trigona | df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-02-2025 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
Size

1.7MB
MD5

9bce9dae679419198574f4c9837085db
SHA1

62a24f1ee057e936f3bf01749ecd7e3675d0f10d
SHA256

df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8
SHA512

9647610d36379a789ab45e21b1997eeff560058cf55374b0a404be9474becca566ec0dd97cbb49b8d54da811bb5fe1e4d2e3e6de9b8fd57825181d611019f467
SSDEEP

24576:6G5C8hr/Vz9ih9i38xVEL/QQPL6BH8kQqNgQ+uH6FqgtMok4+iL:I8hJz8eDsH8kQqNs86F1yU

Score

10^/10

trigona persistence ransomware spyware stealer

Malware Config

Signatures

Detects Trigona ransomware 14 IoCs

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-1-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-2-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-3-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-6-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-7-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-8-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-12-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-795-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-2047-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-2830-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-2953-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-6899-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona
behavioral1/memory/1740-10967-0x0000000000400000-0x00000000005D1000-memory.dmp	family_trigona

Trigona
A ransomware first seen at the beginning of the 2022.
ransomware trigona
Trigona family
trigona

Drops startup file 1 IoCs

description	ioc	Process
File created	\??\c:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\F307316998E300392820E9CCB9D7C62C = "C:\\Users\\Admin\\AppData\\Local\\Temp\\df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe"	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe

Drops desktop.ini file(s) 11 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Solitaire\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Chess\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Mahjong\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Purble Place\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\desktop.ini	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sr-spl.txt	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\DiagnosticsTap.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Europe\Oslo	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Microsoft Games\Chess\de-DE\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\OmdProject.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\XLSTART\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Europe\Lisbon	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\MST7MDT	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\mai\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\sw\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\how_to_decrypt.hta	df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe

C:\Users\Admin\AppData\Local\Temp\df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe
"C:\Users\Admin\AppData\Local\Temp\df9ef29e8789a798981a783fafbb85395a84e8733929b2c2290bcde263c2f3f8.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini

Filesize
2KB

MD5
e69784761b8e3e79d25503675ed824c1

SHA1
2991e04b52dd9b1e4cf3f7b9802d87856158b3f2

SHA256
11ce32cbff0b6b8f062ea888e421fae80f92769e6a41b3b1328a6e5f6ae30571

SHA512
8ff16dee1614d9f0f5b612da90a3280d5090e326f144de35a71103e829ea995b1cfb0e3c813cb065632c82000b2ee6c733b0a8af9cc07aa0640fd92e06562a04

Download Submit
C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\how_to_decrypt.hta

Filesize
12KB

MD5
44884cc83d53a05687fa94ddf63134d4

SHA1
0c8009318d89c7058685ed965dcf5c0ea29d8255

SHA256
f5f0dffe342557ec5b2c72e1ae86ddef52748fe86de5c40b4c69af7fc5c81ac2

SHA512
04f421aaf4d61fed6579a8821108794842b383eaf8cf4c1c98a06060d5ba7472cf752ac99bc1e20b25291a23d275650870b28b842d6651733d8470ec1d265edc

Download Submit
memory/1740-6-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-795-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-0-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-7-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-8-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-12-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-2-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-3-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-2047-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-1-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-2830-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-2953-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-6899-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/1740-10967-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads