trigona | 807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-02-2025 16:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
Size

487KB
MD5

07a155371aded5527e7bf38bf6445537
SHA1

3c249f0d5f02b8fa798a8702ab07d8e4d5aaadc6
SHA256

807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd
SHA512

b13f6c2374215b893038740f9e8f0c9a9c62a600e532d9d40f2920d16b8d56c3acad09f9ceb894c8682ce7c3353c579a5e652fc7bc8a588e3b1de576002c21da
SSDEEP

6144:FTmapt6LFRvpdPYw70FNU7V6XpYFfYvwBVNSvMhskaMGa4jCT4W8U5hqqDLu3Pi0:tBtSRhdCEVTdbyMhXPT4WYqnuDOqBBl

Score

10^/10

trigona ransomware

Malware Config

Signatures

Trigona
A ransomware first seen at the beginning of the 2022.
ransomware trigona
Trigona family
trigona

Drops desktop.ini file(s) 31 IoCs

description	ioc	Process
File opened for modification	\??\c:\Users\Admin\Downloads\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Pictures\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Contacts\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Desktop\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Links\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Videos\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Libraries\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Recorded TV\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Recorded TV\Sample Media\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Favorites\Links for United States\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Pictures\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Searches\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Music\Sample Music\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Videos\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Favorites\Links\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Documents\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Desktop\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Pictures\Sample Pictures\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Documents\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Music\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Downloads\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Favorites\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Admin\Saved Games\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Music\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Users\Public\Videos\Sample Videos\desktop.ini	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0252669.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.JP.XML	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.3q9ce10owa66u95x76zyhw5fzeyy5c4c0tpnq4o8.c16r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\available_for_trial.3x722zsp75q14.p302m24ji3r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PROOF\available_for_trial.o1lmy2j1gz9ovjj41z0kiy79l8hph996pkhfbemdp53fro9w51.s3svr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\available_for_trial.f00n5ac52p8n1nc46my2d.vyr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\35q58ti206llp6f0vk3z50u0m41d.17j2fcdh47r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\how_to_decrypt.hta	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File created	\??\c:\Program Files (x86)\Windows NT\Accessories\es-ES\how_to_decrypt.hta	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\507196.ebfi0jr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\6k8z0x76l993h3308cz5955c9v6c68wz9.m18r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0188679.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.79o6n0ml5x2t6dw0433rup1c45c3osfcofz5nq0kncj.wy6n0b83ufr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\8v303r90h.4s6r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.9nw5a0qzxs3010x45374rl.0xkk3lk3r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.zd09k05r72de7zi097e7lfi5yv876446o052341k.hgxi0v3r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FLT	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\BOLDSTRI.INF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.27e071z2m.0ohc0r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\available_for_trial.57c5f6s83yf0dezc8mvqvmhjfwi4i5qpo351qf6r7yh9978q.938i0425r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\ONENOTEIRM.XML	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\available_for_trial.l0666p3ng53ibt2055y648366.58s346u5r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\available_for_trial.qwp9i89rq9j0im95zn890z0j8oc09ini8qr0zw513gt130.4fz5r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\available_for_trial.6i4matae1.5828y2r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BIZFORM.DPV	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.5d71w2a8727r7ro08c10.ifx7r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02069J.JPG	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02252_.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\available_for_trial.371800ctn2ym7uj.dr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\available_for_trial.7bmu900nk2gc3kdq4shx1l349t339gaoawm58u79c4j3g.63o1ba30r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\y7s4jg60zd54fo2u1w3s1n107c7n7913rr33.7sj28r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\available_for_trial.6i14x28cwlsmo3u9k3394r6h0g9mnwdxm9f9qs7784.877rxr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\available_for_trial.ddh5d46vn605j762k1rwb02j9g98fmu4663i7.3qsur._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\m8837.2s8r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\available_for_trial.x68225auievi851.3qnczr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\available_for_trial.awn16u927425y41542zi3zt79889cx864760b.79o86ur._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Bibliography\j1k732.xr._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\available_for_trial.ai5.7r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImages.jpg	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.151\available_for_trial.am1fnvcl0ua568ksit1940em63.ur._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\available_for_trial.ip964a18gh85z6ek3374yrj1q036b97txlk170ran5.su2r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File created	\??\c:\Program Files (x86)\Windows NT\TableTextService\how_to_decrypt.hta	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Technic.xml	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\c9tho.yk222r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\how_to_decrypt.hta	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\available_for_trial.78446ku31rmuspg15s4r39gc6tpzmi4ur8sa1o.q696qy1004r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\available_for_trial.g.z0r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\available_for_trial.il47te68fdlmz143c6up345576wc4y4onfp07a0q7986vi7bc.e29f8r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\available_for_trial.ad0d2713b9cvu5lt0yv3i7ffy33.7r._locked	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101861.BMP	807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe

C:\Users\Admin\AppData\Local\Temp\807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe
"C:\Users\Admin\AppData\Local\Temp\807b27dd4ddf9f8be2493a9e9f9a1bbe69c06770039847425acc6458d72f29dd.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\9u2l502og54f2032mzzqeau8l7y60mnx.8qe34r5w0r._locked

Filesize
2KB

MD5
c0b4fa45466339cc280cdccca2886766

SHA1
09a1a2171b230a3189508c19832594ae4ecd5b34

SHA256
de11845b33b84380c46552d34d8ede1f1e088747e5ff451d853b46e864a89b25

SHA512
4bf13f1c352b5b4651367f8b69f3779dbd25f2114727573378222d5cea676bb351c195cae904632da3ac1684ad9df0af2aa48800310e41d5a2c1596ce5864b21

Download Submit
C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini

Filesize
932B

MD5
3972bf62b556f36afb79e7550c55c0a3

SHA1
63ea5867aba9fa97ba602e21a4f15bbea9b4c451

SHA256
d59576cfc7bf18344f9b60c157c7569d306c11dd551fed3d6d51119a62c1b657

SHA512
c057df19ee2a3834276769d090f785eb221e7eedc0a71fd456f7d72fcd17953a7ebaf15da33ea8296cb43f3e65c68e76bceff7144d3161cc14b0692da92108d3

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\Access.en-us\948f0l40iy6gx70f9yxb7fq85qhqr8k2zx270681.9vr._locked

Filesize
583KB

MD5
fe441ed11a6fc99f883a59160ab1ed5e

SHA1
d70572da3f38753f3e7aaadf5ce3649d37439384

SHA256
8cacc516213f81b47429bac797944d34b7581eef38330da4bacbb082d379b0f0

SHA512
d333ebfe740839924636960a4d3bb117024421baeb37400d08027e947cdf3825c81738f417c5a23ec74e81f59507c1d6bdcf0c1acbc521a7624df558b3626652

Download Submit
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

Filesize
102KB

MD5
67080b4fe852dea967156bef84fbe844

SHA1
fbbb9e6fc399281e35d56af33203d46bf6e60534

SHA256
b85163b09bf8a562fbd4f862f660307507ede65f68e6b5c0dace9b71316656ec

SHA512
093ed395a95cab6a080cb6ad6c85712d98f4ca30d98f8cb6df8dfbc9a92d2d5c6d17121aaaa2a3ff2d39659bc5ae2b11a4bb4ae70279b53a3d8a5dffa3bad538

Download Submit
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\84m66nfay9h66qlx020gzl1p1qz.18dc2r._locked

Filesize
23KB

MD5
88c52c6274c39ff4fa9aca47b79efd84

SHA1
6915bc5da1a116865c89225b4f12a16901ea9476

SHA256
fa85e09dbfc3291d05659bea2c8bd563bca3b13447874b959e96327788101d6c

SHA512
fc072381272eb5a91a4003ed3fc72cdc57ae5d1ff68678d316b8ab66311f938d126ff6af342885e5491e2a5e905c94953ca94bf6e706ae725bbf9d559f7e96f2

Download Submit
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt

Filesize
28KB

MD5
90458eca31a594bcb918c494229ca863

SHA1
e9a7bfbd12935f3d0143a5b4175ea9a21532e5a3

SHA256
608145622b633c730cd358910fa389fdc38c1410600a48e72fe5dbd9f19b1d76

SHA512
0825be9816cbba437bcd4f46ce5bd71bda86d8eb0a0ffd80ecd5ece56c5e674b26601b3c70377b6753152f40c09e9912cc34ed8237f06db03b588374b92c1a31

Download Submit
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\b8y2td3f1m.er._locked

Filesize
5KB

MD5
2f96604472b0face4b9e9fbd01778a61

SHA1
9b406452e1b1b283854d5e96b9779015d0ae1479

SHA256
99790bade38a451ff62da2d6ceef51ce5e54c509f718c8175a444b359584218a

SHA512
33cb5b066e68c08222da15cb6cc19831fa90a894a10f179ac8f8ad6bf3aaa2623d29d601318707a466a3e4ac1775bfda9fb5b188828afd5e0b609083c7117a20

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\DW\5ijlo696x6qu.u3r._locked

Filesize
508KB

MD5
330286b05e44e3fc066f43454d59174c

SHA1
01058cbd4f72db71917a9e1996e25e9246b4b7c6

SHA256
250e2b52842283da358b3e07255ce43302caf6a4a5ad089bbc9f17c38e05c1ab

SHA512
91ff1a64adc4c06f4c6ea9dc89afb85a7dc6fb74ce5fa9a07ea7a05249be63249f6a8f81ed62284f359436fe26edb0e2237dbb7daa0e74faddea40b2699f4ff2

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE

Filesize
819KB

MD5
37eb693c99fa8e7bc6ccc9fa6a8df1d6

SHA1
184f56aa10e4d4b07192817e41263ca5b2fa87aa

SHA256
941f7244ad14679826f526af203554bde6a18d1b4ee5ce00e05868a9cc75c581

SHA512
72632fd8b35a58d80b0a0b335fe70c7fc9482d4b70747f082da0471770296ef45e596d8e8a1cdafc766eb719207e2e5cea4ad1872817a43ff32b47736ae42839

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\55lm02526e9c5se9.w5or._locked

Filesize
5.5MB

MD5
326546f50965dae4af15a724334ed3a1

SHA1
64a40d236ba8479052146686e300be23a805a854

SHA256
a7a8a5af287723d76d6888db19227d7fb2471855ed54386026f0fe7c37fdc59d

SHA512
f569a971ab271314a72532ba6101d989da146e283c60657fe1e92c10747db6232309855a1903e536f04fc3d1afe957bdfc20571cce179bf3d5c7551f0bdfed74

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\7ww53ro177th672nv03b78t9e.u134r._locked

Filesize
6KB

MD5
0eeb125cec839c029b7daa00c53d9d76

SHA1
f55a0eac5f20868bb83757008a24ba5d7674e26e

SHA256
a831dc219b86a37e429086bdd4b63b837ee071d77a26bd6b93f12f841d3d0f93

SHA512
d5bc35152fd72e086f8a826192b2028651abf6fcdd84f0ad406b6dd084d21eca20256d361c45fef27e6ad3a3a4c55bbbdf016a139df6803f24404d19a889b91d

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML

Filesize
10KB

MD5
fea1fb27f7117458f93615db8ee8ec12

SHA1
cbe3788d4fdabdaf80c5dc67b878411dc9b485eb

SHA256
64ff533d2fbab4e35302b7579a2514e21891b99b7f9ad2735110514c8fc7738d

SHA512
395a97fa0d161721d025e4b8454b816f646517b32d219da54cc0b4f19fe395f157420b6cc4aa79f5eedee6d145abf8b753476df4b324404416b4351b71ac5b9d

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\available_for_trial.48gfj57a28b2998y5e69m5x775s0791qt53596q.bp6wvcr._locked

Filesize
27KB

MD5
a1f4d5501f284c0c2b55c60fdac5f0f2

SHA1
55c0bfa11a151ce6bf615230456c765b7ce3a389

SHA256
334034dda21bc207fd8f0f824f814398ed5b10bfd65805d4b41f66192479e00e

SHA512
c97417a92861a1a572f2e9ce2737d0ebefb0e1cc150711f6aa8642d109f5c7c121d496a0de968a7be480aa3b2c5fc5b894d5b1464e156e7ca9f991db7832de9f

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\available_for_trial.in.657kr._locked

Filesize
188KB

MD5
b88d9b6574c067ce96c37270a821dab7

SHA1
98ab67495f4561c12e975e0bdc523ae0e0d95abb

SHA256
3519610cd822a4afb4fb78eccc16181aba8dfe4563fd8e75155d3369ac7ac03f

SHA512
8f50280dea3104c22104738cabd35384abafda62337346637456c86c2d99f9401314352b73d536ac13247764d2f49b7b0f56215c3a5b36d0221cfbe25b3e1084

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\available_for_trial.u8809ol3kgdim2l9e9xt579c6yy1af97r8.vcrpis4u2r._locked

Filesize
66KB

MD5
f012b898a047d2637d3d8869557e569a

SHA1
8fca18c004598600008f0a3e001fb3e2668bbc02

SHA256
7ba11eedaa21af97e0832d2ece609f50847a2e1e3888cef754dc90cc3ca19ae8

SHA512
678a96d800944c6ca0b5d3e12650f065cc32120998a9098219732f3135a7f707ff484caacb0aa979b093ea572c94b63d4d628f651e409d8ff39e134ba6979480

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.WW\s4f70w72137ss57j2t150.12i29tr._locked

Filesize
5KB

MD5
31c09b6e51a26b1468eb142e1ca4a41c

SHA1
2a89c7c529d2b843367412f0462312c64d73920d

SHA256
f587fabf13fdc0382322430a3eaed659d7c32d4089c41e251c2c0efedcae62f5

SHA512
2ad6d9ed0de09654e7cd488863dcaf4878b90cc60336a2c772846123bf8a780252da26cd67d7a9d5742a505a89a731b67c0c739eb4c7b541fa5fd6c0b7d86a5f

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\o7m7l904z9s8fns1j08iwisy494d11jyr7ru5321n364v66fw.wr._locked

Filesize
4KB

MD5
1c817bcc4e3082ad6ab61f37b00bf3f6

SHA1
dd71f43eb28c228aab3f4ea2498fa68599c841c3

SHA256
6e1a51f7b6c0c9a625430f5355181d5d5459a7cca48588009123e73064148e3f

SHA512
0fd819ce3b83398426f2d93e0ff26a7e91dc45af63d66952748b84d5cd84ff1bb338aed065c53b98654fd46663fae889645aa7f218b4119d90eb708c1226728d

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\ProPlusWW.XML

Filesize
17KB

MD5
d79e0d0ee91086b05c50804bc15575a9

SHA1
41475030303c42603ea9a6500ea5f5571c044222

SHA256
218697fb8c6f89d8859deb53ed8c832e1701f5987b9313b10442f382254e6816

SHA512
3b80f1acdb8da8f7c2d96f2376a533372c0f7f8c128aa384b2f62b91e921178f7e228523738b0608faf3b57869926773c5c8240ba572c0d596db31a5d49431b0

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\SETUP.XML

Filesize
31KB

MD5
b33a7ea8770ab642a706925c980db7b0

SHA1
c9ecc1536efda41d9165b5a666bf05b549b07beb

SHA256
c5294f94444babef43327e49c858c2a80ded7790b4ac4f32ddb4cc7831c4e64b

SHA512
79037077e885b7380bc70e256971e5e6808e007d1bc4d103b574ee18158f6627277818b5dccef96d9c814732eba14149fa26396a636130f04d72a901d9515c45

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML

Filesize
6KB

MD5
86eb2365e07ae797638ccd6de27593c1

SHA1
9df9e926611bc3233424ff449c4ccc23e8f51d51

SHA256
2d4024e246b846454e0e6cf745813d2e59ee98c9b01e3bcd1048f69233064de5

SHA512
90ba458b9aff8527c6daf3e82f0c0b140ac06d08a45bb8b20fa76864d04fe4ef5f6a18575d86175c859f6ddc6ade3f23db125c23d450d4c4f1ad6ec4d62a49e8

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\available_for_trial.81.voj3fr._locked

Filesize
699KB

MD5
22448d4bb780e83009d1e7a11cc15fe8

SHA1
1aedc9415208091e7a63fec313f789ee27cf8048

SHA256
eec7121883f18c3aeee27088b75eb85dce3a8a0e64d8ab2eb517f5fb01439491

SHA512
26cdea1b488d2d5632797268d0d560bac675fb371afb11fdbdf03b90e288712643294c20926170d615ffc754b8766ca55741b0b7e616130737bd9d84333ae076

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\available_for_trial.fp1uo1lnu.lx5x6r._locked

Filesize
1.2MB

MD5
c07b4caaa0569745d631b02256802d4d

SHA1
124a3900afe82770f23c8276af8ffcd4f389abca

SHA256
2afd43d1e12b208d256f65d30429258bc6ad3a81c131db428917b9f3c2f81bc1

SHA512
83a046370c57a16d91a12cb4159142e2e31c64d195a9a05becf90d948dea26ceebdef7923a4322e59f387827c3eea436f68b166d580a0a7cb2dea475dee5a1dd

Download Submit
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\74u4p0u208j7gf.48r._locked

Filesize
146KB

MD5
c0af836f2cae86d998aece392be0aabd

SHA1
d8270e8120dee576471f5dbbcc0af8b1073d52e9

SHA256
c8ce4c8a8dcb9eda01ee81b8188db11dd5adde2379504ccf4e1647b98a339837

SHA512
6d8b4c347d6c772de3b8fa9e466cf1b59e1ac500d95bfec39abc0bc086a0d5d349d8a738d644149ee04a0e1325f784e0127c2e23e4166721b12901a1e02fbc53

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.151\8i68hr1s44542h61.pqr2sk66bhr._locked

Filesize
168KB

MD5
f2d1b7e0078b57e52a1a5bb0a3edc606

SHA1
f76aceda257f7e6f7daf824111190da31fe5a9eb

SHA256
77ad98d6a5862d0473151b438b727caf00dc15665d6c08ad806280810d7443d6

SHA512
b2d5f4365c47f54566ecd7f7e8568ca009c79a28196bda7fdc75c28275590abed1e42319714580bdedf2345b6661849d47a376500a5793b454fa01f10e0ab921

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\02153.86my9bor._locked

Filesize
121KB

MD5
86f06c80452112a036fb4960fe7d41aa

SHA1
396c452e2c7e939e068aa91f2646672e07f024db

SHA256
4d38c64f016166f1947158563c611859b467656cb654f28a9d954d149dd4fd5f

SHA512
f6edb8e8af642369589ef6ef12396160ae6d21d93f40274455421b76b6924dbb088e15a635553f6d2e31f7a1f396a2b24abff3b9fe396cd43f5c4886fb4d51c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\djwdezxwoz8b6hng8ux8086gyj7v4ep.984or._locked

Filesize
128KB

MD5
764e08e0f050cf0db5fcd695e3a0f937

SHA1
565a5898367ed0e26d10d90df4455b9311c1816f

SHA256
baefbf6515fd70ca8631910b70e196b51a572e3805703cf52419e8ddead800e8

SHA512
569562258ecdafb8d046eca0b723450338909b4a8793152f90750e887f4d16c623a7772d77d68786ae4a713edf597254224f2278c070d2e6c685d9dcbef8b64f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\k87v13w9u6qseim9n23v4lz6v32jowyojrzui519i5cjl6m.p316q31r._locked

Filesize
124KB

MD5
8019ad1a185a7bc193d2e1f76f1079e8

SHA1
7317308f2bad71ff1913e86096919cae395dee28

SHA256
e9073598f23b62612582659371f6c1b4e38a6b4396562493ec43c92787aa86cc

SHA512
d38b3c96368cd4d250c4349fa39a8932a121ab1ccfe0f18e4236b008394f75011abec794f784ad0b3046978f2595e2af675d2520524b37b1b14a8639f01153c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\ACEDAO.DLL

Filesize
536KB

MD5
58b9787efc62248140d0688ecea30352

SHA1
837a41de741e7e89f2d8f17b0b3d87311c2f5a42

SHA256
d0f731b6a5be901d6b7278fac84ff737d75524ba1a621e26699c1d75bea653d0

SHA512
7356f6c23931d3e0dec086e8a155d6c70a17176f35ccc0709a5e5bce47d6c08f92e727e68d0a1ff17d3ec32a31080e074e8f61447ed6d31ce98f353a33853c35

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\GB.XSL

Filesize
257KB

MD5
f3caf2e50bb14f5399f10bacef193ca7

SHA1
294ca20c05f36f540fc68f1beff8d14b8ca866f3

SHA256
3685dca2aa2b739f7118454fe359b754ac0e107b13eff2015a04dadfc7ad5777

SHA512
1496ad65b0219aa93abe3d1693746dc2dce3bd424302f9014ac44b9e2cda5ad592be02b1e8cd644724decfdcffe0539f820403ae8ae92a11def92afa9dc7a522

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\w8r4cz35at8gth4vbf57a4rl43xve5yvy2v54x1jx.66txwc56er._locked

Filesize
331KB

MD5
2e96a8605f44a5e532b0ddeaf0c6389a

SHA1
db240839b45bb54d4abaac367952e39e5b8af044

SHA256
033f438d420567d8a0ff4846cb685b4d6f2f87de1626924b390d5aa5bd2434d0

SHA512
2f3600905f04919ee1a2a8c245d65c2d146f51e7001c467576d94ff8fefe60a15a84630cb5481b839c37479597c54890003c92ecf79e88184e408e5b52e134c0

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg

Filesize
6KB

MD5
32461a8487a5f46f7409e8daf6c89814

SHA1
8378ed3f877c18856f1d7e72053b9593ef8d0920

SHA256
6e2b2852710959013695ad2faa67d063f390207c12d23e7b9146ad298655d802

SHA512
604cb4e08a6f92efe938a2c754bbb63649e4f8d6b41cdf1a40b4686e79d539b3968d29027e007c91a0953c27ce20bd384f30b3ccc663a43794af5e37eb0a1edf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp

Filesize
7KB

MD5
439f54667900970925c46b58de7ea415

SHA1
9106277051335f6e66e2c512bba0916f3cace7fe

SHA256
2fdb920e193cbc2560d8542d2f5bcddb63ba8bd870edb04e097cd22bb057a286

SHA512
8de232efbc58b158b3f5c9e959592f257b55dec0e4a76ee0ff1dbc625e2b5d24ab1d5b615e421295288a0f4645cd3972f8a378bf84b2bf22a5d1476d4ad51079

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormToolImages.jpg

Filesize
7KB

MD5
c1284acfc574c81ba703da1613008ead

SHA1
fa31f854d072c3ad2aa05621f96374ba04fa1bd3

SHA256
036f2e7d9c5db9424eea2ab30d7583e0fd16814e987e122458359b5ddb4cd8fd

SHA512
7b576c9f5200f7c936b7efeec9a63aa297dccacd70d8b17118f1f39a4b189ebd55c8720bc6108112322d8aea5732c36e72cd779687a6cf16553a3dedc85c3915

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif

Filesize
7KB

MD5
7f2d7d3e50036bd234dddfe779e8380e

SHA1
090db91c62ebdcb62d68bd27c9780bc0c253a727

SHA256
dcb1de679fb61e276a3fccab1369df22586bb59efee4473ab81d20fce54e991b

SHA512
12ecbe7f649113210365e721bc68f97c0e906a4f77d72baac134acc08b98260f7cf90ecf55ed88747947d99a94b70334f38632ad550a92f6e52efc444201b6e6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\available_for_trial.1q674g7uixx8ozxamrbwywqpi7738vj7mp284pti3llhq.hl965r1r._locked

Filesize
27KB

MD5
88ab148bf42c812b60e7444e3d670bb9

SHA1
70ffdd8f56aad79989dec967a0f28bdc73c7845e

SHA256
61db19767dfd1989b3a51ed2f6d8ed39e0d31bec2edcffda4412e7259b7ce3b1

SHA512
50b0e58147bdba9d38eabcd7ae15baaa05d1bdd25df23729d1a16234727e51ac5635b149e6b0212e2c8516d3f9b942fcab92bfcaf7f8c5cf840c074901631929

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg

Filesize
4KB

MD5
4846a10621276f4443c865a9b1ffbc38

SHA1
16c062be7668bc08e0271ddf4c237c944df1412d

SHA256
a7846316ff3401188c934b2d24b0586a6c9dbba45d2494104f58474b5f13337f

SHA512
77a2e0ff14117e700625358174621c98f2a6f1e3ad129de526abc136f38877945e724f0c4783464350966bfe3c1109641f913ab28616d6d542254f66b4f175c3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif

Filesize
20KB

MD5
22974c016d0fa0f428de6393118c0d3f

SHA1
a918608cad2fb46fe15c3d5d5304699889401f22

SHA256
23a0d038d45f37cf24255b7a49c3c25b276919dcce31d7022b1f4dcc4503a34b

SHA512
457235ee86bc430c8bea88f95514c29d2a72c3db5c56822c1c32baa9b370d2341f575c5aa33ada285afba6eadfde4cf6b6787b3dc138c02eff25590ef097a9a2

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIcons.jpg

Filesize
5KB

MD5
6323f156cb1fecf055035ac29b8b27b4

SHA1
ac9f1b5ec11894daf18f641378e990483bbb481f

SHA256
11bdfcbc546333b3853be97423f7720f6ade0d5c66756912f24c36dd6237c9ff

SHA512
be8977935edc12c92a6491f12264ff22d99c402ed7c298d40705c5b9849cc038b1ba541d9304b27ca1ddcd552f344d5a717500c29a42213950f75a1bb3045097

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\available_for_trial.pl89ry4liy0l8p10o0508a68kqp2v0d6n8ez4xxy6.h6nbc3a7r._locked

Filesize
10KB

MD5
a2e71df8139e1d5657c1cca23524ce49

SHA1
bb7abde2d6ebc6e38e978c034edabae1777b4167

SHA256
dd81f80c7e531e9c9ceea091eaee2dff341984d248004e304c9b017b56bc7973

SHA512
9b1925de22a66dc6f770d00e87f5d02798ac18437c37f9c78ed17758aae92976eb3c4f9a273ddc930e079bdb9acba58cd0ae95dbee3d492e78208c639f77be46

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif

Filesize
90KB

MD5
6d682d6c22dff8254d6ee8151ad8464b

SHA1
f6b909f5fc1260ffeef12b8c043ebfca76b1b35f

SHA256
7712e63d2296c9f0825877d37a67ffffd4d4be1dc889a76fff1e1d1f988ef9dc

SHA512
60111287a325d91ece32c966ab6ec397fbd11f75a1706173457d37a421f2f78b4c03496f373f92a740b3860d005f767c1853a950271554ebb9b66f17905c19bf

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FORM.JS

Filesize
81KB

MD5
eddc4d8b4f3748c853ca533fae4bc353

SHA1
72c56ac53ada2e3bacec2bdf8e162737b67d97c7

SHA256
e31342879b4a598a9ae245e751627cf52247e5604854ae6cbba78e097b91a9f7

SHA512
226cbd167ae998d5c818a4edbf43f88f25c9c030d56dd4c706623e7866b8f804f8ff87f9dce958d0ce5c3d07f65c3accd6768686dfa47c97400da3530f5fddbe

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\PublicFunctions.js

Filesize
10KB

MD5
6588b1a6ed2e105056198a389829ab21

SHA1
5fded5b5e44ae109df6a5101c71f6d221264beb3

SHA256
9a7962085d7f162a57afadf79a2833de454e8b0444c89bb111284ad9de1fb9dd

SHA512
4f2008946d4a33b5e54685afe3eb70806b10520e3fc672a64e35e307058e91e8665ea107a4b6791694c1f216bb28db22e5fb3af7de9420d8bf730678e88f100a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\macroprogress.gif

Filesize
192KB

MD5
734fc60b7e07ce77619990ed29f9e2cb

SHA1
eb4e85e2da51a8d1e681d96aa3890332059edd25

SHA256
af902a1c821f4bfa5fad06e6f47a48039acc6a04dec1f1dd000d9ee9b4dc72cd

SHA512
f3ab8fff67a329fb942361bcd689a9c015ff5c5055a0ccb2d939e3803404c7b3f35e87eb5e28f6719296706b5add0dd4ac7b36bb0bbb7f04de40d99a939b8a0a

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\utilityfunctions.js

Filesize
60KB

MD5
1fc84d7ac1270275e80cf9fc9908983e

SHA1
6cee7cdc3030243b95505827e30efabf92f9de01

SHA256
4f9303072f09b6d7d9bb39967916d957dafbe755efb99b7354d8069e9fbe7a2c

SHA512
e56fc460c4054ad536b606b8dfaf43f468727188e56b02d2c86204827f56055fe01e6c5673244c2c632ff31660847ac3bb7bcb2aef5da83b242ec4cd77db15a6

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.421t28hy18uj7c08vmn97y52ob57y0x931buzlr1auqau7tngf.is8h5v7637r._locked

Filesize
25KB

MD5
62448a46de8b40ee9850734502ba56ee

SHA1
24abb543689cf95893891a20e26180067bf1f431

SHA256
ab04c05f591c824251fa0d49a74d44e21f54ae5de56d6395a57cd9da6f09688c

SHA512
6f402d49869be5624654267b09ac8b75d0536ff635f9d6429d5d587fe9b1f9b44b98170e40b204c0c5828c64cbc4b87cfddf88e85b429b9d5108798fa9081b97

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.5f46v715n6gg2v7e4u53ndhys36kh2b055irh14wq31v8j.3r4jay42r._locked

Filesize
6KB

MD5
150640120b38c2ef2ec16c43642ca069

SHA1
83487af19df08f7d2541b18d76edd5a93a4e494a

SHA256
d4e0769f4aa00de3952cd866d4c498e3e267ac024266343a1d7c80fe1876a29d

SHA512
3acf902fcbbadf3e688963b8c9bef13f01f7abcc9874f5644c399c96dfc84d2c321bc025490d52b1b1f4a2c17dc4c45b78d31748b700b5a8100b5305887362ed

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.6bc92z46uo27wc03hb3y6nlhk6llm0r76053s629q67.elx8g133r._locked

Filesize
15KB

MD5
41e2ab49643da536bf4b4b90e572a5b8

SHA1
0a349e56d9082725466e0bf71006a2af8261c9e0

SHA256
a704d13ea121aa60d6a2414b034df9f2a3a835d748998d1a755019dc9ba542bf

SHA512
31765614758bfcb96b02f16bd75afd1edc50c4d8e34bc7b18dcc9b9c17c798f42c240f0692d668ff0b8db484e65bf085ac767390d0c28a13a1411ea194be7926

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.djli6637f841709w7gf1k91c90y22mm6dp3vziro2.4r._locked

Filesize
5KB

MD5
ed0c10b6eda107504a92600db6154714

SHA1
a18365ef3de00c9fe42a2e84af9663134faa6afd

SHA256
d671129244186483589a1d5c9287caf6f682f9b592fb46b0b8021753f60053a0

SHA512
b811ab97e3c27019f68efba53ee23c8c394499017553e11c04cf9df07f443fe3a77c7c6c07af2c5867cc0dd289e44bde052887f983c3fddbe130b8b8d4b5e193

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.g57id6.ktlz6051ter._locked

Filesize
22KB

MD5
e4520e238b2b3313640123dc371f72a8

SHA1
799cb9c29cecaa576bbd8f24da448227306240b2

SHA256
c648a8752a17fb234d2fe858330b1c0f9199277174e170ecee42652c43eeaab0

SHA512
e7f30f9d64a382ac88ea23be602e347e01469b311054ed0e6fd40ec69fdb909f44f1865e379d1e920885eb3526052a1ca0925c3c64081562222fc409a142b926

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.nmh71.7e90npar._locked

Filesize
32KB

MD5
a03e11df00531e3d8236cf10d58aa941

SHA1
1df1770820b44b21e78de5eaf204c17ddaff2544

SHA256
81a8b508b76435aa3c8f820c13cefbb3b1b26ab0bb61090356d1fd9688a4e889

SHA512
7fccc172dcb17e133e9023d87fe04a5b078715da09392bffc36df60a725e220de2af54a5a28423bbd4fb38a27efbb9ddb5139f3149d9204490f72561d84b6fb7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\available_for_trial.nweeruvpdcm8s406o5.o7r._locked

Filesize
6KB

MD5
919622c037ef967415c08345229a40b4

SHA1
79db4487f6377c837f262145a627c3d8f54e3d79

SHA256
7852aeac655e16f65b3c7ce7dec15be486f066792c64265d54b542e5af96d905

SHA512
2fd6e0ae4a0cdbb5622c87bec4cb2e6af26971eaaec86cbdd49f0208a9f43958e3d958e2a5f69168e82fbfe055bda840e8f94cb23c8d101fd2723eee5f0d6d5f

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif

Filesize
9KB

MD5
042bf24a5149cc8c8ab56c673b2edb73

SHA1
acfb8e40255f0ae6f50f9aff7cab04b1448af24e

SHA256
5ed7cde7fe126afc042d6d4629c5fcde6c059eeaf1076a7ef0c06d7b765adb46

SHA512
c1bd3fa22aaf60ccf71603a9f2da40947503dce5e568fd8187f5a7ede09cecbdc29f996a14d44d8a56f483d3e7518fe95187e7bc671aba6a05960ad2c1823616

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif

Filesize
16KB

MD5
f8fd8f4180f7fc68d0c44f5b96fdc7f7

SHA1
db72f171b617c384b4f92259cf40851a63073251

SHA256
e33a9ff4e391a85feb5ff20d29ca02a12e34571e3f3269678b39282314a695f9

SHA512
d5fb9e9863b2f8fce05d25f2692bb546069c5a23b887a754bcd2b30ffaf50f9a40e8e318235ca1cec4177167fab0419f3b24d69716d1b3c62cc71674e9de6646

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif

Filesize
21KB

MD5
b287bc4821aee3319a986a93d82e059f

SHA1
024315fffd8622d30bd8e36f70ffd01632b1aa1f

SHA256
10aacb1a53d9ac8096fc2476ab47f2b204dd6fb8ccc0ffd31d32788645446d08

SHA512
cd4abc68da774bdf93c924fe797c7c3c15240f76142eedf62e5ff479e159acb1fd2b687a7c8b0c845a85f972d57f631a61eebe58d901fccbfaf9b5168ead9ec3

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif

Filesize
7KB

MD5
bc4fce6172da4e4816b93fa9fe3b30ba

SHA1
00bd2d3c506c7da72a511a8ca1514646efeeb66c

SHA256
290032ec69c1e341895eaa2f4423da5499ab9df25a3107c645db0cd1d8369801

SHA512
72534f4556463798314147a6740cb85df2d3467c3faeefb362b6c4c8869645abbd5d8146b411d62649521329563010a2235740746f237187b8333e14a53c58df

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\6vmn2zira29tw41jr4f7fka185398bze0vfjd9zq7.7cjemr._locked

Filesize
248KB

MD5
0495440490182c5ddbfe1bb9e6a374ad

SHA1
6a22446810d40b0a2e10a6ecf1936ee8eb0515e7

SHA256
0fd6c7420d10a0af29311a80842bbe01b27140699a82902c6bbfd07aa30ec272

SHA512
683270f4b2365b481f9a1eaf8122cc8d4eb5d3297469756d5f74b45563fc1e23f04763280111fcd4bd1547131436ac6846b4d1dae1efa29d205b5b8cc9755a49

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\OLKIRMV.XML

Filesize
78KB

MD5
85a955b1c956000f1742178c1dac169c

SHA1
bcc6d94d2bceaf0ecfaf5b7d26838922dad43317

SHA256
aa8b32ca977d878103bcbfdadf55bbd3890e6bf07cbae6004b3fd038bd192890

SHA512
d20d27051ec2c318caaeb5d41b6b24a7fc84678208d4f513facd8c9b4029d6d9f46be5b8679b4d0a6fe692decdb393550a129c44ba58c0b3b834b25078385ed7

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\available_for_trial.g67td9ekahs4d5i56235a5e0ttigs11of8v1ji49ij.rmu4fvrnr._locked

Filesize
1.0MB

MD5
c5d1f50b9bf9dd8baac264e06daaa97c

SHA1
742b6240a1c432f4500e0104638f5ba0ef317a2e

SHA256
4d380b9e900e73dcba2c6b5ac67a3c7a1d4b75af5b648f46e52a0a338cfd3411

SHA512
a0df2a3501e28deefa988df0f6a6ce9c9ac521af94543e7147ffee226a6fdc85c0e730f507d8130eaccb1267a74ac8cecd6bca367e69717050de108b92822b9b

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\ibu0ba4y.ftkr._locked

Filesize
78KB

MD5
0075576cc06e628aed00e893128253cb

SHA1
e9858c6ba9445d04d23c16852d9beb509f5d268d

SHA256
ba31b7fbc94c7b82ef2d4bf4f97b0f9c491767faabe019164d13b86754a14ab8

SHA512
5dbd5cdb94c1663040768c6eb3f715842d91c23c13b2f3d3f5410facc2310ddfe846c542ff5197e783cfa08b35f16550371f49f5cb3ca34a9c68dc2dc513e8dc

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\r8ojfwhb8427baqefv611f6v08061y409vxq80zvf15at03.z2y0289fr._locked

Filesize
78KB

MD5
c65d71f426ccccf0e7634e06cae15e1b

SHA1
d2e0a41f349cd42598869801d112aa3ed574f2b3

SHA256
c80f14cfd72488e5a353f94626e7c84da59f580ba571bf08f87c93ac2baf9aba

SHA512
692ff7392e3ac9e7c2ae6386f073ab1b6dc5ed21909223ba250c78ea13d4692b3266704ae4e08337c4583d0b8cddf7283a1d0e0794fe4ffc061e45d5316c8580

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\ub9195pbn0v.z754tr._locked

Filesize
78KB

MD5
f7b545bd08abfd0829250cba01df6267

SHA1
7fb8160975ec3cd53bf54e97d47eb95524ff8d52

SHA256
618b33b113887e4514445c01b02c3461a215fd42c81a6c8a40830b223e9e47f5

SHA512
ed455ed8099da84d4a3481b4a98c4e454637250137fc7875633a43560d9f698d3c9c2c8e5cd0969e8698673f1f70a376e99264161355c14c674acd3c87c84045

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\y0.7pr._locked

Filesize
78KB

MD5
6390297c0900480458fc4812dfac13e3

SHA1
78c380eb22332d65c5517f756c93574bb6dcb60a

SHA256
1f0adae928e1a232eb0d753fc5e36ed9e3d7bc0eb2c987312632571119223fbd

SHA512
f77fbc44037a5da047efc4eebd74012ca3d6a7948c802343dc34b150d4f674d0401eb079df2dc8f6ff25ab7fccbd8651bebb0b2dea26af15cd1529a1a049c2e5

Download Submit
C:\ProgramData\Microsoft\MF\available_for_trial.916m9854buw39960h16l9gyed4g74sn455l42bgsb33364y.rr._locked

Filesize
15KB

MD5
1d448ccb81c2bf94b1e41db1f72f89cd

SHA1
7bcb786626b7b4edbfd8045531869b91036da754

SHA256
70018171a39f09a5bab05b6d6cce2faa80c9b098efc2554523c74026f3b75e86

SHA512
4860e0b37691aa8de2578268874c57d403cb8fd75259defe482dc9f650ac1eece23d32f3c520940a69fd9402ef5fff01c861505fa96c4a3a8736f7afa134e729

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

Filesize
140KB

MD5
8e1e8de640187de06981d6adedb59689

SHA1
4a5c6689d3633691944c4714ef916d3e4d6ca5a4

SHA256
6a759b7cc70ea2bca952fe6acabc7adaf204bf8a33eb820b98a53021af7ad133

SHA512
e022e47369b87875b27a58d10a3015e91baa98a4d5df3527b60a32b337d3dab21176acecd781dafeeb934fafe7a6c17b2cda86c44f120d97806cb4f58a9e5c7a

Download Submit
C:\Users\Admin\Desktop\ExitStart.xlsx

Filesize
10KB

MD5
c0e3dd8fbb67e9f3112587e784678905

SHA1
1026e5ebfcae21ade9ed7e4247ca089fce8e7b47

SHA256
a967ad8cb0aec949f6de0d398a84919e931f387b135bb9f45fa41ff170095d59

SHA512
85d2397eb0eb8e6e3d4c62874edb6fa06831bbebc9efdd707a62a0e1a856d51251dd87e29750bc1b75d42d05edecf7719b418e64613375e2456e170468988405

Download Submit
C:\available_for_trial.7750pkf82k136k4t66266e6142h7ax8u7h3.z42m9r._locked

Filesize
82KB

MD5
9f446fc5aa49ec77d02b4e258862d93d

SHA1
ed4057847f8a78320961083f5626ac3364b8feed

SHA256
dbd8851a86fe3244b329118bfced9c9e3e9f6fb36fb9c940ac054fda3571c699

SHA512
a811d778ff4433e930422d80bfe73ce841b71304f9db0f299a73784945fa2035e3d9e136abf98c5181953aad35fc5fd1bfbd898638c35f3ff7d3ce4e2fb0d62e

Download Submit
C:\how_to_decrypt.hta

Filesize
11KB

MD5
f8762ab138ed9d65971c9d628bf27eed

SHA1
22eb690a56018a2aedec7162d4d38e28cc3ca38d

SHA256
e33061114ca92381dd1803cfff5e74e0af9649a51320eace301d31eb2dd42a19

SHA512
2ee7c2b2191b6b9cc4e2613d9365b704f0fcacd263b140c308d9ee195ecb52abce48f98d535c51aa3db457cd4cea1956d8e04b409e6bbdb4504dc17db6ba3749

Download Submit
memory/2284-1-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-16-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-6-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-13061-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-26204-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-0-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-5-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-2-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-34759-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-35082-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-35107-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-35570-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/2284-36192-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads