Analysis Overview
SHA256
52480d0a016e6df93f58ecc9a6e8d42177bd35e393406d464426a0951e206a36
Threat Level: Known bad
The file ZYu4eR.exe.zip was found to be: Known bad.
Malicious Activity Summary
PLAY Ransomware, PlayCrypt
Renames multiple (2485) files with added filename extension
Renames multiple (8480) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-11 20:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-11 20:07
Reported
2023-10-12 13:59
Platform
win7-20230831-en
Max time kernel
151s
Max time network
123s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (8480) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Public\Videos\Sample Videos\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Hearts\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Links\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\FreeCell\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Music\Sample Music\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Recorded TV\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Mahjong\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Purble Place\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links for United States\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Solitaire\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Videos\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Libraries\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Music\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Recorded TV\Sample Media\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Chess\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Admin\Music\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Downloads\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Users\Public\Pictures\Sample Pictures\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\GrantUnregister.css.PLAY | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\PROOF\MSWDS_ES.LEX | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\ACT3.SAM | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\settings.css | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0386485.JPG | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02435_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Media Player\de-DE\wmlaunch.exe.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\settings.css | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239951.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt.PLAY | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152876.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153265.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue.css | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10 | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.PLAY | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01358_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.PLAY | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe
"C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe"
Network
Files
memory/1376-0-0x0000000000170000-0x000000000019C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-86725733-3001458681-3405935542-1000\desktop.ini
| MD5 | 937c48233853189d65538e21d18e26de |
| SHA1 | 2ecedb3185e4d7b4d7c97fcbba1ff02bd7361051 |
| SHA256 | b2a7a590a8b17d52d4fb7146242df571ae0c18ec5c3eb933a58233b2c216c8d6 |
| SHA512 | 8a9540e54b64f8ec807cda13c79c6c855abc9d0b12f129dd30ef4ab1207fbf8bb77dba8cc6223e4d3cdde46961b9856e3c012eb587cb75bdc56b0a65776bb7a7 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-11 20:07
Reported
2023-10-12 14:00
Platform
win10v2004-20230915-en
Max time kernel
151s
Max time network
149s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (2485) files with added filename extension
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-919254492-3979293997-764407192-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\meta-index | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-openide-io.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\include\jawt.h | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_zh_CN.properties | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\lib\psfont.properties.ja | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Xusage.txt | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\meta-index | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml | C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe
"C:\Users\Admin\AppData\Local\Temp\ZYu4eR.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
Files
memory/2692-0-0x0000000002CF0000-0x0000000002D1C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-919254492-3979293997-764407192-1000\desktop.ini
| MD5 | b50f8be8ca36102c258c8614c3fc4fd7 |
| SHA1 | 60ca49735da14e29ea6d0984d6a1db0050df3a18 |
| SHA256 | 6aff302d6a296effee7e74bf4df616ba5e52a9794a4157998e24b4877ad67af8 |
| SHA512 | 61e1caa1478428dbadabc3da9ebdf05be14a25fb26da9586bbe2aba2cff25519181f206604619d8d5802952abb8e54bb9c7795ad3588e57d053f35c0dc2d52ff |