remcos | 9ac9c3eacfb2636fb3c3042e846c8ac8ebcc24c554d24bd470103ee04fc5cab5

Analysis

max time kernel
1s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GH456790008799.js
Size

7KB
MD5

3ca57fa6153e34d4c3808179ac39c568
SHA1

3f1554b4e1799b4561035c9da8d4ce6dff404ac0
SHA256

9ac9c3eacfb2636fb3c3042e846c8ac8ebcc24c554d24bd470103ee04fc5cab5
SHA512

b7f1470a74d156c609bb25756a4c1858d14dc0ff9c713d4e889395db1d35e2c684e549b78bd906c3892f22f7b413af4cee0e24a562f3279a1ba888483dbfa079
SSDEEP

192:MqLFqhsp7kiTu3OJRnUMPJfcKleW7jG2REISY/R9lD2NyvKS+Cc3oAZf:MqQs7LCMRnbPJfcseW7jbEISulD0yKSu

Score

10^/10

remcos dollar rat

Malware Config

Extracted

Family

remcos

Botnet

DOLLAR

107.175.229.139:8087

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-UZXQ9B
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Blocklisted process makes network request 4 IoCs

flow	pid	Process
4	928	wscript.exe
7	928	wscript.exe
13	928	wscript.exe
21	928	wscript.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\GH456790008799.js
1⤵
- Blocklisted process makes network request
PID:928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\Trimpath.ps1"
  2⤵
  PID:768

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\Trimpath.ps1"
1⤵
PID:1352
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1836

\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
1⤵
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:3808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
    3⤵
    PID:3840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
    3⤵
    PID:4324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
    3⤵
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
    3⤵
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
    3⤵
    PID:4124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9532926272546723749,10028578201267173345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
    3⤵
    PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa8,0x108,0x7fff2af846f8,0x7fff2af84708,0x7fff2af84718
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2af846f8,0x7fff2af84708,0x7fff2af84718
1⤵
PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
35d5c9c7bd216f205ac9a8f1b640dccd

SHA1
730154db783ba2f15c2be0916acf604a2bb86710

SHA256
4abd35546f4f8333fb53de913583a18776078a52857b00519ac51a249b56aea5

SHA512
f5c9323488cbb8e3c3c9ddc3f24d9198b0f431e7cf5aa5dd9376cd87a5a30c6b02ee8f96423539433828ae978073e9cbd1e5f613f33fbd929d421945b48fc800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ecb5943f8191f3438e74dd39a070021

SHA1
f83bd91daa439ea61f0d211a2754d1d9f3104ca5

SHA256
7c3ae05eef88789128ec15720bd714416631ca058b301c8faddce6fa318dc216

SHA512
8694a1a2f55ffb7a7a86e8b4e5ad9e4d640bc444ab02620987e5374dbbf1b6f774a5f7cb00e10210a260949d4c7deb57efb5ea58669d1e8796d118820160ce72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb6c6c137e1191be49fecb4e5f1debe7

SHA1
c781abbae2467bd8f06083d6a4a450e6eb84346b

SHA256
1d4d8a279818b9db439ea6b2e92c9fe546956f7a80b827a3c08d9826ee152272

SHA512
4f366dd4affbd3004a84793e8dc035949594ae01cd852cc15d99112f96b86fd19a5460fd0696583f7b9cc05800c340cffa090c021835a8b9cd99a1e7fa1160b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9b8d66031874c821bb44f4d8ff1151f

SHA1
76e042f527496bc115df2dceae78c241aa9d5fda

SHA256
c4d0764095dd9d6cb37bccf89552cdbae3d4750d1be91b3715cb2afaef48424f

SHA512
257f776baedf1bdcd6788e34e1ce2cc3c18d2714e309c5aadc7876201169620416cf38f342097a64db2381b4d30ee82ea920e17ff915165c1bdb891102a52530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e60f512dce309d8cb257ed4131df17e6

SHA1
d02891e0df57373e5dfd5ff9ef1a3bdb14ac1e96

SHA256
9e65368f009d17748b241314bc15c6b1879a10ae7b584bd899051620d7e26977

SHA512
063134f6cb22dc8828b33e1ca6288bd81045f9ede5cb35b461237314bfb884d344fde1842eb1e07d61fc3033f51bdbc4454d2ac25a5ca7e257dcebdab2bf0ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57befa.TMP

Filesize
369B

MD5
e2a5d07d2eb1775eb6bc0e837dd81868

SHA1
ff39e75618a47d9f498766780a1c9f1b01ed6fc4

SHA256
0086030c641d4de5cbe9f3b39c4aabbfc94a588ed98c160137e42935bfe177a3

SHA512
68113ef891e2fec0ed89ea8cb3aa43d91b98405e3fe1067de86c7296729cfe91de95796e287c2d465502e8026607108282b5f0fae10b773b0695ce8510ef2e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33398329bb220ad3c7464ea673488fe0

SHA1
ea9fd6748b0dfd0e6983b0b85966f43ac2a36ca0

SHA256
7f37f07411d563c4be020743fa5d51903fa949261d32f13321d87d8c054f10f4

SHA512
b83c6a29505027479b35c04e00343d62d9d5a730d07f2ee87674c794b647a85a9f006bcca9db2987b742270f85c19859e18f7af559ae4652fe7684d4e8f8cc6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Trimpath.ps1

Filesize
129KB

MD5
3c5c4555e50754defdd441305860a8ce

SHA1
d956765d09dc36380c9e4667e42f3f5b5d363d52

SHA256
760030bac2f71513dee046c186bda0da9c10cfdcd8a54c80e65a60bdb0608a7b

SHA512
892d271f413b3443138aa1268a4609deba66b404c12ce3adf484edebe56e8864a94fd140f998683feeb5452d2fddb7805cbf3dc756432d51deaf5142163f8f9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s3svbvsc.l4p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/428-36-0x0000000000700000-0x0000000000740000-memory.dmp

Filesize
256KB

Download
memory/1352-25-0x000001E9F46D0000-0x000001E9F46E0000-memory.dmp

Filesize
64KB

Download
memory/1352-24-0x000001E9FF4B0000-0x000001E9FF6AC000-memory.dmp

Filesize
2.0MB

Download
memory/1352-27-0x000001E9F4D40000-0x000001E9F4D50000-memory.dmp

Filesize
64KB

Download
memory/1352-15-0x000001E9F6E30000-0x000001E9F6E52000-memory.dmp

Filesize
136KB

Download
memory/1352-26-0x000001E9F4720000-0x000001E9F4728000-memory.dmp

Filesize
32KB

Download
memory/1352-33-0x00007FFF1AA70000-0x00007FFF1B531000-memory.dmp

Filesize
10.8MB

Download
memory/1352-22-0x000001E9F4D40000-0x000001E9F4D50000-memory.dmp

Filesize
64KB

Download
memory/1352-21-0x000001E9F4D40000-0x000001E9F4D50000-memory.dmp

Filesize
64KB

Download
memory/1352-20-0x00007FFF1AA70000-0x00007FFF1B531000-memory.dmp

Filesize
10.8MB

Download
memory/1352-28-0x000001E9F4D40000-0x000001E9F4D50000-memory.dmp

Filesize
64KB

Download
memory/1836-32-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1836-37-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1836-35-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1836-34-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1836-29-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads