Malware Analysis Report

2024-10-18 21:37

Sample ID 240707-k5yaps1bpa
Target f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402
SHA256 f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402
Tags
play ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402

Threat Level: Known bad

The file f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402 was found to be: Known bad.

Malicious Activity Summary

play ransomware

PLAY Ransomware, PlayCrypt

Renames multiple (86) files with added filename extension

Renames multiple (121) files with added filename extension

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-07 09:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-07 09:11

Reported

2024-07-07 09:14

Platform

win7-20240704-en

Max time kernel

58s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (86) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\ConvertRequest.wm C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adovbs.inc C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\adcvbs.inc C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\handsafe.reg C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe

"C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe"

Network

N/A

Files

memory/2820-0-0x0000000000280000-0x00000000002AC000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini

MD5 c5cdf4e8dbc3179db6a3dd08c8e55eb0
SHA1 2e9432f9cc1661c035f8e09af365bbf43a5b60b0
SHA256 ce39e5e5de4827ed537da9322a2db5ea20b6007053e11bfa8a3b0e78d68a3bd8
SHA512 b72760422886f35f11311a710a41a899b9677f0b6d47f62245f152712c659ff7abc4138164df0c18bea22e7c4a94dbb840e776bff31bd1e5c9f70f8a4448b167

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-07 09:11

Reported

2024-07-07 09:14

Platform

win10v2004-20240704-en

Max time kernel

68s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (121) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3642458265-1901903390-453309326-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\adcjavas.inc C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adojavas.inc C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\Services\verisign.bmp C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msador28.tlb C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe

"C:\Users\Admin\AppData\Local\Temp\f741b66592c42e73af7adc46815cf6183765a2fb6a5f9f96cc75eaaf7dc15402.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

memory/4656-0-0x0000000001070000-0x000000000109C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3642458265-1901903390-453309326-1000\desktop.ini

MD5 8f798884f148db9ae9341a41924181e9
SHA1 1133084f0543d0b5f17d088a934dc56e6b03696a
SHA256 5fe0a2e520383939d45a2b1c4e42789675902aa5ad7960068fbfd005f6116d07
SHA512 68ac603031916ecc6880bac20bf16ff9e5c0b663e6254ee2f072e7f39474e39977fab862b9f4402198c12e58acade88a9a2b1ea4fa74bec995e962f0bdd7e723