Analysis Overview
SHA256
4fec92e380ecbf39d8a178fc8f487dc9092833533a450e616da317639b3eb34c
Threat Level: Known bad
The file 23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.zip was found to be: Known bad.
Malicious Activity Summary
PLAY Ransomware, PlayCrypt
Renames multiple (8440) files with added filename extension
Renames multiple (1518) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-16 22:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-16 22:31
Reported
2023-11-16 22:34
Platform
win7-20231023-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (8440) files with added filename extension
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSTH7EN.LEX | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.DPV | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Amman.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0285808.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\FONTSCHM.INI | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\OLAPPT.FAE | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\ANALYS32.XLL | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0240157.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\TestCheckpoint.ADT | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0211949.WMF | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.PLAY | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe
"C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe"
Network
Files
memory/2720-0-0x0000000000150000-0x000000000017C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-2085049433-1067986815-1244098655-1000\desktop.ini
| MD5 | 2f4754b1d296a2aff0160997e7aa1b06 |
| SHA1 | cd449e8a5b7df66f6dd36d58e14ebbfbae4d6058 |
| SHA256 | e4f7dce45e5fb58e1fc4e23551906aac876c026ddf943e16bfe5739816b01c1b |
| SHA512 | b5304940b3d6cfec976e5c38641632d62014f504761da3c8302f1a39c3a258ec4295692432afa0349aeed0c3d57c99e384faeddd2da4b87f3244a9042c72315e |
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-16 22:31
Reported
2023-11-16 22:34
Platform
win10v2004-20231023-en
Max time kernel
172s
Max time network
169s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (1518) files with added filename extension
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml | C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe
"C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.254.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.240.110.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
Files
memory/4408-0-0x0000000000F70000-0x0000000000F9C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini
| MD5 | 9ca0aaa29edcb0578cc6d0d2df8e84fb |
| SHA1 | 13cea0eaf711f6b61d8c78aea956f81c6efdb329 |
| SHA256 | 33696c385d740fc19867259bf2b6dfa34d08019dfb59fd3c895bcc0624590ba3 |
| SHA512 | e0f51ffc9b7cf4abc8682032865e6ccd7009ab9e7a50861c8975b7b92aad5e357201d509930a566bfc5d71726b4667222ac92de100a5716f13ff36d43e8ddd30 |