Malware Analysis Report

2025-06-16 06:24

Sample ID 250605-j7gv3avks5
Target 6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02
SHA256 6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02
Tags
cosmu discovery ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02

Threat Level: Known bad

The file 6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02 was found to be: Known bad.

Malicious Activity Summary

cosmu discovery ransomware worm

Cosmu family

Detects Cosmu payload

Cosmu

Renames multiple (4653) files with added filename extension

Renames multiple (4508) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-05 08:18

Signatures

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-06-05 08:18

Reported

2025-06-05 08:20

Platform

win11-20250502-en

Max time kernel

149s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (4653) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre-1.8\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\chrome_elf.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\da.pak.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\System\ado\adojavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\7-Zip\Lang\he.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pl\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Diagnostics.Tracing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe

"C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-2329104403-2882594830-3136665766-1000\desktop.ini.tmp

MD5 cf2813dff340fc4a69d194e84bb5282e
SHA1 1f8a8d7ebe5f3cd93de67872cec0f8aa3e6b0251
SHA256 c1a62961a6fb35184929cca0f23c81323318e6607c25b4ddeca31ad05cb89ae1
SHA512 485a4d141cb1e758efbb13e25fdf75b30c7fa76db7febfe1983a3f5b89c573365647fffebbb186663e1f9a3da95deea7ea8f3d8d1eb518eba25f03bd2cef8b84

C:\bf6fffe43a1488106117f05273896fef\2010_x86.log.html.tmp

MD5 9762f1353e83a5cdc9509d859f41b5bb
SHA1 12da51647bbc455e64125d9e5881edefba4f44dc
SHA256 083af4dc06c9ffc1748568cb1959a44076cab434b5947cbc7160444dea5b45c9
SHA512 670625877b6e305ce7f73810e78a10664d1090cef554f0c71ab8f5ca2d55a03ae6675eae1d7a2f50f8832274f0e8b92299d76912b26209ae5d39d32c0edb7553

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-05 08:18

Reported

2025-06-05 08:20

Platform

win10v2004-20250502-en

Max time kernel

150s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renames multiple (4508) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\Microsoft.VisualBasic.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Security.Principal.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\chrome_installer.log.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.IO.Pipes.dll.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe

"C:\Users\Admin\AppData\Local\Temp\6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.27.94:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

MD5 035edab9eab580be21a60234595f43f3
SHA1 c672e55afc4ee66f9e9e5815fede65a6049d39e4
SHA256 1b022d566c0b9cdbe0ea801c74637a11ab4f129c1bed7072682951afbadc3e77
SHA512 c002de3de6e6ee0c1b58113d8d963c1a912f2830a2c25bee62fd4c637cc6e388fa3a0707f4b3f808bcc577f5b519d9be9a915b9a6ce8ea2cf7a4af73a2d17e16

C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

MD5 7bc04790a3a793eaf560bf05ad4cd326
SHA1 0df16b525673032a1be9bd370b39ac4011f90af6
SHA256 81acd69d97c40afd36903b361585f83c3c97442f9bb2546133f2357db5f88b12
SHA512 9b908917cb86ead9a1796be94bed6f16146ed5a5f2ce21141a0866885f7632e129aff9da1143b42a31b08556085a5015390651d9f965328ba4006ac1f89b232b