play | 20382d589462ca1865ad112db93060fdd1b067fcf35debb6db5da2c377596fdc

Analysis

max time kernel
302s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
Size

458KB
MD5

a8e5d4ef39be51f96c1374d3b3249297
SHA1

080638196673615c51c16425a0e19ace849b917e
SHA256

0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1
SHA512

413b864d9e7ecdfff5d314081cecf294ef0fcb14d63ee38e773cdc6c38da4b60172bf97ebbd3c5e8596efba993105a4e286889a99ba996c0c15396dfc7d73591
SSDEEP

6144:Z/MZO4aLcwC0IEVvOCcxmwMSKM3mhM+rTV/yqUKmLzmZhbVPntlKmp+:ZXiwC0pVvOfx1uvrEXKPZhRHp+

Score

10^/10

play ransomware spyware stealer

Malware Config

Signatures

PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
ransomware play
Renames multiple (8429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 39 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3425689832-2386927309-2650718742-1000\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\A:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\H:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\J:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\K:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\Q:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\M:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\S:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\P:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\T:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\B:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\E:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\G:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\I:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\N:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\W:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\X:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\Z:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\L:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\O:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\R:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\U:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened (read-only)	\??\V:	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02278_.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200189.WMF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\IRIS.INF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OFFXML.DLL.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BDRTKFUL.POC.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OCRHC.DAT.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0102762.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7F.GIF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\cpu.js	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.DE.XML.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239955.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Solstice.thmx.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT.DEV.HXS	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292272.WMF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow.css	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\FS3BOX.POC	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGSTORYVERT.XML.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239191.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00736_.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue.css.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239997.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGDOTS.XML.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Newsprint.xml.PLAY	0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe

C:\Users\Admin\AppData\Local\Temp\0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
"C:\Users\Admin\AppData\Local\Temp\0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3425689832-2386927309-2650718742-1000\desktop.ini

Filesize
1KB

MD5
b949e4fb2a7cc24a9fe940443af50c13

SHA1
f1e3ff7d3dcbf88331f32041d4c70d29458ff0ee

SHA256
8359595ebd979260ddbffed37c9472886e3fbd83d92055b830f0efcad3ada0f2

SHA512
1c037099cb958251fbd0cc768bfc6aa2dba708887620d58e2098549be49d5afd3e244990db09541871ea250fd5ec5381a75fe1bd856b0aae6b758df5d21f6674

Download Submit
C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata.PLAY

Filesize
1KB

MD5
30afc6d443880ac9969ee35279aa3dd9

SHA1
38f2cf0062685f6411dfc45bbf51167c8253de25

SHA256
c0983ce60f231d8e36838715c7cce3dbca34f80065ca51361172329383ef4c50

SHA512
49143e0e5f94096c2dcf40d631a22e7cf6109a977c4fa5c9ccbbb175603ef8afaa72e44fb3742f73b1f20c890064a4520716b68aa97ab5cb5e72546d1850d182

Download Submit
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml.PLAY

Filesize
1KB

MD5
355ba5a49a636c0cf0fb4c3053ad7595

SHA1
37fbb966e7c7de45af6e36bdd72ebb9e4c6d5d81

SHA256
770cac5f002bd3c5e2328db02a7bc98097aeedf83eb7e879d491886b3624beff

SHA512
377c2247a061686aeb259d60ec0b5852786bd5a77a61e3f6680135c93770df9fe163630c3924c8513db52ae1d1da575d6747e5e0d7ea9e41b2d86c671f75ff12

Download Submit
C:\ProgramData\Microsoft Help\Hx.hxn.PLAY

Filesize
1KB

MD5
5348a0d3a3bc319873a5bbd4dbb9cfd0

SHA1
cf8b2ed306c762a6ade9c363a10a4fc0bd143299

SHA256
a4c269c0cefa2ec32e6389914c922644973680741ea921d3a9b5eef9775b518b

SHA512
0a54cae4ff936ba4b2c2e6250ec99a3da1fbe0e4833c9e6c922e9920457c418e76164c3fd4d6ce73f2a4810de23cc47bd70e6fd5ad89fd14de395d5cb29f3c5b

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.PLAY

Filesize
14KB

MD5
6f67054e7cd000f7e1826f8fd35d84db

SHA1
66ebaef406fcc96289d106b4bc03b1d1d96ed22b

SHA256
1e59769c1b2a1b6e5579a1bdfc2d9755568495222bae962ee214681ba61f9a60

SHA512
ec5c0d0a73cc42761321302b0990be67eba433f8ba4de04a2e27bff7e761341889192eae97f8309436c5f41f9c31249f04e800bc954fe051bec743ecd56e643b

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.PLAY

Filesize
14KB

MD5
1041d740b78518e5bdcee3b6c98c7947

SHA1
1b063f085f4dc5cacada3d58896d332cc99ad8e7

SHA256
8cb591e0ae586eab6357705c6e83ea8df36893624597622f103f079e5846757d

SHA512
aee848f0ba063ad234c1d128484a09f8e9a6f47a1bfb66ac59acf9fda43ad1b3997f6933143963774f1af46d74c264b83245438c2f8bc800a7632b076b54e2ff

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.PLAY

Filesize
10KB

MD5
090b2fc737b369aafd9d14daf85238be

SHA1
a940ab8dde695fb596281a65845bd1e766a3f9bd

SHA256
5834fe458d3124cb766c61e45889efe76ca03f46947efaeed7feffaab21b3f23

SHA512
7823af1ec0e3d5abca92d6d262dbbc1adbf0bc8c4df9e5000835e351cc5410fdbe9f428d5db103f67b08d6bc132ab712b8b63a68e8d07676afbe0725e28532d5

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.PLAY

Filesize
10KB

MD5
ac554d6b2507957d45327ca3b2321dc1

SHA1
b81e742be1b552d9bcb465dda1473307578d8c5d

SHA256
07c26adc3445527aa56c44fd6e6d5993db08846825fa994080ac88a0e7c5ae59

SHA512
9647efe8d3ea3b4074f20029eff5745241fc56cbae85cdcf13db61083b6b1e66cedae20dbd506561955ba37f33183278f04857c2f1be05e1addd317f60877659

Download Submit
C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.PLAY

Filesize
1KB

MD5
283b289d1f0bdb9fc434f0d59d0c60e6

SHA1
ba593a7c2418d2398991d6940b257095e6ed8e0a

SHA256
0fa9eb37b9b77b02ee05eb8a68181cb6c1d81ed213c43690e51dc03edbbe101c

SHA512
f87ae7a727e81facaee3c156feadd873aad1b61501e2383bc8511e27d7fad17064faa50c204dc0f6e9e8421473ab815bca14caeb226119c985e5fa831dbc6424

Download Submit
C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
450f307cef04ff3519906ebe1273b631

SHA1
ebd5c63ffb1f6d031e055c4ddedf248880ae04d9

SHA256
e7538aab029b28717d3b91a45290bf4a09d920c3f9d63f80f72664f74e0ced7b

SHA512
3b01c480d45e893f41f22e8b6ba754950c43b913de9fc6c4985d6ff5b99e29ba98e1cc263c3365477ec088aae04f9755d58cbfc5514619c19dbdcf62fc81cf9a

Download Submit
C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.PLAY

Filesize
1KB

MD5
869afb5df55e6081bcb66028a55b8d22

SHA1
0147155a687b7318c2247ef090d358a5a3235410

SHA256
839858bdaeb67d6c35d2f76d8006f9b481f49509095089ddb2aa213962148577

SHA512
66be6d811853bff3ada932386712eee7b187f0fb9781a02fccd59d83440a3394e1d7919042f011a85a7b8e80b79ae437b2f8103e5feb92b610dcd3d0fdccf735

Download Submit
C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.PLAY

Filesize
1KB

MD5
84afc5ad350f9389c7bb74df01f25bca

SHA1
6c0a281444e2912d0bbde1d352cb314772ee69ef

SHA256
b7997e16b50b2b5f7b2a23df31534f8498fd70059eda455e08b98ecf6f939dbc

SHA512
f974c1142bf35bc54a9cb815f1dfe0ecd16310481aaaad6a1e41f7ebfc2bb2be633b5f0738b8fd0a65ca4f5debdba59fc64bc8985caaf90bc756b2eee9f0f120

Download Submit
C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.PLAY

Filesize
1KB

MD5
74d67afd73b7188833adb4b043093443

SHA1
cf2f26e1b35c33e97af533cca0f79b88247affde

SHA256
7d565ed247703b7f59f674407291e0eb54ba7f5701b0ff3c980db9dcf9c6d76c

SHA512
9f5490396e540c91abe7aa7c62d0c314a281877df1725f0f481b59c6a25cc24ffb26d51d4f7003b01942f422de34497674c0afde0f6cbe8a36aa2f8d13c4d93d

Download Submit
C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.PLAY

Filesize
1KB

MD5
f1a12467f341ec9c478f18eedabf0c2b

SHA1
4e29000cb766d79b2ec24a0a77b2413fcbe36975

SHA256
e8d725365da3e53182eb0ecaa353e0bc98946ac5f9e4ba99ef88395ca5495438

SHA512
fb9c6ab79f29f99bbc3575ca10f65c1a7797d2ef7f037e0bafb8fea0657e9d27ba87015052b81215082d1354caa8d9bfe2b710994d4a5e580f2322ee4edc6cd1

Download Submit
C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.PLAY

Filesize
1KB

MD5
6471147bc31f4520d7581dc6e6678140

SHA1
895db7eddaabc25347fae52d5813f774ea07cf55

SHA256
53090b5eddce25baee1693546464738eebde267399b1c45534d40dace179a214

SHA512
20a0e2ff5b95537d8c7d238e469565f60ec4a36446dbb90caac1c1eecc81c15c0cddc4ebaae88ed9f0ec1ecb8cf5007920ccc8a565eba85a8f1fbae66f740128

Download Submit
C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
a58509cdc8ed783c44ebb277c3773096

SHA1
03e119a810176313f32d236d4fe935339809cebc

SHA256
fd44e2e9de0eb57d0c91bb9b3f820003fdcc44753ede2c7cb7bdd7ebb1ca214c

SHA512
902ddfb612a67799521e4504c5cd6b42f3969b0b0d375840d8802303a2295d5313d0df7d43da76b4651bc3497703875f3e27c8f1ab7c03831947404ead283e48

Download Submit
C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.PLAY

Filesize
1KB

MD5
679c192aba1c52bba3aa6f5b2aae5164

SHA1
cf22330bf3ab4e457b387872264cfae4d0b650b1

SHA256
1874ae31b9c9187da8edb5d4598e402b1452058e911b32be562b8a1521e7d158

SHA512
a1f6f3f2a2661eeb9e971ef33155879e25076ec1a2002395cf399285f842a7b422d73108bc406a90dbd539e5e49110d4016aca783e29c894765aa244a722b8ea

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.PLAY

Filesize
1KB

MD5
2b2abdbd87d792b7161ae077b42ad6cb

SHA1
02b299c9685555d4a08cce654aadc61c7167a77c

SHA256
b00df73d40a4b1523d803e20fb8c09a1b49d92b0346ad90262ab384b1faf154f

SHA512
558b1ab73c4c8d6c870220069505dfa1547c14ced619a07fa941a8c76fee08f31c7fac984f8e370ebe1a3e769d93ff6d46cd3053c7de6209bb5a1178595df0de

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
8a19d7fd44829db500586b6037228179

SHA1
5c71639533378c3680f2db3333dcab64c76490cd

SHA256
b9fbac7296b03d5465a4ba650b674e5091f7d498ba9bff0eea9aca719e349edd

SHA512
9efe6011bac38c70333a94eaf45c99a061ccba11105ee48b7e16b01fca0a1a79ce1bc61ccd0ec2bc7895b019b948a185942e6d6c81dd5930fbcb883704c8d9c0

Download Submit
C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.PLAY

Filesize
1KB

MD5
efbed07bed36a2cfffb6c19081542a5b

SHA1
e9f798a79a4f2edf5e2a8ae8860e74b0f17c74e2

SHA256
b5e7a99afc8a698671af5a06b3942d7bd4d34fb1890e2ac70b5ae49fb5a08345

SHA512
175d6e0358593ba430fb241f74f51462dd75bc311292672e46283b885d20d7af5a0fc5913f1b72e1e77d90af09a4ee3e8dcd88eb67b6551e3cc3ef7a54239cfb

Download Submit
C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.PLAY

Filesize
1KB

MD5
4719cac17b2bfbd1f6f5f50522d268cc

SHA1
c137d602c44e3c85c7ad337367cdc298551479ae

SHA256
9c319e05a9329ccfb9f44b3748b3836797879331ffc4a933f71264163d1d69ef

SHA512
f64bb3d014ab1e29c9f11b8cf956351ef1e4711bb746d0ab3dd1a2e094da6f97c15580f4148fa9bb04dadaad68a2419216c2729fbc4d766125badaa1845192b2

Download Submit
C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.PLAY

Filesize
1KB

MD5
a4552714d821bfaa564be3419da6c941

SHA1
d7fdceaf99c7ea8c7e11ac92ad8ca8815a03aec6

SHA256
29225d24ce8d30f4fe391a3c8eb3357444d761904eda0fc332944cb46e23034a

SHA512
5965fc9d7d163ae56223c89d0e179ca5e87ee6c193f8be656d8231ffd8891dc61c487fde94e0315a2f1608005e04a22d486efd5a7f99e870a62bf9a3ac02122b

Download Submit
C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.PLAY

Filesize
1KB

MD5
1ec58e8d9931613675769cba444d9fe1

SHA1
bb085b5519935ecfe731c5c0b24a177e5896018b

SHA256
c84700d6b205375d3e3a161e66431bf51249cc46debd70efc58acafd0fef6a5e

SHA512
2a959ab5b5a28233db1f9d24cce4e35e9fddc286107dabafb548ca0ff3e0e58704a27339be91713ae5ce05abe101ba01ed55fe2fbd278962c80d53c9311c984f

Download Submit
C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
65ee29a890ad40b960d1951a85dbd029

SHA1
c796c003c42d557f9fd671af5ea46cfaad406d59

SHA256
ba8b65140090daf73a7f71d51b765db3553f6f87bfb8456f7517c002e65bd3fc

SHA512
a2c3079a5f1decc5bad981eab9c1d8e113258df227cfc5b4c7ba30a2921b491d390173112cf2ed909225868307fa60614bf7744a7af1507a6b3ed0a4b691841a

Download Submit
C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.PLAY

Filesize
1KB

MD5
2f1b8a417f82716f67446c6bc070dc84

SHA1
3fe0b280d228466ba05eea4f28f2091aac2f7799

SHA256
6b1824eb5b97a748881511d38440567478910dbb4505047a10e6ce6fd65dc7ba

SHA512
a1cbb1b0f0e35330b5d79eab04108b72750e167534f751f2fa21de4c9eca1e5bfb4afc452aacdd48a91855cfcfa8565bfcb61f8914307eaabe144fa1577cb70c

Download Submit
C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
f6171b029c448752964ace0470ce171b

SHA1
9c38d40f8ea68a0f6626f2842eede58037c60bcb

SHA256
de46db410bb38bfcbbf27f77a73b6886d3da6af5771ed6f53b77c61489a19b01

SHA512
c1fbd5dae7d79f40629e8cd5c6ace753db67bea77ec4ce9a32cf2f17d2163baef1e9471839955182cb36d9ce250ef3aed3ba2a5ba16796e60329725b7b5a972c

Download Submit
C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.PLAY

Filesize
1KB

MD5
587025a594430dd26e0ee587ce0b07c9

SHA1
751ac81199a8b8f2fc4722d3bb2d149d9d20626f

SHA256
e97e0b233a603f94685290278c5dc89598f717f691ee827689d32291b2b66654

SHA512
69c5e9dfcc0a914d77d8fd8739485f67242667d8c1e88ad09b596647345493b382de1c64bc94a2be14dd6bf5d7c28f24f3d89098072823ea4ca1c4d139ae3225

Download Submit
C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.PLAY

Filesize
1KB

MD5
a7d2d32cb7e89893647098b7a6204426

SHA1
96fb46695d6992fb6839253716ef4aa269046af8

SHA256
ba264036ae1531bcd8ddef85a5f88627caa845f8d030009c7b202daa51ba373d

SHA512
6a8cc1dcb3c994e2fa22e493a92e6bfb8f55b945f207d68d87232bd0f6d3c788a091159587fd8e608fdd4e5bf7b27f5a92ac14ab9c3d465f303fdc92e49384d2

Download Submit
C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
25877a1e0e0016118f0ec00a47a41758

SHA1
6000eb9201a0ad1b629e905db3c738018e42e541

SHA256
764e1b845bf87ff7a75946cb09a41cf53fc50cdf9cd2283f92710a166faba2f7

SHA512
eec25cb34b6363ea4e367b1fbf3d64501d42d76d26129d546797c653318f8d34dca03b69c483a327baa848955aef470632954b9d29c21a0bfff3b35e4d36fead

Download Submit
C:\ProgramData\Microsoft Help\nslist.hxl.PLAY

Filesize
7KB

MD5
a0923eee7c92b381f5974d0fe79e163b

SHA1
4bc1e47419d62327ae61226ad2520172ccbb5366

SHA256
09d963ef3fb6ed63cf0b1ccb77fbf8503004c1e77cbad208096cbc456ee9db9f

SHA512
681cccdcb3f451a1677307ada55cec1c0700d8b847c8c9a2f0b9d805e3b1d59aeea1cb8b3057f418bac5d3d6de04bca298697d219d3777ecd65914c09cebb80a

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY

Filesize
1KB

MD5
ec74228d75eb6579c0759885a11408ee

SHA1
693f0892a2e6d3e7fc253106efa1bf920dc1f758

SHA256
a19ade2ac4b7c983a04e12d5cf4074b41fc9d54fc21c2a55f94ee2de61e355ec

SHA512
23886cd06534b7922533fb44b060ef327a2977c71f2e75421d5826fe0705157077421d9f44f29853c79dea9229d82fc14f958ae2a633b1f6e66b143434a65bcb

Download Submit
C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.PLAY

Filesize
1011KB

MD5
6d8f5e10fc3fd9fec710ab17011e4f20

SHA1
e6bca4d0c7b9e591200b0842429779b55dc26f4a

SHA256
6333d8eb71a8c52d232316151dc3f5e4909c6486414ef8c354f7b95417b3c47b

SHA512
f82e581106cfb062ecd47c11397fa00932a8564ca36299d31cfe3c951545e1aa70d2a537a6fe2def38274769d1b16473c3e901db5bf1ab6d27900dd38644ab71

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY

Filesize
1KB

MD5
1bac47cb7866b6b08ccc78bd28961d17

SHA1
2106a0546be937a0ff498aa497a25e4431f3ac7c

SHA256
7abfab8ebeb79ade15a5181948f6e4fabd04ab0e5fa404f8d0977d04c49e7dcf

SHA512
a16930697e80f60b51c602496f410bb6b54ffaed1be88ed2010316c1d01dbb4aafb4453d2e59882bd8b5223b9d22472583b5d2cbcb9907d8e0322bd5f95cd806

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY

Filesize
5.5MB

MD5
73e339e979afbe3c1695d013182f43ab

SHA1
8a1284c3effce64c18c71123854f188305b804f1

SHA256
96ad10f59eb05a6f0af7ae15d172568974813eef0c6e21f96c667187cd20d237

SHA512
d03193863b0eda7140db1afce12c2214b5cb7292f87af846b573ba119cf790313e22d42000d5ada222cdc6110ee69e39c9773582d73b228b1fe9bd6497deeb4c

Download Submit
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY

Filesize
1KB

MD5
9b6b929c3ad4c09f018fbe0d922a13ec

SHA1
7a953b8bfe73bd89f402b0bc0dd1b637be10a48b

SHA256
72aa28a8964778e9df871cbf8866fb7c9b0369c5c7b096208ae8053eff536457

SHA512
aeef1646580a8a1c1fe9d5d26fa2eabe79abaa95719018f381d5e393a7d30c6ad4988f5b1ae5cea39aea6092048b45954d5a301a2d56f669c8f48e96ab034577

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY

Filesize
5.3MB

MD5
03eba47e3a0f6973c7071dd9b6e8f551

SHA1
9e0e92afa2bb34573864c5b468c21eaadee95948

SHA256
4bad637e45b53a8ecb5ddbe0516e288528f576a5efdb7f53823f7a348d31c21a

SHA512
71ed6e63e1ccd65c29ce9b30d44d19e724a9ca486c9f19f60c141e3fff41888173cd1704c9f672c82c4b34c7aa5b407d02041aec28faf8b7be123f6fce71f7f0

Download Submit
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY

Filesize
1KB

MD5
af02456c94a68fe0c81a685bb070a990

SHA1
4b33f3a33a74d69cb2c53d4ae9e6177551d99797

SHA256
d44374f1c417b72c9492eed49328ddce4fade3bc9f114455ee8c3e043bb124ef

SHA512
60f21889977e01448f4ae2f97dcd270be5181f0ab3f9449242be3dad89ff7b095ff4197f6a233a7b08763223f2b8a232e615ea3634486d0af7f2ce210cc339d6

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY

Filesize
1KB

MD5
504251d244842a2cfc7cda28c1f73ae0

SHA1
c0acc2a49d5455ff8601126f056a71d651f70ba5

SHA256
d5cf3d9fab4f4e587e8cde8487ab7d413c0d4f9131fe9d07438c70cab3aa9166

SHA512
2453485bbb70f99eb119292c59b9c8a9e39cbd64e6b3e354a3b3adb2ef74b57d85da8ad63cf6a3eb3946e9219a5f6364e8bf3a58267a31b0b75d9a43f9d51f29

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY

Filesize
870KB

MD5
12dc738a36991e6300720f216e724447

SHA1
ec1f1cfdafa9e8eed77a717c5c923c9538346f8a

SHA256
cf5e5c2f7fd2370dedb80c043aa81c6d75177b2d4910952b8bf4546be40f34df

SHA512
51586074df9bfaf709349915e8028c1b9e1f9e7c6c18f7b1fe82c4ad88af0ae80b82e7609f75e365ad8f917850a4fe717f78e349d3ecc9b3ba4c73373666dc73

Download Submit
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY

Filesize
5.4MB

MD5
2668c5fc57ec9babc99ca3594861ac39

SHA1
a3b9fc37dde08f9a380c5487b27d8bd0ae188db9

SHA256
ebd84043fc295938809eb852caea7f97d49c10e72504faea0e964cf7e7ac7140

SHA512
00e4368a0072f7580b6e29452ac0490551abe62bc811b776402c9689fc3450d7352f8caf6b2b6e3bd48f2ae33905b89e7e6c1e0ac798a0783de4b3a5fd66355c

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY

Filesize
4.7MB

MD5
fccd38fff06c6e840ed02de1bb62ac65

SHA1
b7b5c4f319d25099dec8e13ce18b347f936229f3

SHA256
cce6ea877697ecd8f3ec1d40414d933b05f76dd1f4ec330de6eb51f3ee43b352

SHA512
ad1bd64574c4907e6282537ad6db32e067007901da131219ada8ad08d86d1af4d083a27c0d4401cd5d1573e88e0275c72428645d54858db39d5e157902367d1f

Download Submit
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY

Filesize
4.9MB

MD5
465a5650ccf6ed0adefd765b32941c8b

SHA1
5705472ed15c4a9e02c8112b6fccd5018b6922f0

SHA256
49490bc54c062c4a17abbbac5309d042df5b9d6c361a1a63c7152b8408a9e14f

SHA512
250a75a6608df4c6e3abfb96c5de1140c7877dc19ee58a9ff5a3610da2f8ebfe2f52db10d9935a61bca267dfe496ea82182e946059c03b89873d8f1eaeb7bea2

Download Submit
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY

Filesize
803KB

MD5
9dc605f2df5ffbf6c0fdd10f63006f84

SHA1
dbe07c880476cc75ce353bd347205eacc6b23cf6

SHA256
4ae4d02b5518677d69792e1419abe971d6fd4f112458ff1f0fed0f256b869575

SHA512
5c0fa67def2e4c8f9b0e1af0daa8e9b8d7e6362012fe0ba2ee5d87aab4c176ed37d62da5aea7e683d2bd6ceadb6d37ac7be3cb26204aebeeb95d4760d574dc42

Download Submit
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY

Filesize
4.9MB

MD5
48d038a1842cb9046a53cb428ad5f593

SHA1
783e14ae7def81b7ab6aacf35727f9ccae182b4d

SHA256
bae43b3a9f7315f64118fbc1fc2e565c25c94fa6f58f96056caaf0c7599f2b0f

SHA512
406733101c054a4f269ff9cb305274eee7ced13d2442d5b9aaab70b98904dbb40cc51b8abebab7692d435e468e0c5bf3ebf63478947d812ab779a6e9c9f9e726

Download Submit
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY

Filesize
1011KB

MD5
4f56146c1c1fcdc758bf546a720b7ec2

SHA1
36bcf1a835afc867d1f0231484fa6c839c33429f

SHA256
58bf4e84eb67bc3929c23a95e179848b6e8b184b3f9a7d566e7b56dc39c23886

SHA512
f0aa10aa599f273b2d9b498ede7632a91251d03e71362258ee573c31018f0f46fbbbba37047880b163a38364ffd4ec37a403df59cce8a8e26e4a73f96ec90ced

Download Submit
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY

Filesize
791KB

MD5
9c0175e21163d69d3b1d3cfb69b9a16d

SHA1
98a0fc66664dbdec0061b5fb177f7edf38d2980b

SHA256
b3d37e95146553cfbe4f5a0fd9c88ed533996ad539b77a8b2d29fc19eb2fc2c1

SHA512
ba050169d40aadfdf79cddc7983baa494046cb4c4ea6d12e60d8c5a94cc4303549e78db81bcd9e490d1b50f97cca9bcde360d509720a9a728d26ab13c1dbabc2

Download Submit
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY

Filesize
974KB

MD5
07fea0b87107f072f23f5c998bd86964

SHA1
d9eceb2eb05b5613b2af4012ff32216ee0762c8c

SHA256
fe639a3bcc748630d2e00f33bf5f6e9039361b582b93dd851c2f928922d364b7

SHA512
dd4832c878b648f71c1e040ab4f25cf95483d21ae5e574f318fdaea527e7ec59247d2a14bb21d214b95fde689a31d8991c755e1ac5049ae460255658c0c7bfb0

Download Submit
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY

Filesize
742KB

MD5
e40733a059ed14d7a59b3f9c592d7151

SHA1
da4532b69fa1d1e11626438e447f3ce54e004577

SHA256
70039ed119a4472505103c8063eabb59d168746cc39e2d9a0d09995b77c2e88e

SHA512
f90a76d12d6244f6d3ed3b42b0a8d9640407b7130d18ddaafc981a87a5cafabbd047288b211300212032060235067abda42796b05d5f9cee4992fcba0c62857b

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY

Filesize
1KB

MD5
35567f9ce00fca9a9afcc20f05371977

SHA1
58d7c6807e6f73e503386a8f9f5e18214659c7f1

SHA256
7718a5276cea298438bcb2a3e09bbced63e541931359fbc8801ba0cb5220caa8

SHA512
1de3490baa4deb547e137ec0b0948aff21c8f0c69535e139b387a3e6bd8b853b583d2bb8fce516fbc02b5f2ff2fe549427da8ad155cae3a6f6ba93c1d76f944b

Download Submit
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY

Filesize
1KB

MD5
6e104c9daeda8b41f6dabe51cd03fdc5

SHA1
4e6d988ac4cd9afba8dedf6dc5b9bee43039faf8

SHA256
fb360b9ea6e5f9791ce4cd8d743fc5ca80b4f8f94ea973a4c2c7e5fff27c97cf

SHA512
34854d7c8bbbeb913c40b6389ac5441512b8206d6e178b3da3dc16e66d86d04ca316c47af8bfbdc2bde5cd835c82c5918d8c8fa9ceffd031bb84e6ea4b700222

Download Submit
memory/1752-0-0x00000000001A0000-0x00000000001CC000-memory.dmp

Filesize
176KB

Download