trigona | 41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff

Analysis

max time kernel
131s
max time network
123s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
11/02/2025, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
Size

1.7MB
MD5

15d05dfa5cff0cfc86e5135155744385
SHA1

3eb904370ebf0bd3d4665a0f4ea80f8cc8e89dc9
SHA256

41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff
SHA512

a1990e12b1397d12d718717e46a6ffc3721a44058f499b86b11b2d163b03afd2f8d7c816633abbd6a90773369b3ecb2b3f391ceed341d39bedfea5f4c1b99efd
SSDEEP

24576:uGA0AhSVzjJqVR/xmx0AsQ5r2jOGJTS8KmlI+u+68+DrAmz:xAhuzc3DXJTS8KmVzeD5

Score

10^/10

trigona persistence ransomware spyware stealer

Malware Config

Signatures

Detects Trigona ransomware 14 IoCs

resource	yara_rule
behavioral1/memory/1644-0-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-1-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-2-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-8-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-636-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-2244-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-2269-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-2289-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-2894-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-4884-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-11518-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-13148-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-13149-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona
behavioral1/memory/1644-14038-0x0000000000400000-0x00000000005CF000-memory.dmp	family_trigona

Trigona
A ransomware first seen at the beginning of the 2022.
ransomware trigona
Trigona family
trigona

Drops startup file 1 IoCs

description	ioc	Process
File created	\??\c:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Software\Microsoft\Windows\CurrentVersion\Run\BEADFFA4E91B51BAE87EF11F62DBD234 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe"	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe

Drops desktop.ini file(s) 11 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Microsoft Games\Chess\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Mahjong\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Purble Place\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-677481364-2238709445-1347953534-1000\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Solitaire\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-677481364-2238709445-1347953534-1000\desktop.ini	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Java\jre7\lib\zi\Asia\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\bs\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Mail\oeimport.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\DVD Maker\PipeTran.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Pacific\Saipan	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\bin\libxml2.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Asia\Pontianak	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\vlc.exe	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mr.txt	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Esl\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Etc\GMT-13	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Media Player\es-ES\wmpnscfg.exe.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\how_to_decrypt.hta	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll	41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe

C:\Users\Admin\AppData\Local\Temp\41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
"C:\Users\Admin\AppData\Local\Temp\41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-677481364-2238709445-1347953534-1000\desktop.ini

Filesize
2KB

MD5
d59a04aa320d4ce2eba9646272a7e87d

SHA1
330cff6596c052a075ee9c9d47b43c0cda065f15

SHA256
fb7f1d4185f12b425f2fb547ca8aaae1cdae3635ca237f0f8b80f891d019a1ec

SHA512
f56c79996045398e96f760170144bb348bd94e46690dd891300b2bb7ae462d0f04191415cbda4939f9f0c9a4fedc2fa6ca4fb9336c86975442ae6d078f453792

Download Submit
C:\$Recycle.Bin\S-1-5-21-677481364-2238709445-1347953534-1000\how_to_decrypt.hta

Filesize
12KB

MD5
be55aa9b4572492503c33bb87b1660c6

SHA1
5e7422aa319f53932b6cef43904ae0c86d7e75d9

SHA256
bdb8510ad982d41a4fcd88df18f2408ca2dfca7454d04f57d1062d159ed209be

SHA512
c6bfaac1aeb0f996f071aa498bdc6016a83b7d731c6d0358ada41258c41d2f47e390a6ff58e157d53767fe913fe9bc8d12e0d248dbdb9413bef4842d87f41ce7

Download Submit
memory/1644-2289-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-1-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-2-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-636-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-2244-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-2269-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-0-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-8-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-2894-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-4884-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-11518-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-13148-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-13149-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/1644-14038-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads