Malware Analysis Report

2025-06-16 06:28

Sample ID 250529-n5gjqs1vhw
Target 7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c
SHA256 7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c
Tags
cosmu discovery ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c

Threat Level: Known bad

The file 7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c was found to be: Known bad.

Malicious Activity Summary

cosmu discovery ransomware worm

Cosmu family

Detects Cosmu payload

Cosmu

Renames multiple (5060) files with added filename extension

Renames multiple (5209) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-05-29 11:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-29 11:58

Reported

2025-05-29 12:01

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (5060) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\Office16\SLERROR.XML.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WordInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote.gpd.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\EXCEL.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8EN.LEX.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\ml.pak.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCHART.CHM.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe

"C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.27.94:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

MD5 1ae2abc0d622e1ea4da6cf8bf1e4f88c
SHA1 86a94be3ba18a53658864ccf82f88c9e1140552e
SHA256 52ac8c2e66b49d7190ab58965f78f4c07ecb2ad9db0133fb3ec23167c4ce374c
SHA512 6e7224436910e2a305f0038862eedd7d535b470b7493e97c92b0f874a4191645ba3718a17da25c89c2a44dd4bcb1a2b7c772e3a250f4a078b848a948cd09ee8e

C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

MD5 90f2af2c4131c59c4ecc75e228a2ee4a
SHA1 d207f97de079bcfdf429256eed3f85b6c5c5afdb
SHA256 e940ae7ae8ccff65a21aac6d52a8198d100b47ed3677aa9f905a1d0b5b7c4e48
SHA512 9e7e83f22f8b5fd1e4d4d33e2b0f3d372557b2b761ffe952802df6ffdbda94d478f2212d9c4f8b60220ea7dd74057c0a711101ff3272de375e2ba68969a96732

memory/2788-803-0x0000000000400000-0x0000000000407000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-05-29 11:58

Reported

2025-05-29 12:01

Platform

win11-20250502-en

Max time kernel

150s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (5209) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\index.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART12.BDR.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe

"C:\Users\Admin\AppData\Local\Temp\7db974c0e72757c15415b821f6a22764c00093dce7273ab41f6b8bb91b3f063c.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3518521428-3897247806-4080064211-1000\desktop.ini.tmp

MD5 53379a10e4f85044dbcab1d0b2067e10
SHA1 97026bd2b9418385b4cf89c2a8c19ad98c79c3f5
SHA256 6114a96542c1ebf6667e64f9f957cc26331fedc64629e2d234ca644604aead55
SHA512 21f5a6a233c10bb39af3802ded84c23f2bd9efdc77e809411e72ad19401abae4b955bfd3445973200c6d0abce786ed942fc9948d5abd85385f78091f22c95114

C:\ef24ccacc0fb7a1128713900cef14716\2010_x64.log.html.tmp

MD5 fd8859155a526194680e62c1d56bf8af
SHA1 ddf992b9e3635970313968a5a226909d6991064d
SHA256 7e597e69455dfbe295ddc9c2b5eca45e15e7ed14e53b92d28258180ec90fb153
SHA512 4218dc25511c53e49a2c188b48abf3c2acfa6549e20cfb15fafcdf52325819a8a7cd47026ffab7ba304a553de9203441c978dc358c69f74e8fb616c636b8c3ab

memory/3776-1085-0x0000000000400000-0x0000000000407000-memory.dmp