play | 19f287ad3d83ee5798284481bb30fbb4eb9dc0c1ceb5f66682a8a83ffda5e1c0

Resubmissions

28/05/2024, 13:25

240528-qn2jpagc45 10

21/12/2023, 15:14

231221-smbb8aahaq 10

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/12/2023, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
Size

458KB
MD5

8177fcfd49b44e0eff98320b0a713ff8
SHA1

8a40c9b2c5b0902d9dc0f159def55eea94063b1e
SHA256

762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539
SHA512

5821cc4bae9b43772c8253cbd9feac353d4b44b5ad3e9d786c96d3e4ec2147a7787115300658f10a22cc46bbc3032e7ecaf38d84f5167040775135d314e4de5a
SSDEEP

6144:f7M6Yn6fGlV0okVP3Z4FQmFKMUhhtpyr81fhKUqmLzmZuGVPVElK4p+:fsflV0pVP3aBcJyrs3qPZuocp+

Score

10^/10

play ransomware spyware stealer

Malware Config

Signatures

PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
ransomware play
Renames multiple (8454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 39 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Videos\Sample Videos\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Favorites\Links for United States\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Music\Sample Music\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Recorded TV\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Recorded TV\Sample Media\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\G:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\N:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\T:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\U:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\W:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\X:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\H:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\K:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\L:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\V:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\B:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\E:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\I:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\M:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\O:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\P:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\Z:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\J:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\Q:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\R:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\S:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened (read-only)	\??\Y:	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OLKIRMV.XML.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD.DEV_COL.HXT	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0212299.WMF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0229385.WMF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.TLB.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.XML	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0183174.WMF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0212685.WMF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48B.GIF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\de-DE\msaddsr.dll.mui	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME45.CSS.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\ACCESS12.ACC	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME33.CSS.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02439_.WMF	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44B.GIF.PLAY	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png	762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe

C:\Users\Admin\AppData\Local\Temp\762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
"C:\Users\Admin\AppData\Local\Temp\762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini

Filesize
1KB

MD5
9a97df47b740422e36c3e76f4f45d757

SHA1
f5cf371d25aa58d3ff8cca59ba96b02e743f9976

SHA256
6cfd0928cf4f84124e7b85afa82ba1dd949e37a87e327a425ab3b6e0ed1e5775

SHA512
d2d155222e63e0c02703aae8420d8ae2634b66d263237da624d3664150352a1e46deb150e2b2fdc044c62037fe9220bc4c2469e3c48ca24ea34bb334b04f5805

Download Submit
C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata.PLAY

Filesize
1KB

MD5
e9bb6ca503499442a886dd036791ca2a

SHA1
df84471b4330d6a15e57418aba2073631057ca28

SHA256
ed8809b119253094ce674cac3c52f04e128b4960ec7a28f221cfb242b7e3b971

SHA512
a200b848206d408e72d0e56492ac84d329eeab3b8132b12b043c044797345c151aec0dbd79de0cb2cafff6fe5c639bf491465875c54d49be0c6551b3c88b2830

Download Submit
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml.PLAY

Filesize
1KB

MD5
5b06375fffcdef8d88818d407b929a78

SHA1
e70d0c5a646b5cdb6360e179a75ac225e0f4c542

SHA256
8dce5a4bfb24ca803217cdaa750a8a3358772bdd8bb86784ff70de0eb07a56c5

SHA512
72b0d1eed588770fb111b179716b458cc544edd4952f5179fdb64307490448f94bd866c553079505e23a30758327d856557e8ab13a3e20d12c4a85515a6e3469

Download Submit
C:\ProgramData\Microsoft Help\Hx.hxn.PLAY

Filesize
1KB

MD5
0efb2dacf2016fee1ca6d267e6e7758f

SHA1
15266a30ca7c0347ebca7e76b9f6f989cf2a5098

SHA256
805c3e41778d037b9abc80d433e62e9c019fe37e5ac20a8e7ba558cb62be255a

SHA512
84b135843c59e7ca1dbf9ab5a0175ab392d9a7b77f6b58bf58d135bd21cd07cd9a37a9e26855182ece191a72cf342e99fcd65a07984c377ae5c7f3561f5b41fd

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.PLAY

Filesize
14KB

MD5
a5e5d426c3dcbedd6e20f6fdc53058a7

SHA1
cb776523dd069b29d50a1d60d5ef512bd9db5c6a

SHA256
e1b1c4355dcba9d1d81011f1b81f079195c2fd48c779d87321e9ab89f605bcda

SHA512
e3944cecda498c534e199a848403d41d2511b6b818adc80042036566966d0f22909be674f5e7ecdf9aa258e0d70a00dacfc9abb1b5d8e3bd398618f5cbbf1413

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.PLAY

Filesize
14KB

MD5
380cdd654394867f47988200a09a3ed2

SHA1
fc9de59fda391d3236661f5cb8f1dd922427c64a

SHA256
f1f59e46f6122f20da56158ad81df5e4d37122ab4c3bcd4f3e8ffefaa24febe6

SHA512
7758467c4bcdc7ca665e08d6740d28080696de7a547ce04a4fa5830d2e6cadb1b0d73c81856ef519f9594a5ce5fc5ab8047aa2157dc73aaa823882b6c73c2769

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.PLAY

Filesize
10KB

MD5
beeca1344b5fdf285ac489e47daeb132

SHA1
37a02c815be4c67a110bf22ad4a653403a57e004

SHA256
4b0d0c69531feeb15fbdef7f370d9e052dd5283b460174f6c96d34d801e09194

SHA512
d8d07ea826c7877491fa183ea0c49db436d2a9f3970d753cdcd141acd5ff53ececf4231280d0bebd6578d05f085cf9906f0f7e3382ae99776dde93bf753a5f4c

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.PLAY

Filesize
10KB

MD5
113df68733e1b3a7b2f9d8f2f6b0a8e5

SHA1
9f5b50170c58e86c04482609eebd1b5baeaeed68

SHA256
d1fd7b1b54182ba52e14dc032b6d2f7a43265aaf6002e02d473b260b70179a92

SHA512
f3ed702060600740a495512eecd2dd48e388de1a12b292814bd5d69f8b712329f4fddbe4655056b55466db68b0705d578c44d7e7cb6fe566f1ec1d99fae4d150

Download Submit
C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.PLAY

Filesize
1KB

MD5
9ebac6acdc1f3f96e3b6827197e2b68e

SHA1
9e523c2aae24fed3d67e5c736792b10cef6715a4

SHA256
df97207bac88c4cb59a5304d015ea1871a3ec438936a07c183a60a71b9ea6dea

SHA512
d42da559eca257fa7d262582f58c5b7fe02523cdcdaa477b8ce7a5a226fde954277a2231477b94d516926f61d27aa0fb1c17ff3106caea6e4c5bd00740bae50d

Download Submit
C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
263f99fb6538b484961a6e1453c3afab

SHA1
7fd984a3223d3401a35f91a6d6028b0c5d5590e5

SHA256
bcae03a407bcdd1de21275e7a33af168da2cd0daeef0924467feace8853689f4

SHA512
19c0288b65b4fe195804010ac3eecf3edc48753e8764e2cf78ec7c4b4f737e13891cc932e2341a595984691fbef321a53735e39a1e95977f49b7b9d630e02827

Download Submit
C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn.PLAY

Filesize
1KB

MD5
3e86adc38627b761cb756343d0b2e249

SHA1
434f5355d8dda841e18908c188cd50acc2566110

SHA256
62e0624b535b9af74b02ee82499e0320cf2d95d9d3e588d9e3c11dfd760bffa8

SHA512
93e8874ad3cb15f97deeb06c814724fe0768af530d887c988c437095c40bbb64714b04dd5f4bb02598f6020e3a9311e7ffa0e10ca112af8715ca6f988385dce5

Download Submit
C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.PLAY

Filesize
1KB

MD5
e288b73d65e9c698987e445b4368f0cf

SHA1
7d6e23197cf16bf9c6bdeecd31f0f36c16c436f8

SHA256
4f564fe0e1219c29ea417097e7148c051cd9390114f8a5197fa698da61f0bdb3

SHA512
07633e00b0868e7e2f3932e716d9e6f357d60ddd4101715159f3894fd93d0609136b93ff7e585282a8b0843e51002e897ac6ac662cde6c23bd8103493d4689ad

Download Submit
C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.PLAY

Filesize
1KB

MD5
68176d926191b3c6e19b939fccf032c8

SHA1
b00d73ce35e4574e4da69c5162ed76e39ae257fb

SHA256
75f0076901fba24d925f8161d2bb8e84f2dadb789f53f98b4e32986627e38b7c

SHA512
ba66849d08dc9f4c12d5edecbbd5e0a628559db55e615882919de73c1987adeeb00d87ef4eabd26152f0f47e167a47893c14b5ebb4aa7f3ab5714fc73cd9f4cb

Download Submit
C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.PLAY

Filesize
1KB

MD5
b569902d2bdefaf419567580388e28e6

SHA1
2f8d1a3b0c31ce53f04b08018fa64b16512adeb5

SHA256
78ba06d4da6b1bccc0dd84d21c813c968682ffe3ee8b66876d928a1c49749416

SHA512
aeb7543bb68aa1eb2cc2396e19172ede1f90b92e772d85dc16290b813081efc966224485ca4c82a06aa27dc34a1839c9be28ffea93b0d08162756f6e97d6f493

Download Submit
C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.PLAY

Filesize
1KB

MD5
38accc2c25964b2ebfe1df7748a9553a

SHA1
4cb13758a22916c6e6c5d5e5ba0b7d857c93025d

SHA256
6acfcbccb1b2ea4300aac7438300538e78501b045a59b2205966d87fdd20c261

SHA512
d7ef12ea7c0bfb1debb2126ec580869313798c9f905e203af3896286cfdb4b6157505d538e6777dd22b897e5f7740c9ee48d31db8198a490862dc52f1e232ea2

Download Submit
C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
b6f60ae77955d914806f7844c13e25e0

SHA1
15050772b971b2ccc4fdb519831b3bab41585522

SHA256
ec751cdde42b269781f1d10f108638220bfeda735238a6a7f86aa818cb8999bd

SHA512
23c968ff034ddf8f4270096578df5ed59d677a74650e7fccefbda559a0cdd6e1b4d0d6d6188f968330428e85d96430203d9e1ff64a80371234e0f7ff1539e1de

Download Submit
C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn.PLAY

Filesize
1KB

MD5
383f690582c20d8a0c7c2ea8b7ebf2d2

SHA1
54e8211d13d64aed559df7442287924433a15cb7

SHA256
5acc6a15ead0c25a812575f480fab3fac1662d6c28c053bc90f36814eb68a0a2

SHA512
c5afd96c291b012bac42be6c2821a1feef1aab8b74e96b80e7f12bff8690c60148ae129b9a750353250d5b6ede5e5f9f9721611a988018e6c81f95293feffd95

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.PLAY

Filesize
1KB

MD5
feaa4cd93fa76fa1cc9d46056c43bbb4

SHA1
304d03d0c1358b7ed3ebcd7bfa7eca7dedabde68

SHA256
a3fa917ebe4086c66439f81fadae4a94f362ffa774b239edafc5a418f16b8494

SHA512
c2cb8e26da2e8ce58cebd64b56b9cfd87ede9dbcfe072bab6112e22832e48944ce22ce413efa23c0595c3463f80d01cf4d142a7a12b654e8a2b5caccd25bf56f

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
6aed75b559e3816473863014ce9b0588

SHA1
afeda23a1560b2dc56dd11723e6eb316d26f4e51

SHA256
1afd90af65f4f5e60c9f912e035a10d93c0af7d3d5806380242bfe6ba3657967

SHA512
5a8fca776a1fe4405a312c52b574a456f0b0f1f37ee3069c12c242941f144ec0c28df3e3b9f337a78a5e0028c1a8339fce30c098a775f449ad230aa375c1f25a

Download Submit
C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.PLAY

Filesize
1KB

MD5
4f6bdf6b2cf1db0f07dce5088aa17691

SHA1
fb5df587b776213bbcda4f192cb4b7f97f4fdded

SHA256
d85fb70d64d50d03e7f70db799f6f1cc1ee37d1b9adfcb7adfa8405db7992129

SHA512
28ec2e49a5344e87a3c73618319f842b7873b8b6a564bba86f1bd152e4578964b78b3f2d050c4f8bb8f392f35161c4b75c8d6edbdf6e2cdc4728886ede1d7883

Download Submit
C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn.PLAY

Filesize
1KB

MD5
bb2af9ece6c4b714dfa3ed58968fc377

SHA1
1c27e5413a6d8fd0afd989610daecde42a8e9fbd

SHA256
de857068a76dbcc3951eaa64aaca015023457f815a61e20a5c81307863279322

SHA512
ef1fcc627883230afa58ec51e93dfc03a01cfeb5af5c50523b828e73f5b2bb9f400969b64ff26916b63e8d530575d97ec655981cddedf7388d07024231300c46

Download Submit
C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.PLAY

Filesize
1KB

MD5
8af4d3b133482fbf543951bbdbd70f95

SHA1
6219f0ca68b40689c5c02a8e0e9f7d6ca5f5456c

SHA256
46d26750328b508bca9c1bc606368bbc48405389d16268ba68e21c0c93afa824

SHA512
a17caba0a1b68078bfcbf2bf7c7edeb6b2c5fbdb5d72e8b8ab3c5a16bb8e237fc69715d47c1d923d8797fc1f7c2121fc7ec057fa854c26201751e9767769ce07

Download Submit
C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.PLAY

Filesize
1KB

MD5
295731ab7718b8fb2c4524e7aac69e53

SHA1
6f84d4066e156419ed09c047f1dc7f958aaaec4b

SHA256
8f54727c8cb35ed6bc512a59dd72f0c6f2c6454cde53f82fb3e166bae8a320d8

SHA512
7a486e119229284c08901bed75cdadd218b54026503f205a7f85a243ef44c66f0a6ad442ada91aafef0cc9319fabd84f5ce32359120316e80143235a44788afd

Download Submit
C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
b5b98c390ea665fbe42f1a52e255903c

SHA1
b2a42a9a7ecffd6b5a15c6d946eda8576bab4753

SHA256
a282d9a753853960a746a6500b415fec7a4620474cd0cd46d2c30a26c4254f84

SHA512
35c782c16afbc97a990e92d7b91c72b36625008d54fbcfca718afd4e8b7d669b2731f7790b71492954b9aa78071ea625fa7b29ace38490876418bb3717c72746

Download Submit
C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.PLAY

Filesize
1KB

MD5
60234295dd39a2b358b286588a7fbc3f

SHA1
5d78ca47a10b9b92a211a1b09979c496909d840b

SHA256
59a3c3262912d6da2667c5d1c14fdf341693191b08621df58fbbdf1fc92967ec

SHA512
eae51e90b9be19e202495c9e1d5cfb4bae5d10d014dffa96eb3786d784868633555a5418208c006b0d54b8aac9b0be9a3ff086325af8043477ef74a893532b6f

Download Submit
C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
92ba6fc642dbba41b86010740d53a1c7

SHA1
13b8a2fbe2d6e5c31843b75bf467cd4715dac6b7

SHA256
662714988ced02f6df9790b7241fc5005d81d20800a81ccd034a4dd2f72cd783

SHA512
ecebe56959e200c1346ac29eb68acb44593f3b80b907abda7c5bc03e614f1e48a5c35977b0fecee810b498eed019543c4fbcd96148c173a8c01beaadb3330022

Download Submit
C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.PLAY

Filesize
1KB

MD5
cd8d766bc82c358d18f843c7571b3429

SHA1
0870a01e6c4cc451a9ad65fbd65f815e4be92b8b

SHA256
7898d19a3e337fbfd33d60ad74c9e17bb2f1fd507046ebe46481a06248561c24

SHA512
b0443acaae6373ff1e1b2bac73f5f76b29cc0f38aa8d913f9ccabab16a3cfd46d21dbfeaad9b394325156ec0ae41a6a8814babfabe40c7c08faf460d1aa7b646

Download Submit
C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.PLAY

Filesize
1KB

MD5
d26db1f7c141977e2581b1ecd4a3e7c4

SHA1
43f75f6b41a6bac0084d09847a06b275483de579

SHA256
6a69b717228efb2bc13baf3f98980adcfc5fae7a8e56ca446d9234525a192f24

SHA512
09c490b28967eaff6a3c4e6d44a6d4dbe4dc2c25cb0b33222a7d031c83468add91bc0165730290e60ae481d4bfdce0840493a388ee5378cafb5317c84c87846e

Download Submit
C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.PLAY

Filesize
1KB

MD5
63aab98d98e62ca042692784cff1d34e

SHA1
470382b960a7ed8a4324f81fdb704163afb64e0c

SHA256
7ece7d28645832a08881a2bdf0378180bb0775f620b4847cc73bd7f807699a49

SHA512
b2fc102a8e2cfd4a7e8c4782053ac20614b5393a9feb8af662b3819d2c3940b77fcc4e4adbed3a45a8335df1a7da7649809b7510593532db506fdbf6c4a82dee

Download Submit
C:\ProgramData\Microsoft Help\nslist.hxl.PLAY

Filesize
7KB

MD5
a861b69dbe6866417864cf8741c792d7

SHA1
7d6a7285c63e13c37b0c10ba73e5c77576536662

SHA256
0c683054107a480643daf018c4575fb329e50594970b2be76f1b828497aebb3c

SHA512
6f250c50a7be6926ef1a49269ca8a1ff331114f48d40b89d014ae2ab51dfb122139273634efb9d6ea566e58998da114ad429008d826b473b7b484356be0635a2

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY

Filesize
1KB

MD5
2428ab7131efc27673a79739d555f940

SHA1
4f875c604932bf8cccd290bca5580bd8efd30be7

SHA256
a9fc602cf061f284b890a2cbb28af4977949711dc0ea228330786dcb78777422

SHA512
b07525fbd99e321adac07ade737965afea24c9042499e7b5223ed3493b732a46c1744987c7fac7f1a9cbacbfabcc25b90b1f95d645aeb0e0fa9de14f093b8d0d

Download Submit
C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.PLAY

Filesize
1011KB

MD5
b23f2db4b3928129f4a87604c1708051

SHA1
214c78be082676d423a177c61ccbddd89d640df6

SHA256
af5ee4d9d8508afdb1b9b44f088540d38f3f6c13a5fe93c8fddb5c7a1781ca08

SHA512
ab0435a15436217a854e38d304d30bbd948ff9787b91ac05bef7d1db0009e27e09a77497f2559ccece2189c377c75c3bf243123ac42f879cc86d1719b54969f9

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY

Filesize
1KB

MD5
d3e1bba1810bda7a3804b9a694cb09d4

SHA1
e856ed4e71f1d5a8362f428ff2f81eb5ebbd16e2

SHA256
97c4b96c791a6fef6fa9b870d3ee00ec3e4b75b3fb45b1fe748764ec7e94d917

SHA512
7adc1aaf3a2e00a4e1b898ea582c6b0b4c708603202881c220453cbae4fc7b661cc87d1525ddd268c86c51982e4a37eeffb41538f44dc365ca461b338faa059f

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY

Filesize
467KB

MD5
766323d0fcb41856d12c4fe80b8af80c

SHA1
4d8d76c18615f45def7db6e7a70fa54fabe9e120

SHA256
f376e2e83be7e1a4c391f8749f0546ff940476043c67acd15511906bf3a70995

SHA512
e631314275666bdb2925bf5f3424350ab78354607aaed7342f58a5ac70eec99bc0db4b88273c8322ada9ee19f4cf37b233ab29cb4eed82055adbb824917b6c2c

Download Submit
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY

Filesize
1KB

MD5
351558fd42f5585aea9aa3022b375b89

SHA1
65977ca46f62c568ff513be41f9132a2e49efe56

SHA256
f90811985d355888b2254584cd9612c7ad558b5c28af36e974a45700c1ec7ea2

SHA512
1b8685fde11e889904b15e863c01c5e0e98faf1762369c34bf949a5605ee4c8907e0a8aca4f07afd2847dfdd61f351a5fee68b8081a3a9b941e449cd680047f3

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY

Filesize
308KB

MD5
42a861dc95afa6ed1af11eef1f472bc3

SHA1
7a50a1310c99cac3b2be223bde5dea919ac9206a

SHA256
85bddfaa58de4d6220be7da2a48d2996c5ef5ce8158e9af6ffce2ac31c2674a1

SHA512
7d0c444fed6da7079add28ef556495a99baf7a00cd125a2ad54b069362d47a2020c97ebfa7d11e45ada642fbc7eb54ef4c07170113c0fc7eeb4c765533af23ff

Download Submit
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY

Filesize
1KB

MD5
7056db7f16b51b4c8eec54c3a11d61ac

SHA1
878aa157f021efc945843f0b5a961f451b0641c0

SHA256
acabaab84bd67a6d074a58a064a24992234ba50c98f81ac2a0862fc2e0ee373d

SHA512
eba264f4174ede3eca1b90c437bdced3483892fd45e296389f70e58d427bd93439e03a142aab3e2c96174be91a6bebd54d918c3ff1b1a992c7b1f961350f65a4

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY

Filesize
1KB

MD5
0c3121ecbbda24d33e3a8799f448a9b1

SHA1
cd0ea6a946ceeb81479dad4fe7b06176b10be194

SHA256
95495c1bad52a8886a6dd11e253deab61864236663370643ef7973b22b3db6c6

SHA512
3c08b0c1bdda2fbe66d07dbb30dc94a272c36dc4988301ff34ac46b6d531b68554f5c88d3b840b172f25db48b51d6d6a1a7d7ee99ed0bec201b1f1780cbdf5c9

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY

Filesize
302KB

MD5
8f91075e944b1be768d32ebb0e107172

SHA1
412128efecee8c5aeb0955088dbc5f6a25b177d7

SHA256
c8b27f35bd92b175f1c512fac94d47d755318fda5fd70458b99023898d52da80

SHA512
db39d38f3f6572db0c59ab18fe2fbff4d67200f3db4256492cca900571ab1469798bf4000c57f85192984e6d9bf5e2710a9dc07ef5a4dd5ef398e1a3237d8a69

Download Submit
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY

Filesize
261KB

MD5
cd46382437d65edf457ec16a8c586ea6

SHA1
5a1d6b8fc698654b21fd7276a0a0512da022a308

SHA256
3851d033554c203e02f9f3e4fe121e6975e7aa12aeba122f00ef7ea801957d16

SHA512
47d57d0c1b7d04d7a932254abe1240ea80f59a63de284fd4b105b535b215d98640348cc71389ce2a1788537a1beb3bee484d72ea6e5f6e308364df317ffae0a4

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY

Filesize
266KB

MD5
97d79bc6a81bc931b7701bd317f435a7

SHA1
1650943bc9d8f175f50047d7d33b1b9818db46dc

SHA256
9cfc9d5f1a2eaf636ded3aba02aaffd737eeed7447940e479d3b0b8f446ff1a7

SHA512
184aa8544255b29435127bd9ba87c188599557836d704fb1d6584868e6a84c0345172c302d29b1a9b3bb08e3e4106e2e59b193a4a64177fba66a5786fe84dbb9

Download Submit
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY

Filesize
435KB

MD5
8d2af0a96d99c63110fbff0bb9f1d638

SHA1
c36d706cbabe31bca5900a2ed350a32855511356

SHA256
cff8b388175b0e9f2e1fc5beea8ee425994537634c744127e19fc0d8a4b533bc

SHA512
a9ae02cead62baab3bfebf71fd6c146bcfb52145da597b9320b6695393309529fee4c8daae51f8d38ecb83d99f56b4ff215aec84f4c1ba684a95316cd986cde7

Download Submit
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY

Filesize
803KB

MD5
195138aae50a3570fa2e043b7b76f6b1

SHA1
ebd42c9ccdc885609e037a70c1416d66d0d0def1

SHA256
59d7eba2ee3dfdb86aa8d77ebdcd87ac6674dd712322461b060f69cbd6cd42f9

SHA512
51ef80c93d0d4580a55eeefa8b02948573ea705604cdf5a29601050a797ab46f77446f34e1c7ce65771daf7c1faf6a00317b06a1e71054bec55bbee5f2b5cc6f

Download Submit
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY

Filesize
393KB

MD5
31f67b674434f85b2801e033a1da2637

SHA1
9de0010b1ab1104e0ae18b8cf42dd5610cc140ac

SHA256
799296a4c701259e4c42e7db25d7c2b4e48afcc66d672b96f51975c65b9ad17d

SHA512
fefceec07ad3db8384acd40c8ec28ec7657fd07efef53ab18cb429e467e4dd8ed682bab441b856ed6d8cdc4debed3e2a38c2ba64f7efb0dc708effe1a2e82527

Download Submit
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY

Filesize
344KB

MD5
bd6692d8e3c5f45769e87a8f29629a4c

SHA1
bc5cb2436106c88d6a445f819fe714ee57c6501f

SHA256
e8ba6791b330325e79b154a8e67afd798d2253ffd656d83364f882ad691793c5

SHA512
0bba98b23f79888c20e45e4d9cf6ee1a14d02316dabf50a638679d440e229533fe65a8eb7694f89fab921bfd9635f5956a81dc1d04b66928b6e7ab0734d76526

Download Submit
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY

Filesize
341KB

MD5
683d87d1c6a4c5aa13ac00ef7d3e5d42

SHA1
ae89f3840130981c002a4c473f9bfe157d80a969

SHA256
6e5342d1760275bcda6151acd5324d5a55916964f6b9571fd70bfd01d77b15aa

SHA512
7b4584c4af812211457f31b9bcfc86d6071c4cc5512e168b8256bd11e535c3b85a55fa5052a3e00b0b418e93aeba2a910f286171045aba6e240f58964fca1a4f

Download Submit
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY

Filesize
576KB

MD5
743a8e72fcce06b09423a09cfd383ff0

SHA1
5abff354f78693de32e5c84c743a70d5ce7b95a6

SHA256
f79d39ab3dfbae9ed2e21dfc74ab97d21178f68114c065745803da656eea19b0

SHA512
717f53a871d5c31abcb14e33ea61797009e205202d0f146b00dba79bc8e6bb7f5e26e5e3b3eae6f3ff59d0713923f6ccb46748eba88073525721461cc4de1528

Download Submit
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY

Filesize
464KB

MD5
11b6edac61597b98bad84e1be3548417

SHA1
f12785769d27a33ffe5e4d37aa06a0559d3c4eae

SHA256
685f7156b0109324fd61f063520ab3c6b35252d0e39a6296b22867fd2952c62a

SHA512
9cb3fafb50d8c001727e136f672cdff2d42be9ae02aa039e606210c4762128aff2103f55fed484b172154318414f808f5e956c75cd68b2d688d3b7ddf1339e55

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY

Filesize
1KB

MD5
9bd8f5ec7f7858323e6b2b6e99e79126

SHA1
125edb5b4ffa2bea98f2a7cc9601e470600d05ef

SHA256
57d743e6bdf514b6fc42129dcda3ae70356f7266d6c2171a5326f742453c3e21

SHA512
696c692ee7cdf8f8a6da22ce2dab043fb13b893cca368cdafc68b23d095194f69cede813b880b93c68f3fc596db6459b22f61458c03263656def74421826cca6

Download Submit
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY

Filesize
1KB

MD5
b4130a1e34ca50aefa6caf9fc5288fc2

SHA1
1f9a4ef780062458f51635f5c773d6500120527a

SHA256
66941007f605b1b724bfacc061413ecfcf37596cc3b78c5452527fc92dcd9929

SHA512
c00c9a8351ec8d8176649489503cd82a927c26a24132d13a722d73d3fb7cf1d8ba3d2132e3d4ace0284f4f955a842d276a1a8c68bd0a113d765d3a1136b5a4a0

Download Submit
memory/2488-0-0x0000000000180000-0x00000000001AC000-memory.dmp

Filesize
176KB

Download