cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363

Analysis

max time kernel
197s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
Size

246KB
MD5

a34cafc34fdb780115c4c4caf187aa90
SHA1

c9757c8d8c8349c563f75fced79b025cd52f2538
SHA256

cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363
SHA512

31684eab4a85e87b30992e8449ea62f55df34c058a01c6203233df4d0865e0ea5d19e1039b447d70bc3cecdf2696ac5ec6e13a9e4d4b87d8b0edc6a8931cc242
SSDEEP

3072:h3BTstA+R1dqPlxK5QN/pJXpjK92i4lihCXroL8HafOafafhcZMjuHlE3Hh3B:haA+YfESS7RzSpc+

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gpscript.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\rekeywiz.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\sort.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\Windows.WARP.JITService.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\CameraSettingsUIHost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\setx.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\Fondue.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\pcaui.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\perfhost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\replace.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\dpapimig.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\cipher.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\eventcreate.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\icsunattend.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\ntprint.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\RMActivate_isv.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\CheckNetIsolation.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\iexpress.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\LaunchTM.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\rasautou.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\ReAgentc.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\resmon.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\WPDShextAutoplay.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\write.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\charmap.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\Dism\DismHost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\gpresult.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\wowreg32.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\wsmprovhost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\ddodiag.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\newdev.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\sfc.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\verclsid.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\waitfor.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\colorcpl.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\compact.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\diskperf.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\sc.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\setup16.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\sxstrace.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\bootcfg.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\dccw.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\NETSTAT.EXE	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\unlodctr.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\certreq.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\wevtutil.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\iscsicli.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\eventvwr.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\hh.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\InstallShield\_isdel.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\LaunchWinApp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\RdpSa.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\regedit.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\RMActivate_ssp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\SystemPropertiesRemote.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\TsWpfWrp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\ipconfig.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\netiougc.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\rdrleakdiag.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SysWOW64\recover.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_addinprocess_b77a5c561934e089_4.0.15805.0_none_74baba51266f3010\AddInProcess.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-d..ectxdatabaseupdater_31bf3856ad364e35_10.0.19041.84_none_2d21e26a18d595c7\f\directxdatabaseupdater.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lity-eoaexperiences_31bf3856ad364e35_10.0.19041.746_none_c291aefd01a5d6d6\f\EoAExperiences.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_e304dcaa2490f61c\SystemUWPLauncher.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\r\AppVDllSurrogate.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.84_none_8ea6a37043f4ae90\r\ClipUp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_b321f2c2ab7710a2\f\sdbinst.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\AppVShNotify.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\f\AppVStreamingUX.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_aadf84cda75da02d\aspnet_regsql.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-d..ectxdatabaseupdater_31bf3856ad364e35_10.0.19041.928_none_138fb436497565f4\directxdatabaseupdater.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\f\oobeldr.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..eapplifetimemanager_31bf3856ad364e35_10.0.19041.746_none_45062eb997366a7f\f\RemoteAppLifetimeManager.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..esslockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_15e5bfcd83a1911a\f\AssignedAccessLockApp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\HelpPane.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..ing-platform-client_31bf3856ad364e35_10.0.19041.1266_none_7e2b6be969016c27\f\licensingdiag.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.153_none_4b81b20e830f375b\r\conhost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_37f2e74a0020dc93\pcaui.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2358a116979cc599\FlashUtil_ActiveX.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.153_none_4b81b20e830f375b\f\conhost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-host-service_31bf3856ad364e35_10.0.19041.1288_none_6c70124c60e2b4ef\vmcompute.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\hvax64.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_10.0.19041.1_none_e9b79397c28488a5\pcalua.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\r\vmwp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_10.0.19041.1266_none_a88c5999d8585853\f\pcalua.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\Boot\PCAT\memtest.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_addinutil_b77a5c561934e089_4.0.15805.0_none_fcd173bc1b434b81\AddInUtil.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_hyperv-commandline-tool_31bf3856ad364e35_10.0.19041.928_none_0b17415ae0dd0379\f\hvc.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.1052_none_0bde546bcaf8e34a\ClipUp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.1023_none_5c93ef2449c89609\securekernel.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\r\AppVNice.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\AppVDllSurrogate.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\splwow64.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvsystem_31bf3856ad364e35_10.0.19041.1081_none_bdf809eb2dd695f9\AppVClient.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\f\ScriptRunner.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-containerdiagnosticstool_31bf3856ad364e35_10.0.19041.928_none_6571ff6e96271a64\hcsdiag.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.1266_none_aa0661cc14f9fe9a\vmwp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\vmwp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-console-host-core_31bf3856ad364e35_10.0.19041.1288_none_e25de9f9d964cdad\conhost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-tetheringservice_31bf3856ad364e35_10.0.19041.746_none_6ba9668b45cb4938\IcsEntitlementHost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\AppVDllSurrogate.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\r\vmwp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.15805.0_none_faee98a3c711fae7\AddInProcess32.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service-migration_31bf3856ad364e35_10.0.19041.84_none_8ea6a37043f4ae90\f\ClipUp.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_76e6fb38a70dbd6d\f\GameBarPresenceWriter.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hns-diagnosticstool_31bf3856ad364e35_10.0.19041.423_none_841c30f68571c385\r\hnsdiag.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.1_none_23025624c75c162f\oobeldr.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..extservice.appxmain_31bf3856ad364e35_10.0.19041.423_none_2cade1bc915dca0d\r\Microsoft.AsyncTextService.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.1202_none_4132a4047d5d53b2\ScriptRunner.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvclient_31bf3856ad364e35_10.0.19041.264_none_aa5417fd2708544d\f\AppVDllSurrogate.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\oobeldr.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.19041.1288_none_a518f9eb1ab503d0\hvix64.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_bafc9f61651f37d2\SystemUWPLauncher.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..nagement-appvsystem_31bf3856ad364e35_10.0.19041.84_none_40bd4149a6d52edb\AppVClient.exe	cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe

C:\Users\Admin\AppData\Local\Temp\cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe
"C:\Users\Admin\AppData\Local\Temp\cfd3d25a2a7627709fe86fabe2d84d5b7f064fc55c5bcf94af50fd86bf3dc363.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:4824

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads