Malware Analysis Report

2025-08-05 14:41

Sample ID 250703-f4641avlv2
Target 05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983
SHA256 05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983
Tags
cosmu discovery ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983

Threat Level: Known bad

The file 05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983 was found to be: Known bad.

Malicious Activity Summary

cosmu discovery ransomware worm

Cosmu

Cosmu family

Detects Cosmu payload

Renames multiple (4661) files with added filename extension

Renames multiple (4696) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:26

Reported

2025-07-03 05:29

Platform

win10v2004-20250619-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (4661) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\PresentationFramework.AeroLite.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Internet Explorer\uk-UA\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\rmic.exe.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\AppXManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe

"C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

C:\$Recycle.Bin\S-1-5-21-4097847965-469305640-2969917343-1000\desktop.ini.tmp

MD5 2f505940cef04def24e81e740f75c8a4
SHA1 375c05704e7a00d9cb44ea9b7293ab8a4d9de200
SHA256 69d3b297a18702f71b2e736953f37a84fd281e888fc5caaad1dc23f97e68fc78
SHA512 063859b123cdb517c1093dc51883574cce7ac95f3bd193b150d904fe62df7d89d2c716662fed7a5c702044853b46f5bbccd07d2ba6af8019e452a3cd4cddc4d6

C:\dc3d28e735b5c506d1b00a9a5a\2010_x86.log.html.tmp

MD5 ac51cccef84a47ea43bc659c7ae130dd
SHA1 dbabc6c453a4486ea26fee5ae93d5412bed5b42d
SHA256 7e4771a0839674c3307cf359a29faf5cd0aad6d291271f825699212b8ae4792f
SHA512 df0c8cda3c001507eda199fd8a2b302595309c0130acf5f578822365c01b1ce4c4613e06e65c9857bae89b74ae0e1e3c3c04d0150d8d107f8586753ed1e447a6

memory/4860-663-0x0000000000400000-0x0000000000407000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:26

Reported

2025-07-03 05:29

Platform

win11-20250619-en

Max time kernel

150s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe"

Signatures

Cosmu

worm cosmu

Cosmu family

cosmu

Detects Cosmu payload

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (4696) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\INTLDATE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\7-Zip\Lang\id.txt.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\de\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\BI-Report.png.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\fil.pak.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe

"C:\Users\Admin\AppData\Local\Temp\05883a6b3b770d06f9bfbac1145cfe5107ce748842dbf15660e56c6b5ab88983.exe"

Network

Files

C:\$Recycle.Bin\S-1-5-21-3972667009-3658015838-2693993929-1000\desktop.ini.tmp

MD5 0032d6ea790e94c29708e2c5a77cf6b8
SHA1 3652f485080ddab4e4248437f1c2b316a269d155
SHA256 eaf80a182872b5bfdadabd777ff8d070b41a895f7f3277692dc225daf19d2500
SHA512 189d62e37b20ff3393ad6c06d5049d4a59c37b1c28d070f7a6cca96fe6a018977c81cde9b385fa3dfbafefb741be32620c15720085e3540a222c2a276a410890

C:\e526fccd55275c7cc1d508f478cd\2010_x64.log.html.tmp

MD5 d8eaf551148a3d05680a0fbeb0997e2c
SHA1 86699be4331c4bf5ef6a6690ea556aaba1fdab8c
SHA256 c6f4fc7f1184c8d9f88d80f615d25eed5bdbaadaea3a3801e8c729b2cf08d9b7
SHA512 ace500063b2a949f3d6a84aab48fcf0f10956b880aaeec299edf9794cc841711985538205836e5e3fd135ca2d9630a3c497bda712095c4b5ce441dede41e2bd1

memory/5560-825-0x0000000000400000-0x0000000000407000-memory.dmp