Analysis Overview
SHA256
cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d
Threat Level: Known bad
The file cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe was found to be: Known bad.
Malicious Activity Summary
Azov
Reads user/profile data of web browsers
Adds Run key to start application
Enumerates connected drives
Drops file in Program Files directory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-17 06:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-17 06:45
Reported
2022-11-17 06:47
Platform
win7-20220812-en
Max time kernel
44s
Max time network
46s
Command Line
Signatures
Azov
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\am.pak | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\en-US.pak | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\ja-JP\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Internet Explorer\SIGNUP\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleUpdateComRegisterShell64.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\SecretST.TTF | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\VC\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Windows Photo Viewer\ImagingDevices.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\MSInfo\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\id.pak | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\tr.pak | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\external_extensions.json | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\chrome_installer.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DissolveAnother.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe
"C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe"
Network
Files
memory/1092-54-0x00000000000B0000-0x00000000000B4000-memory.dmp
memory/1092-55-0x000000013FF20000-0x000000013FF36000-memory.dmp
memory/1092-56-0x000007FEFB761000-0x000007FEFB763000-memory.dmp
memory/1092-59-0x00000000000B0000-0x00000000000B4000-memory.dmp
memory/1092-58-0x00000000000A0000-0x00000000000A5000-memory.dmp
memory/1092-57-0x0000000000080000-0x0000000000087000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-11-17 06:45
Reported
2022-11-17 06:47
Platform
win10v2004-20221111-en
Max time kernel
100s
Max time network
123s
Command Line
Signatures
Azov
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\GetCompare.DVR | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\sqloledb.rll | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\zh-TW\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\en-US\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\gu.pak | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\docs.crx | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\misc.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\bg-BG\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\es-MX\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tr.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\wmpnetwk.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\de-DE\RESTORE_FILES.txt | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml | C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe
"C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 20.44.10.123:443 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 8.248.99.254:80 | tcp | |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 93.184.220.29:80 | tcp |
Files
memory/1808-132-0x00000222BBFE0000-0x00000222BBFE4000-memory.dmp
memory/1808-133-0x00007FF67C1F0000-0x00007FF67C206000-memory.dmp
memory/1808-134-0x00000222BBFB0000-0x00000222BBFB7000-memory.dmp
memory/1808-136-0x00000222BBFE0000-0x00000222BBFE4000-memory.dmp
memory/1808-135-0x00000222BBFD0000-0x00000222BBFD5000-memory.dmp