play | 14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2023 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
Size

458KB
MD5

1bf9cd6a26890b29260ee6843d3d0bd2
SHA1

4cdeafb53b3c2ebf4cbf1764590468eba979518a
SHA256

14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72
SHA512

fade8f43f6a69258ad009ae7cfce718d17f83a1acf9e3dfaa82ae908d6ebbeebf43179af3b379ec769093eb83d0ce4e68f4ee431ecb6cda22b696eb469527bde
SSDEEP

6144:EvMaXoK921y0Y0V/XhY6AfwKMXGhcWLzFPR6U6mLzmZpKVPWLlKsp+:EH21y0JV/XCSO/LTn6PZprTp+

Score

10^/10

play ransomware spyware stealer

Malware Config

Signatures

PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
ransomware play
Renames multiple (8306) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 29 IoCs

Processes:

14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe

description	ioc	process
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-618519468-4027732583-1827558364-1000\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe

description	ioc	process
File opened (read-only)	\??\Y:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\G:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\K:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\Q:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\V:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\X:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\L:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\M:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\O:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\A:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\B:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\E:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\H:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\I:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\S:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\W:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\Z:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\P:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\R:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\U:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\J:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\N:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened (read-only)	\??\T:	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe

Drops file in Program Files directory 64 IoCs

Processes:

14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe

description	ioc	process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-unplated_contrast-white.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BOLDSTRI\PREVIEW.GIF	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\quickreplysend.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-200.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-200.HCWhite.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-200.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\sound.properties.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-pl.xrm-ms.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\ui-strings.js.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-unplated_contrast-black.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ul-oob.xrm-ms.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\dropdownarrow_16x16x32.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-white_scale-125.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\RHP_icons_2x.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\ui-strings.js	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\MSFT_PackageManagement.schema.mfl.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-400_contrast-black.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailBadge.scale-100.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul.xrm-ms.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-125.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-30.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.scale-200.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\WideTile.scale-100.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main.css	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\da-dk\ui-strings.js	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\6.jpg	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\MedTile.scale-100.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\nl_get.svg.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\ui-strings.js.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-16_altform-lightunplated.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\deploy\ffjcext.zip.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CHAKRACORE.DLL.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-30_altform-unplated.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-16_altform-unplated_contrast-black.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-150_contrast-black.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\PhtoMDL2.ttf	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-400.png	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\cursors.properties.PLAY	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN109.XML	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\STUDIO.ELM	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl	14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe

C:\Users\Admin\AppData\Local\Temp\14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe
"C:\Users\Admin\AppData\Local\Temp\14315662ccecf8a6f1e85f7cbb89b437aeb947684c1830a5d72d478b13aeee72.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:4712

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-618519468-4027732583-1827558364-1000\desktop.ini
Filesize
1KB

MD5
d5a7f3c7c6869c970bd5ccfaf1a7789c

SHA1
68fa46bcd9310a169a3e1170252dc36bcd95f83c

SHA256
0e9aaca593182010e29829cf1720c5e3eeb5498ee62d5e7a669151b457e41517

SHA512
c5495fc77f2dad7a3b748f1512b9109c64c08046147e9b4128ce31b6650ef2cb12988224ab7bc5e1b438d270e0a5cd4ca4c4976ff8afb6743d9b2e4c4fdb885a

Download Submit
C:\$Recycle.Bin\S-1-5-21-618519468-4027732583-1827558364-1000\desktop.ini
Filesize
1KB

MD5
e363f25c820ae05a7df7aafba69ccd1d

SHA1
cb8e6b13b58ddc8baea3a6995cf183d66db3c93d

SHA256
a94edf5b7cf6094cc7085f00dd20f1e134e7aeb44788dc2339d5fcc0a1a8248a

SHA512
f0243632e42ee42302c5a55b9902be09e3d1ebe000735ebf1d511a04176a43f4dc7ae50c352b5a65ddc927ee2d52326e10de8e91554b4eb80c10999757ef8f6f

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020069.msp.PLAY
Filesize
218.2MB

MD5
52dbfbbb85a64bd8188609bfcbe2d976

SHA1
32d5c908871fb29e82b2cf024229abb0d33a5789

SHA256
328124abc6473c8ccdfdc042b5a5fc0b1c3945bb3ca186bf0c0693fa6ccb7dc3

SHA512
2c55887d667f9ba3e3c0424ad50cba966ee05e698412a33ae354c9cd2eca5d11ee1487408824f7cb434630d75f128c0a1556fb4215402cc40c007ccb5f9361f4

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.PLAY
Filesize
167.0MB

MD5
bd30aca941d998fe2f7bfa208e6ff932

SHA1
13767e9d129a468d296618d815a0c3cda0e6c540

SHA256
262323898f170942b275831296ee33fc5a3db635a17922220ad260b86b609982

SHA512
eb79c2920fade7fa9171af45be77235ceab58aa54a35e5dcf7ec4cbbc95b27316a952633780f938818b44724101c26f9150db74da876f4ecfabe51301e5d940d

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY
Filesize
1KB

MD5
f0384d88d091b45d3bd49869745c5f26

SHA1
3f6c59e493667fd84179b77bbfae5a895ba9b419

SHA256
85fa02d041218ed610eea806fdceb83400f64633eb098735d4d050d4b25eb0b6

SHA512
422b69d04eef4bcb5d377ead5d84e9d6762f5885ebf26d9d048616b7534c0991098099fb003cdf8454b9e3b7033a4bdac05af46e2df83edc52d9764a5efa944c

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY
Filesize
1KB

MD5
46de0090ddde1959b58ca303159d6ce3

SHA1
173f77cdad4e07abee9e350bddaa303dfb9d6de3

SHA256
c2ae2a92505ee973167c4c6b6b82aee6acf5c40ef5e14f121e220de29df8aae0

SHA512
6eaa2a321be97229861b2af473505b2c63c8d0755c8bf07c133d688407e6aabbaabbf54421ce21c37d8d0ec5ecc89998348dbb51d519e016f491a31493830b6f

Download Submit
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.PLAY
Filesize
1KB

MD5
e3e5e06247aa4c0e007bf6ca7841110c

SHA1
fa7dd1a38bc76a8e981be07fe136e57d2926a426

SHA256
88638bfb79bb7016c6253d4e33ccbfebd4dd000a377e2add1cb9c315f6a01435

SHA512
fc0a076dd3e622f635287bdc32142957ce6bf0c3cd515dc8d239da81a0155f3517cce8749299532eeec54ce58f729cf947976d1430df24d7f0cca881719dd1a7

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
Filesize
1KB

MD5
cfeca727971170492fd5e7a7770db46d

SHA1
a13f8a9946d7e4c55ab2853705de9fff89745950

SHA256
7644fd667c2d796a1b4977611ad57eed2c5af6a1c7c63bb3795d48fa6dc072f6

SHA512
a6d967c430150e3c446ee3905d527b4ce86b9ffba9c27f589834137ee742306738a3b42985dafffa3bdacb8980423abc381966a636a4f1e9a616dca5582bc67d

Download Submit
C:\ProgramData\Oracle\Java\installcache_x64\baseimagefam8.PLAY
Filesize
78.7MB

MD5
7aed826f194d10161ac6c1c305490243

SHA1
eafaf367c88bc587ee6d898ff47cf9cb5a6aff14

SHA256
3f0865f6609310f77fdc7a0d2e1361e322da4bff3c8dc560aa21c7f6b40844c5

SHA512
eb971389ddb178cc79d1ec084bb8fcebdbf5dd92701cb39de91c6212038f818e0f8230ab6f6481dfcf3690220e84d427fed068a6b81d94a63f7e7e6107d43244

Download Submit
C:\ProgramData\Oracle\Java\java.settings.cfg.PLAY
Filesize
1KB

MD5
7a53b1a610826a353295063e9909d30c

SHA1
d4df0eebbe719f024eb166c5acbe1d7ed9041bdb

SHA256
992be4bd2d8479a61f3cc5d0ee64d6064899ba5d5622ae5f61bd93ff4b12eeb1

SHA512
e7e7acbdf88501dc0ea23150112990de9def0add7a407e53c4f92c99a9e783680eb6c67fb60ff6ac00776187089a79fd491d5fc18c0436cc4b1e9d5db2e370c8

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY
Filesize
1KB

MD5
7986a1107eede2e09f30bfcd98dbbd0e

SHA1
8dd6dfd05e9f146d6c3eb18e6a1eaa5247db3d88

SHA256
92e12a25c0c6cb9abc5b79c219e3570bcc5071d4bea85eef4b7e7b558e2ee22b

SHA512
9deaf2f2df7ec7a46f53fd2880a6f681f50f66527f3c5d0578ea66b9a0edb6cda9664bf30a3e6fc0086721b203081cf3098d1f7fe94dd266b26eead0759a203a

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize
5.5MB

MD5
713be5135358e9e00753532eefcb16d5

SHA1
548c0e2597e150d35a24dac41c918aed8ce92676

SHA256
eb7867a9ebcb5d318d48590328bd00717e66f4735f0755bf8242c25feb5011e0

SHA512
812dc52389e798d6bf29f55fcd75e649d5995a043db5dea88d04bc9a1e3304321fd4c2c4609a7974b84d0ad8b99f4c868b0930b6e77af5dcf99c6048c6738514

Download Submit
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY
Filesize
1KB

MD5
ff01d0f2b7f5e39736db9765821d164e

SHA1
50177b9bba330b86ae823103969c5756a9995680

SHA256
c46c92f122ede91a20f7279f22af693961c349dcbddab1f52efa489aec4e39b0

SHA512
74392c9ff95a8dc2db79877f01dd38256616dab4200d405ca113bf809edce9a0a2d3438647b221875645321c76b33df8377932a76992ea5c6bfa0ba9a46095ad

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize
5.3MB

MD5
0eacf61b566f59187818979850751976

SHA1
b33bd46557c070c429af0086ae3f442dbdfe0367

SHA256
6708711c5556f25276e60d99a9ee20e798883cb8c58ec6546f77786803daa462

SHA512
f5ab0d01edbbbd208ca6444d2bf0b3ad68f1f0d604732a175794089493900c6f6d7b1716d329f2b99ecd0043a6c6d15e6e251d708bced6ee5bc0af43b2c11876

Download Submit
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY
Filesize
1KB

MD5
d46d3e963488957ebecdefb90e29567a

SHA1
b278d810f94403d1a0a829d14cfefe46c590e22d

SHA256
9b71de0f577c32c16b4d2a70baa1eb4f0d88c6f8234bb0e89f72b753e9bcc768

SHA512
cfaae570560b73731195b3058ad91300307c64efc68a2e743bb6ade33ef3c8297ddd19abbe150c54bd87a8b5199b4439045a9216cb2b6a8f3d3fc733969cdb15

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY
Filesize
1KB

MD5
770a335bcf94d626acfe65008499d9ca

SHA1
02954ec8c2b12f9eb6589d92a0a09cbf586c5d1f

SHA256
cedf0797659654f3529f8f1509b254e68fec34b9bb27dd607321e9fcca7b512a

SHA512
de68be5cec20aaf0fdb12e843fde0fcc874f711e3d394b54abf17f2ee460dcc424f056837911220d17263aa8e2b75e28a5ac1196febfeb4b96f0feb9c91ad65a

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize
870KB

MD5
691e0bf58d11af83ae39b5a4c45fbd99

SHA1
5cd9a795b2237ce6564a27fe40ac347de75d675d

SHA256
b73ad61ca362d2790cd1e1a3b6a1ab4236a5385366a26294bcf521d516a834d6

SHA512
2982dffe4a58a413dcea798c20065d3a1b30c176041eee8a8cb8aa0779d8909fef3cd2b080276782620810bc625b1fc72dda0af8dea25c97374336355987cfc3

Download Submit
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
Filesize
5.4MB

MD5
308c211ac000497f126b650a93ba0475

SHA1
6d02e450ddfc734185630f4cc7c8d478f56b7d4a

SHA256
f4758631e782b6c3f4be972fefbacb3bc5c2c18c57913dc9ec5fb65381f2de2d

SHA512
8a36eac3da0bba0ce0cc468ef3947eb0c761f2796b659605d812056425357e24aa5f52bc228144392fbc529887c8656aa6bd00db944c00952db3d57914294837

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize
4.7MB

MD5
6f1942638d952ce9bc5e9baa11f21b53

SHA1
c8a337bf8487f0b599af6f5af7956eff5b5c1711

SHA256
f8c0a92fa126ddf984c87844e370becc6c427da6d40d0e5882c681604526dd2b

SHA512
d797b6f1a271ffbd2e40acc05b6e722fe3e6f2b3932efebfccb1cd46407194195ed0d8ad96a586f63dc764492c045fd05c509c8b6e2d5327552efcd9877f7f86

Download Submit
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize
4.9MB

MD5
51a6d3b44035e1a6e8309b3dba937686

SHA1
5b555991beb95b01f05b60e64a489c0d65ce296c

SHA256
73499d55b92ee4c56f29b28127fa2b7830e3da94eb6bd32a77bbeaae65643d34

SHA512
fbe9221bd2e4c640ffed6648cb318aedafb59f5f88126a13ed0fafdc700e46fef6d2ffb6fd6324538186d908e5083d9ffff5497e26e7d68ee9c16a05ef0de949

Download Submit
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize
803KB

MD5
7daa310facea877feb70a78e963d4444

SHA1
cc7a6619057b5b2d5771c99c7cbf6c2e3e53e36a

SHA256
95d35756e24289e34458beb6f27aaf3ea4c7e723f83062459af68bd9df1bc9ac

SHA512
1ff5a8663030f3ab49bb00ca8ca5d2bb20ed4287fe76b1bb701442883559c0a0882f13dad5e4bc0a3d54de176f486f04d5813ab129e99d3e06f3551717b2ca43

Download Submit
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
Filesize
4.9MB

MD5
d5f90299954809e701e45f4a82be9a8f

SHA1
62a8803a130c690f9af25b5a5b7129df2268b331

SHA256
a8c6f1e8884460d02fc08f05613369b564b2b639776f067331b48cc89f8a1538

SHA512
dac6ea6806793611b384f005ba169d525b07d9c96973f389df7485816e6ebafe9c65d6102a689b5c15cb70dfabb5c0dab5a1f2986fa12a53530204b1c75cfe0a

Download Submit
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize
1011KB

MD5
01069f41c729c5da86c41a7b54283177

SHA1
4a4e183f2ef98d36369917a1b7c2849237f7264c

SHA256
67c2fe0f01373d9cfb4ae4d679b45ae7ce3a0a41e9ff2c7a236399d652b79fc3

SHA512
8bc2aaad36feb8cfe77f93b4a56e23b1006b614a3c37e077bcb7d890a60c551d8273a10dd3f4e0164188b53611413e945aad10a542f11f9d8c259724eea90b19

Download Submit
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
Filesize
791KB

MD5
7fefa8b7d14329bc492c4bca1e10bb2b

SHA1
36e40b8ef58cb319190cde97674b1ac7836eb7b8

SHA256
17399984ab06421375ff3f54be4fad218b617b7a4e9b08e5b36604f7d43233a1

SHA512
8c8ba9de4cb04b8d27cc14b539b117aa50cfabbbab17be242c52026ca1a75515be4a39f2eb41d7ac1d6d7ff9f48f451c9c7b8d72cd350dda087c4b84408170c0

Download Submit
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize
974KB

MD5
b6a640c3e0831d1f6962f3afdc71c006

SHA1
fc1f772d088327f1b4d868c7c22ba75b7fc2e5e9

SHA256
7f0420395c89d55909a4413ee95be5b9c77be5f451ff14d39e0a277530a440de

SHA512
11fbff4ad27bb00341fd6b9e44d0d8fc215ca6fa0f5e2e86a7003361cc74042888bc740d7126e8c766b297d93fa3649263776cf20eeb169cf02492bb1f847a5c

Download Submit
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
Filesize
742KB

MD5
65467d10f03377e3e113919f9b6d1526

SHA1
3d39cc159152c9ee398e10811c65bde52d2ff457

SHA256
1be0ea695459a2353fae6727911330ba2dc1936b264dec182aec2a8914224403

SHA512
a0a1a45de04290f3861b2c1716551c6272bbd34c83f009333b0a62c035501d31ea8e3fecea345c1668006c19f895c7fcca0e6ec2af48971082bb3b0b7f36cbe7

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY
Filesize
1KB

MD5
f2a31b254882f415946213e909b7e499

SHA1
48789c2a6ae7bd5dfb8f89c82f481fcddd1ea873

SHA256
1078bd6f491b408ef461514e5c31067506bdb4e3113ac2e7c97c2db51cf995f4

SHA512
5551c419704c14a220db5758030ad0d5fa9ce3387fe39df8dc15a32aa6f0922bf6345eb73891cf414f3aa49031928ea5a3f443602ba5b1a846940d2daf110c0b

Download Submit
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY
Filesize
1KB

MD5
5c222573b4ade9b126acc3cf774bb6e2

SHA1
611a58a6c0ca803d018fdae12e46e0722816b764

SHA256
763387be02e235c3f20f387322bb6a626e4c79549fa9abcad19d21054481bf03

SHA512
e7bc302537e62fb50d1c143e62c29329689d19c992b1aa9711e7e10597308dd6ab5128d2360c67196fd3086a4d192ab388b342e3b043f1501fdd5e81b68813a4

Download Submit
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.PLAY
Filesize
2KB

MD5
97fa62baeddeee28b5fae12b79befeb7

SHA1
ccb3b2d5da785d37bd96578c674619aba9dd5458

SHA256
5bcbeeb11a34aa2423d767f864afdf79455ab839da70d5cefae7a3945f5e6528

SHA512
9685a11fc9d1faac6586b370394a21d14592df40729220bb743d3b05c916f21f96fd03708713b3336401d7d093e537fca8f5c93ebfc1ef46ea420256c3d8c447

Download Submit
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.PLAY
Filesize
2KB

MD5
b353e441b545ab58c8bc5d2e7d5095e2

SHA1
603da935d1716ba5723633051862c94a77a7252f

SHA256
ade27faad5753e7273ab461965f532773e2b73e556ff5055e85f361d6923c227

SHA512
6bcded27353ca288a139f266bb8631359b27e7677dca4c0290b9286f16e419ecf201de4962aa4765232975c024ccb910be5189dd61f0b9f3d6b74dcceddbaabb

Download Submit
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.PLAY
Filesize
2KB

MD5
f8d765ea6a6e4951f534bda1c2362d31

SHA1
5c958a74ee7fee89df290ba0298177937f9f4086

SHA256
d78b53ec717a8b23717e33cf9afad7e1f3e6ca1a73e59844ba6a1f5266f2089a

SHA512
c177dce9b8916e96a0c8963f1cf4e87009110c356d2c2398ce6eea623f9418abc7c8c6824c0e49e96ec2e5b7753b32a25d871d5e57365d0c57853e5380ce7645

Download Submit
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.PLAY
Filesize
2KB

MD5
f5581aec090a41ad97dcd19e2c3e144e

SHA1
b8c6d90f2d4022e2c6d9ebce2768214df6712d01

SHA256
840bbc6b61102916aecea30f8afdf8f0be529b8879a2af8ee68c4a0203734391

SHA512
cea03dc3e263307e923ad62b6fc4f07af92079047546ba62b36be0f57578352636ceb500d01eeae027268324647dc481f6e8875f2647e382356d29621234da1c

Download Submit
memory/4712-133-0x0000000002F80000-0x0000000002FAC000-memory.dmp

Filesize
176KB

Download