Analysis Overview
SHA256
4d3d315c87af193af02eb5489fa7228b9ecc3aef75464325acc38a9a8c232b02
Threat Level: Known bad
The file dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.7z was found to be: Known bad.
Malicious Activity Summary
PLAY Ransomware, PlayCrypt
Renames multiple (742) files with added filename extension
Renames multiple (2463) files with added filename extension
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-25 17:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-25 17:30
Reported
2024-06-25 17:30
Platform
win7-20240611-en
Max time kernel
35s
Max time network
16s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (2463) files with added filename extension
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Chess\desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\FreeCell\desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Asuncion | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\Parity.fx | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5 | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Qatar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\msado27.tlb | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\US_export_policy.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Noronha | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\security\local_policy.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\MET | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\flavormap.properties | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Mazatlan | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe
"C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe"
Network
Files
memory/1208-0-0x0000000000210000-0x000000000023C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini
| MD5 | b2db9caad8ece44e57a8378a2f78be2e |
| SHA1 | e37cb20c4ebda0a92feb9293a2965073d761c9d4 |
| SHA256 | 182a12353e93b638a47afae9cb42970b6c6dd0fc76ea896c38d2e05c81de84cd |
| SHA512 | f98a0afe3a8bcf3fe6d0c5abfc65b87ef2ecded43558706e0351b82863c7c1cf646576e3b76ba36eac41f47f09870d6cc4371d98493259196f6378745a39b4c6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-25 17:30
Reported
2024-06-25 17:30
Platform
win10v2004-20240508-en
Max time kernel
25s
Max time network
33s
Command Line
Signatures
PLAY Ransomware, PlayCrypt
Renames multiple (742) files with added filename extension
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
Processes
C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe
"C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/392-0-0x0000000000C40000-0x0000000000C6C000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini
| MD5 | ba00e5f444c0afce93d8f9ff9c5650bd |
| SHA1 | 204973a77f1a7b6abdbdf1429df2f7a360389cc8 |
| SHA256 | 9aa974cb5c57107227b952f528395fa2bbe6012b6fb9f4d560ae9a2654990ee5 |
| SHA512 | 13c1bfd5be8c2a1aecae3b1eea4e94eedbbdaefb3045ca8c170a0537bf91f0765d18309ecfcabdea2adc2b9f706713a434d88f8000b99dfae27eac7642faf3ca |