Malware Analysis Report

2025-06-16 06:24

Sample ID 250605-j51v6avjz5
Target 035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d
SHA256 035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d
Tags
cosmu discovery ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d

Threat Level: Known bad

The file 035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d was found to be: Known bad.

Malicious Activity Summary

cosmu discovery ransomware worm

Cosmu

Cosmu family

Detects Cosmu payload

Renames multiple (5309) files with added filename extension

Renames multiple (5357) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-05 08:15

Signatures

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-05 08:15

Reported

2025-06-05 08:18

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (5309) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Net.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mip_core.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\ca.pak.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe

"C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.27.94:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-3299287909-2279959458-198972791-1000\desktop.ini.tmp

MD5 26bb7204537068f6645989a418595e17
SHA1 513c0c25f4bd4b03de15299431f3c4a55309b3b6
SHA256 2824d40239ae6e03c1a8f4c7e7fdf7cf8b9f81b352a6cb616dce8e002ce85057
SHA512 e9702145a523969cf2bdc526be7dd3ebe6d3a2000d115481e31b50afbe62d7e9a9d545049547cacd31d588bb8da4e39e135696ace9446d494d362b0b4a7dc064

C:\8e056885788215100b95f8050bba49\2010_x64.log.html.tmp

MD5 78ff529d351832a3a9788b8475fc16a8
SHA1 76ae97910b37009839d5858e74da1a13e48be7c5
SHA256 f4c6419ab71b4ab0950dc831b1c07e160f19ccb00be799518e4ed1faeed39820
SHA512 73ffecd550cb5fd086a50ce37e3b91ee69e9e06d410a496335409126fced5b016ed7721642b2131631372b7a24b2636460f7fcdee0dda0fce751363a3a770d13

Analysis: behavioral2

Detonation Overview

Submitted

2025-06-05 08:15

Reported

2025-06-05 08:18

Platform

win11-20250508-en

Max time kernel

149s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (5357) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OUTLFLTR.DAT.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proofing.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\WidescreenPresentation.potx.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\FA000000008.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\dxil.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\SPPRedist.msi.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoutilstat.etw.man.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\VisualElements\SmallLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe

"C:\Users\Admin\AppData\Local\Temp\035f93695a50583c38d9a608ba3f3f3465119c31821e16384dc2579a49794e5d.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3687046934-3833731302-526866946-1000\desktop.ini.tmp

MD5 e0953c09c60c98ccd245f762a670eec8
SHA1 c96c85ddab20c2bc70c82fa022da8c396324a0a6
SHA256 bf7fcc62daed6ff45ff6d797740a2c7c48ef196a437672ad78c25f20b6fb4377
SHA512 c08181dc13e36d12749962c17466c5ecfcafc0967f46ed7db1afd3dbf2227b809afb4704e875199515a067f1460330b8d1e579765718ddeecc23c7b5115e4977

C:\b9147e4cea9b95b6635d\2010_x86.log.html.tmp

MD5 5964526d2817df4a017b630eb209b319
SHA1 5ca284d0a1c759ad1d5ccc511dcbeb5da93f54e4
SHA256 1cb848ca91af3e109ad4c946a838e3e1ac43602dfa32733a0f666dfb9d693418
SHA512 0425accc7ff518a72ac4b463bae8898c78d1bede8b6600d1900a84d0eb2dceed2c346d2e527537bbc9cde6d607dcd6ec141abca1b1fd8090165ef5cda927e611