remcos | aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
Size

1000KB
MD5

4cb03ed07925c43468569974c41b9325
SHA1

523e9b075323ae50036bf19b7f2e9615f97100d4
SHA256

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9
SHA512

547fde8610379ee2e7ebeca76a711b5adb6c696abb9deaace5e4ea225e40d37fa437bb563dbd9bc81a2053676d2fb2ae43e4270d695f5d9d0a7d8ebee23f9ba3
SSDEEP

24576:0o5K55ee/YuX1Gx7MH7V9mu/0ilqWe7LpjCSAv:V5qauX1s7Mh4u/0ilq7LXAv

Score

10^/10

remcos buddy rat

Malware Config

Extracted

Family

remcos

Botnet

BUDDY

192.210.201.57:52499

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-LMLI87
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 64 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4760-11-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-13-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-14-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-16-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-18-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-19-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-20-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-21-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-22-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-24-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-25-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-27-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-28-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-29-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-31-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-32-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-33-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-35-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-36-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-37-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-39-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-40-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-41-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-42-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-44-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-45-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-47-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-48-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-49-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-51-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-52-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-53-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-55-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-56-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-58-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-59-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-60-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-62-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-63-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-64-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-66-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-67-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-69-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-70-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-71-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-73-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-74-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-75-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-78-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-80-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-81-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-82-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-84-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-85-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-87-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-88-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-89-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-91-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-92-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-93-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-95-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-96-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-98-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
behavioral2/memory/4760-99-0x0000000000400000-0x0000000000482000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Detects executables packed with SmartAssembly 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1012-9-0x0000000004520000-0x000000000452C000-memory.dmp	INDICATOR_EXE_Packed_SmartAssembly

Suspicious use of SetThreadContext 1 IoCs

Processes:

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

description	pid	process	target process
PID 1012 set thread context of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

pid	process
1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

description pid process

Token: SeDebugPrivilege 1012 aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

pid process

4760 aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

description	pid	process
Token: SeDebugPrivilege	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

pid	process
4760	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

C:\Users\Admin\AppData\Local\Temp\aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
"C:\Users\Admin\AppData\Local\Temp\aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1012

C:\Users\Admin\AppData\Local\Temp\aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
"C:\Users\Admin\AppData\Local\Temp\aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe"
2⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
"C:\Users\Admin\AppData\Local\Temp\aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\remcos\logs.dat
Filesize
144B

MD5
01c390038d97fcbae8a8fbc8ba7debbd

SHA1
ecd436b68928b47cefeaf120d91548cef249b475

SHA256
dd4737dc7672b85d601e34acf8662af4a8cf0eb6edf05a8cea2614f50ae1b24e

SHA512
0f593ce2e7345c7f2a1a3725775a4f3beda535a43bcb8c67b14f80d9a4db7b48904bb2dc3696411033a529c40e794557278c9002ed184019389422c3232ec243

Download Submit
memory/1012-0-0x0000000000050000-0x000000000014C000-memory.dmp

Filesize
1008KB

Download
memory/1012-1-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/1012-2-0x0000000005170000-0x0000000005714000-memory.dmp

Filesize
5.6MB

Download
memory/1012-3-0x0000000004BC0000-0x0000000004C52000-memory.dmp

Filesize
584KB

Download
memory/1012-4-0x0000000004E00000-0x0000000004E10000-memory.dmp

Filesize
64KB

Download
memory/1012-5-0x0000000004B50000-0x0000000004B5A000-memory.dmp

Filesize
40KB

Download
memory/1012-6-0x0000000004E10000-0x0000000004EAC000-memory.dmp

Filesize
624KB

Download
memory/1012-7-0x0000000004B70000-0x0000000004B8C000-memory.dmp

Filesize
112KB

Download
memory/1012-8-0x0000000004B90000-0x0000000004B98000-memory.dmp

Filesize
32KB

Download
memory/1012-9-0x0000000004520000-0x000000000452C000-memory.dmp

Filesize
48KB

Download
memory/1012-10-0x0000000005C30000-0x0000000005CF0000-memory.dmp

Filesize
768KB

Download
memory/1012-15-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/4760-11-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-13-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-14-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-16-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-18-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-19-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-20-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-21-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-22-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-24-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-25-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-27-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-28-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-29-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-31-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-32-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-33-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-35-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-36-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-37-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-39-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-40-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-41-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-42-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-44-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-45-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-47-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-48-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-49-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-51-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-52-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-53-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-55-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-56-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-58-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-59-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-60-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-62-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-63-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-64-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-66-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-67-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-69-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-70-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-71-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-73-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-74-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-75-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-78-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-80-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-81-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-82-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-84-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-85-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-87-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-88-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-89-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-91-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-92-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-93-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-95-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-96-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-98-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/4760-99-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download

description	pid	process	target process
PID 1012 wrote to memory of 4512	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4512	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4512	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
PID 1012 wrote to memory of 4760	1012	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe	aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe