Malware Analysis Report

2024-09-23 06:58

Sample ID 221117-hh2y9shg91
Target cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe
SHA256 cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d
Tags
azov persistence ransomware spyware stealer wiper
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d

Threat Level: Known bad

The file cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe was found to be: Known bad.

Malicious Activity Summary

azov persistence ransomware spyware stealer wiper

Azov

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in Program Files directory

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2022-11-17 06:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-17 06:45

Reported

2022-11-17 06:47

Platform

win7-20220812-en

Max time kernel

44s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe"

Signatures

Azov

ransomware wiper azov

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\am.pak C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleUpdateComRegisterShell64.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\SecretST.TTF C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Google\Chrome\Application\89.0.4389.114\Extensions\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Windows Photo Viewer\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\id.pak C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\tr.pak C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\external_extensions.json C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\89.0.4389.114\chrome_installer.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DissolveAnother.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe

"C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe"

Network

N/A

Files

memory/1092-54-0x00000000000B0000-0x00000000000B4000-memory.dmp

memory/1092-55-0x000000013FF20000-0x000000013FF36000-memory.dmp

memory/1092-56-0x000007FEFB761000-0x000007FEFB763000-memory.dmp

memory/1092-59-0x00000000000B0000-0x00000000000B4000-memory.dmp

memory/1092-58-0x00000000000A0000-0x00000000000A5000-memory.dmp

memory/1092-57-0x0000000000080000-0x0000000000087000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-17 06:45

Reported

2022-11-17 06:47

Platform

win10v2004-20221111-en

Max time kernel

100s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe"

Signatures

Azov

ransomware wiper azov

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bandera = "C:\\ProgramData\\rdpclient.exe" C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\GetCompare.DVR C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.rll C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\gu.pak C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\89.0.4389.114\default_apps\docs.crx C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\misc.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\RESTORE_FILES.txt C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe

"C:\Users\Admin\AppData\Local\Temp\cfe9b79faf455e5ba96d1949d24af3bc4ea4671ade277df1a9674ab538c62c9d.exe"

Network

Country Destination Domain Proto
N/A 20.44.10.123:443 tcp
N/A 104.80.225.205:443 tcp
N/A 8.248.99.254:80 tcp
N/A 93.184.220.29:80 tcp
N/A 93.184.220.29:80 tcp
N/A 93.184.220.29:80 tcp

Files

memory/1808-132-0x00000222BBFE0000-0x00000222BBFE4000-memory.dmp

memory/1808-133-0x00007FF67C1F0000-0x00007FF67C206000-memory.dmp

memory/1808-134-0x00000222BBFB0000-0x00000222BBFB7000-memory.dmp

memory/1808-136-0x00000222BBFE0000-0x00000222BBFE4000-memory.dmp

memory/1808-135-0x00000222BBFD0000-0x00000222BBFD5000-memory.dmp