f4b983da8902dee6193aafe41f67d612aa468f9e843dbde0aa619aec79fbf81d

Analysis

max time kernel
39s
max time network
37s
platform
windows10_x64
resource
win10v20210410
submitted
08-07-2021 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PopScript 2.0.exe
Size

7.2MB
MD5

915472f197f0079b56e01c9bdde40a8b
SHA1

4925c1186fc708d0afc0775d4e1d27890736952b
SHA256

f4b983da8902dee6193aafe41f67d612aa468f9e843dbde0aa619aec79fbf81d
SHA512

13660a804d6d63aaf98e2ae88379e828cf9f6ecf957f5f07392a053f3496c8cae55b0be1ddada0e993c65fbeaa61b3d3fe38a655f9082ea5e73e4b20a857080c

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 12 IoCs

Processes:

PopScript 2.0.exe

pid	process
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe
1364	PopScript 2.0.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PopScript 2.0.exe

description pid process

Token: 35 1364 PopScript 2.0.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

PopScript 2.0.exeLogonUI.exe

pid process

1364 PopScript 2.0.exe
3972 LogonUI.exe
3972 LogonUI.exe

description	pid	process
Token: 35	1364	PopScript 2.0.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

PopScript 2.0.exePopScript 2.0.exe

description	pid	process	target process
PID 3212 wrote to memory of 1364	3212	PopScript 2.0.exe	PopScript 2.0.exe
PID 3212 wrote to memory of 1364	3212	PopScript 2.0.exe	PopScript 2.0.exe
PID 1364 wrote to memory of 3968	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3968	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 1592	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 1592	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2736	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2736	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2628	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2628	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3776	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3776	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3036	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3036	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2472	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2472	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2504	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 2504	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3508	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3508	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3980	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 3980	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 1220	1364	PopScript 2.0.exe	cmd.exe
PID 1364 wrote to memory of 1220	1364	PopScript 2.0.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\PopScript 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\PopScript 2.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3212

C:\Users\Admin\AppData\Local\Temp\PopScript 2.0.exe
"C:\Users\Admin\AppData\Local\Temp\PopScript 2.0.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3968

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:1592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2472

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:2504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:3980

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
3⤵
PID:1220

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3acf855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI32122\PIL\_imaging.cp37-win_amd64.pyd
MD5
70398840c51be1f97b011b0d5f6116e2

SHA1
bb303242a812444e14900724574f115601820b9b

SHA256
ca0adeb0602b3574b93f17a2c2d7c0c0046ea26a46ee8046149ec2bf2ad80ef2

SHA512
968d7a8075c09b5969044fd6258aa81a7f00cd901a172c8cbd45147621c8902f787a5eba6c6f8a010aa4db8bc211db769c94d71edb8b3c12907180859ed8bac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\VCRUNTIME140.dll
MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\_bz2.pyd
MD5
cde853b48405adc6bb2009553951cf4b

SHA1
1cd5ecb2a7c4ded3663b497bfe9b190e7304135e

SHA256
9f3b2a39dd67f9c328dd0e021cae0fb9e60e78f451fc4071a529fde00db0c243

SHA512
7448f6f63a83018c64b69a5f0535aac4287ca838fb122101d02449c34120db3047b967202068fdec60939c28317cfeb5cd7ac8a7732eea84e9358689ee777cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\_ctypes.pyd
MD5
641d8943fcd41d422376226e43964d83

SHA1
cdba4e34a82e710410a2bf837fe69a5be248988b

SHA256
6f46a4c9a31b4c7ee32fac923c5729fd7060d55388af183e0f25b7b3cd7fa9e2

SHA512
1f033fbbd97e2c246f7105269a2ddaef72a22732b0a012e5a192cea8b6fd521956353fb79404c4b25f7b1c3a86042e48b7cace69b1d156e8611ba84b6ddefdf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\_hashlib.pyd
MD5
d2cd47354de38cc1edf86040e9661e6c

SHA1
d228f223f2a26faf39fa9dae0d311bfd95ef17be

SHA256
85c2fb612e92eb687dfa6ec0a65bbddccb7b49de507b093744587af07c575116

SHA512
f221c5afd0cd71754f97b5554275bd059233e12c2e96513639dea353c2644ec2b3da3ff9773878c793e9fa10239581fddde41f543a080ad5fc0afda7ba130061

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\_lzma.pyd
MD5
a550f17aed5a5e6660fbfa406590af43

SHA1
e23db31a9eadc90e9c5a1c8a3e55cc7aa677ff35

SHA256
2d3acac7982b190333b16bfc4a1f5ccfc24f50b16994001aee6e32a22df8292a

SHA512
40264569e3d73347e2a6148a6f9cc82896711ad5874d2b0bcdc3d33f59d96b22ca477fb083f44b7c753cfb11f8c511c9f475aa7d89a25e6f153bc2be7e7a7a3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\_queue.pyd
MD5
d8c551b3236fcbf8eddcec60d120cb37

SHA1
6daa6c0a870644710fc0ae43b24f91b31a1bc163

SHA256
bc63eb39366f7de378e2dfebc8ba8a1f574cfa6c90c642b282f60c2d79c0e320

SHA512
1a9245f44dc9c2f3d6e86e1c5650af10810d8ef9732c3304879dd1aac9ddf8bd132af1d4f870b713f3a9df618ef0ab12981d02a7012717ee2e9473f6dd64e051

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\_socket.pyd
MD5
d01862e4afe155cd62e69935e739ee51

SHA1
ffa93f260bc82fd33fb3be0d958bf6262537a773

SHA256
9506ef21605d443f1927089eacf0cd6c138bd88dcaef99cbe58960346113b67a

SHA512
3d22dae047d285126c7d527bcafb34c022c6f4d916b7200be7b2154265a7acbd73ab862f6263f531d1f9cb9ff90dcad432fd9bbad59fb847383be21e57c354a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\base_library.zip
MD5
643f88c415c8c2b86b7082cd99fb8aad

SHA1
ecc3cb8cb16ebf360d8bb2a0204bbce7909b01ba

SHA256
4ddab04e1c7d4e39f9572847102ce140daf3d80093708f19419d4cfd1cb91388

SHA512
64f9c7873e18970fb1985e128c95acc1ff14890ce3ad486753e4fdb7922c4e94230d3c4fb5966e971d2f08f1db7b90dd21daf2a8904b879f9c2ab12a2cd3ff63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\libcrypto-1_1.dll
MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\macrav.exe.manifest
MD5
1f172e495f4432224350e545724edcf0

SHA1
b919d361cb8628ab2037b9af16b40546fd1ab79b

SHA256
7679b8ef57111f5b400abe80ebef118161fecfebfcfe56090d2973b5c3dfd399

SHA512
4a185b04eb445b2c10fd4345a755dfba95f8d1ae28be9326327a9ab9aad745ca6c183a20dce275151cf06d6653a157f542cdaee2134f7e397e3460a6c76ff1b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\python37.dll
MD5
f8f12175880677bd010def8ba14208da

SHA1
889e23b96d78135dc3294c84ab900b91fa9f7a0c

SHA256
08686f0e6e3c54d455d4a4801d5deccadedbafd1e010b3d18ade81180853db27

SHA512
7792f4a2005c2721b3fa848e2703bfb380670d6bd108599c5a98299f09197b44fb44adbb59da9c55bf064bb3c083a07fd82acdf29b7a09da07981c964eb11304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\select.pyd
MD5
b394f7551ffd3f97386e48a71f99a702

SHA1
3edf2989b7985903a4987034fea468c38c3198c9

SHA256
f219279eea9b8ec9e017fd59200c0aa49fa99e83eea18316fc1b3c8381e49f3f

SHA512
890fe0b477ebc1d9d25a94ff3db1bf7b0c4eb6d34114e7416f88d7ed085a0bc65ff34e3c7c75db773d54a17fed0bf09825be68bfeae16ebae179c35440941641

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI32122\winsound.pyd
MD5
c170130d76bf36d5482e63b6df55429c

SHA1
2ad8491b1c09162912c1ad4614c1b03c7a7983f7

SHA256
8f8d6f8482ce6f89384ed82cea30023d2283468b872830c31a120986e0ac3460

SHA512
eeaa81db5dd14f058f0bc304c4e22a7c761e80742bc7ac62ec4b73f3af7022c5157473108eb82c0dd4d2a3925f143ad7c4dfee11f8a28ec0dae62001cc8bd2b0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\PIL\_imaging.cp37-win_amd64.pyd
MD5
70398840c51be1f97b011b0d5f6116e2

SHA1
bb303242a812444e14900724574f115601820b9b

SHA256
ca0adeb0602b3574b93f17a2c2d7c0c0046ea26a46ee8046149ec2bf2ad80ef2

SHA512
968d7a8075c09b5969044fd6258aa81a7f00cd901a172c8cbd45147621c8902f787a5eba6c6f8a010aa4db8bc211db769c94d71edb8b3c12907180859ed8bac0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\VCRUNTIME140.dll
MD5
0e675d4a7a5b7ccd69013386793f68eb

SHA1
6e5821ddd8fea6681bda4448816f39984a33596b

SHA256
bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1

SHA512
cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\_bz2.pyd
MD5
cde853b48405adc6bb2009553951cf4b

SHA1
1cd5ecb2a7c4ded3663b497bfe9b190e7304135e

SHA256
9f3b2a39dd67f9c328dd0e021cae0fb9e60e78f451fc4071a529fde00db0c243

SHA512
7448f6f63a83018c64b69a5f0535aac4287ca838fb122101d02449c34120db3047b967202068fdec60939c28317cfeb5cd7ac8a7732eea84e9358689ee777cd4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\_ctypes.pyd
MD5
641d8943fcd41d422376226e43964d83

SHA1
cdba4e34a82e710410a2bf837fe69a5be248988b

SHA256
6f46a4c9a31b4c7ee32fac923c5729fd7060d55388af183e0f25b7b3cd7fa9e2

SHA512
1f033fbbd97e2c246f7105269a2ddaef72a22732b0a012e5a192cea8b6fd521956353fb79404c4b25f7b1c3a86042e48b7cace69b1d156e8611ba84b6ddefdf2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\_hashlib.pyd
MD5
d2cd47354de38cc1edf86040e9661e6c

SHA1
d228f223f2a26faf39fa9dae0d311bfd95ef17be

SHA256
85c2fb612e92eb687dfa6ec0a65bbddccb7b49de507b093744587af07c575116

SHA512
f221c5afd0cd71754f97b5554275bd059233e12c2e96513639dea353c2644ec2b3da3ff9773878c793e9fa10239581fddde41f543a080ad5fc0afda7ba130061

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\_lzma.pyd
MD5
a550f17aed5a5e6660fbfa406590af43

SHA1
e23db31a9eadc90e9c5a1c8a3e55cc7aa677ff35

SHA256
2d3acac7982b190333b16bfc4a1f5ccfc24f50b16994001aee6e32a22df8292a

SHA512
40264569e3d73347e2a6148a6f9cc82896711ad5874d2b0bcdc3d33f59d96b22ca477fb083f44b7c753cfb11f8c511c9f475aa7d89a25e6f153bc2be7e7a7a3a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\_queue.pyd
MD5
d8c551b3236fcbf8eddcec60d120cb37

SHA1
6daa6c0a870644710fc0ae43b24f91b31a1bc163

SHA256
bc63eb39366f7de378e2dfebc8ba8a1f574cfa6c90c642b282f60c2d79c0e320

SHA512
1a9245f44dc9c2f3d6e86e1c5650af10810d8ef9732c3304879dd1aac9ddf8bd132af1d4f870b713f3a9df618ef0ab12981d02a7012717ee2e9473f6dd64e051

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\_socket.pyd
MD5
d01862e4afe155cd62e69935e739ee51

SHA1
ffa93f260bc82fd33fb3be0d958bf6262537a773

SHA256
9506ef21605d443f1927089eacf0cd6c138bd88dcaef99cbe58960346113b67a

SHA512
3d22dae047d285126c7d527bcafb34c022c6f4d916b7200be7b2154265a7acbd73ab862f6263f531d1f9cb9ff90dcad432fd9bbad59fb847383be21e57c354a9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\libcrypto-1_1.dll
MD5
bf83f8ad60cb9db462ce62c73208a30d

SHA1
f1bc7dbc1e5b00426a51878719196d78981674c4

SHA256
012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d

SHA512
ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\python37.dll
MD5
f8f12175880677bd010def8ba14208da

SHA1
889e23b96d78135dc3294c84ab900b91fa9f7a0c

SHA256
08686f0e6e3c54d455d4a4801d5deccadedbafd1e010b3d18ade81180853db27

SHA512
7792f4a2005c2721b3fa848e2703bfb380670d6bd108599c5a98299f09197b44fb44adbb59da9c55bf064bb3c083a07fd82acdf29b7a09da07981c964eb11304

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\select.pyd
MD5
b394f7551ffd3f97386e48a71f99a702

SHA1
3edf2989b7985903a4987034fea468c38c3198c9

SHA256
f219279eea9b8ec9e017fd59200c0aa49fa99e83eea18316fc1b3c8381e49f3f

SHA512
890fe0b477ebc1d9d25a94ff3db1bf7b0c4eb6d34114e7416f88d7ed085a0bc65ff34e3c7c75db773d54a17fed0bf09825be68bfeae16ebae179c35440941641

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI32122\winsound.pyd
MD5
c170130d76bf36d5482e63b6df55429c

SHA1
2ad8491b1c09162912c1ad4614c1b03c7a7983f7

SHA256
8f8d6f8482ce6f89384ed82cea30023d2283468b872830c31a120986e0ac3460

SHA512
eeaa81db5dd14f058f0bc304c4e22a7c761e80742bc7ac62ec4b73f3af7022c5157473108eb82c0dd4d2a3925f143ad7c4dfee11f8a28ec0dae62001cc8bd2b0

Download Submit
memory/1220-152-0x0000000000000000-mapping.dmp

Download
memory/1364-143-0x000001EFD72F0000-0x000001EFD72F1000-memory.dmp

Filesize
4KB

Download
memory/1364-114-0x0000000000000000-mapping.dmp

Download
memory/1592-142-0x0000000000000000-mapping.dmp

Download
memory/2472-148-0x0000000000000000-mapping.dmp

Download
memory/2504-149-0x0000000000000000-mapping.dmp

Download
memory/2628-145-0x0000000000000000-mapping.dmp

Download
memory/2736-144-0x0000000000000000-mapping.dmp

Download
memory/3036-147-0x0000000000000000-mapping.dmp

Download
memory/3508-150-0x0000000000000000-mapping.dmp

Download
memory/3776-146-0x0000000000000000-mapping.dmp

Download
memory/3968-141-0x0000000000000000-mapping.dmp

Download
memory/3980-151-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads