde0127d86e113 |
| SHA1 | be8eb09a4471091e7feca859f739c84d277fbb13 |
| SHA256 | 3dfe64384207bcdefbece0830713ffb83603e7c82499d7ecbf9b42b57bd4bb0c |
| SHA512 | 0ff9a0e8f0d7b124c001a4f5aa145469dea79a4d80b1328dd08dff0239fcbfe08e776ca91698d716cda69e3e67b231456be4b4c3b8c3770fbb8642a570f9684a |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY
| MD5 | cf1018d9f965df7f80492e172e17e7ea |
| SHA1 | bd56915bfe0523d15e68f95ddea1c5cb09d8df13 |
| SHA256 | ed78fd9519c8a1c4baa9f9b3546d15ca7992603b5d5bf3b9b39b1b01dc9e8a71 |
| SHA512 | 0a624d82d14b8edf1906eb402638a9721358fc8c77c020a79d39526a3e10f333f95f2bbcb722f85784a05fe580eeb0586295b27c9db022e777ef5026eeff4d75 |
F:\ReadMe.txt
| MD5 | af5c0a0fd6fa8bc8e59f6221a1705ee6 |
| SHA1 | 2db1c8d26aecfdb8a827a67a5cbf16c4f9977f0d |
| SHA256 | 6e55acc025ea4888fdf070a1707b6e04a509b24772e81d64595ea6b2848dd71f |
| SHA512 | 83fc1952bf5a1aa3fc4109b667655dfad4fd7a72c45ef66d5119a281f24afe939412577d8c3dc0d3ba0ce494bf32ebe11525749ba4181e4314973e6f3a36786d |
C:\ReadMe.txt
| MD5 | af5c0a0fd6fa8bc8e59f6221a1705ee6 |
| SHA1 | 2db1c8d26aecfdb8a827a67a5cbf16c4f9977f0d |
| SHA256 | 6e55acc025ea4888fdf070a1707b6e04a509b24772e81d64595ea6b2848dd71f |
| SHA512 | 83fc1952bf5a1aa3fc4109b667655dfad4fd7a72c45ef66d5119a281f24afe939412577d8c3dc0d3ba0ce494bf32ebe11525749ba4181e4314973e6f3a36786d |