Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\update.bat" "
|
 |
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe ana.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe en.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe eni.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe on.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe ven.py
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\taskkill.exe
|
taskkill /F /IM cmd.exe
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
19782A02000
|
heap
|
page read and write
|
||
|
C47BBA7000
|
stack
|
page read and write
|
||
|
D0F0FF000
|
stack
|
page read and write
|
||
|
18A26C02000
|
heap
|
page read and write
|
||
|
5B67DFE000
|
stack
|
page read and write
|
||
|
18A26C5F000
|
heap
|
page read and write
|
||
|
19782A13000
|
heap
|
page read and write
|
||
|
B34D2F8000
|
stack
|
page read and write
|
||
|
D0F3FE000
|
stack
|
page read and write
|
||
|
2956C202000
|
heap
|
page read and write
|
||
|
2956A22A000
|
heap
|
page read and write
|
||
|
274CD602000
|
heap
|
page read and write
|
||
|
233A3A5F000
|
heap
|
page read and write
|
||
|
D0F4FE000
|
stack
|
page read and write
|
||
|
C47C2FD000
|
stack
|
page read and write
|
||
|
233A3A4B000
|
heap
|
page read and write
|
||
|
2956A1D0000
|
heap
|
page read and write
|
||
|
D305FFC000
|
stack
|
page read and write
|
||
|
19782B02000
|
heap
|
page read and write
|
||
|
233A3A6B000
|
heap
|
page read and write
|
||
|
B34D3FF000
|
stack
|
page read and write
|
||
|
2956A26B000
|
heap
|
page read and write
|
||
|
274CD702000
|
heap
|
page read and write
|
||
|
D305777000
|
stack
|
page read and write
|
||
|
19782870000
|
heap
|
page read and write
|
||
|
233A3A13000
|
heap
|
page read and write
|
||
|
2956A202000
|
heap
|
page read and write
|
||
|
2956A302000
|
heap
|
page read and write
|
||
|
18A26D02000
|
heap
|
page read and write
|
||
|
B34D4FD000
|
stack
|
page read and write
|
||
|
233A5A02000
|
heap
|
page read and write
|
||
|
233A3B02000
|
heap
|
page read and write
|
||
|
233A3A00000
|
heap
|
page read and write
|
||
|
C47C1FF000
|
stack
|
page read and write
|
||
|
B34D6FF000
|
stack
|
page read and write
|
||
|
2956A262000
|
heap
|
page read and write
|
||
|
18A26C4B000
|
heap
|
page read and write
|
||
|
18A26C00000
|
heap
|
page read and write
|
||
|
5B67EFE000
|
stack
|
page read and write
|
||
|
D305BFE000
|
stack
|
page read and write
|
||
|
233A3990000
|
heap
|
page read and write
|
||
|
5B680FF000
|
stack
|
page read and write
|
||
|
5B67CF7000
|
stack
|
page read and write
|
||
|
274CF602000
|
heap
|
page read and write
|
||
|
18A26C13000
|
heap
|
page read and write
|
||
|
19782A62000
|
heap
|
page read and write
|
||
|
19782890000
|
heap
|
page read and write
|
||
|
B34D8FC000
|
stack
|
page read and write
|
||
|
19782A6B000
|
heap
|
page read and write
|
||
|
233A58D0000
|
heap
|
page read and write
|
||
|
2956A24B000
|
heap
|
page read and write
|
||
|
197847D0000
|
heap
|
page read and write
|
||
|
233A3A56000
|
heap
|
page read and write
|
||
|
D305CFD000
|
stack
|
page read and write
|
||
|
19782A58000
|
heap
|
page read and write
|
||
|
18A26C2A000
|
heap
|
page read and write
|
||
|
274CD662000
|
heap
|
page read and write
|
||
|
274CD66B000
|
heap
|
page read and write
|
||
|
233A3A2A000
|
heap
|
page read and write
|
||
|
274CF500000
|
heap
|
page read and write
|
||
|
233A39A0000
|
heap
|
page read and write
|
||
|
233A3970000
|
heap
|
page read and write
|
||
|
274CD600000
|
heap
|
page read and write
|
||
|
274CD5C0000
|
heap
|
page read and write
|
||
|
233A3A69000
|
heap
|
page read and write
|
||
|
18A26BB0000
|
heap
|
page read and write
|
||
|
D305AFE000
|
stack
|
page read and write
|
||
|
5B681FE000
|
stack
|
page read and write
|
||
|
5B682FC000
|
stack
|
page read and write
|
||
|
2956A1C0000
|
heap
|
page read and write
|
||
|
19784802000
|
heap
|
page read and write
|
||
|
274CD5D0000
|
heap
|
page read and write
|
||
|
2956A200000
|
heap
|
page read and write
|
||
|
274CD64B000
|
heap
|
page read and write
|
||
|
D0F1FF000
|
stack
|
page read and write
|
||
|
274CD613000
|
heap
|
page read and write
|
||
|
18A28AE0000
|
heap
|
page read and write
|
||
|
18A26BA0000
|
heap
|
page read and write
|
||
|
19782A00000
|
heap
|
page read and write
|
||
|
D305EFE000
|
stack
|
page read and write
|
||
|
B34D7FD000
|
stack
|
page read and write
|
||
|
D305DFE000
|
stack
|
page read and write
|
||
|
19782970000
|
heap
|
page read and write
|
||
|
274CD5A0000
|
heap
|
page read and write
|
||
|
2956A1A0000
|
heap
|
page read and write
|
||
|
2956C100000
|
heap
|
page read and write
|
||
|
D0ED47000
|
stack
|
page read and write
|
||
|
18A26C56000
|
heap
|
page read and write
|
||
|
274CD656000
|
heap
|
page read and write
|
||
|
19782A4B000
|
heap
|
page read and write
|
||
|
5B67FFD000
|
stack
|
page read and write
|
||
|
2956A259000
|
heap
|
page read and write
|
||
|
274CD62A000
|
heap
|
page read and write
|
||
|
19782A2A000
|
heap
|
page read and write
|
||
|
233A3A46000
|
heap
|
page read and write
|
||
|
D0F2FD000
|
stack
|
page read and write
|
||
|
233A3A02000
|
heap
|
page read and write
|
||
|
B34D5FD000
|
stack
|
page read and write
|
||
|
2956A213000
|
heap
|
page read and write
|
||
|
18A28C02000
|
heap
|
page read and write
|
||
|
C47C0FD000
|
stack
|
page read and write
|
||
|
D0F5FC000
|
stack
|
page read and write
|
||
|
18A26C47000
|
heap
|
page read and write
|
||
|
274CD65F000
|
heap
|
page read and write
|
||
|
C47BFFE000
|
stack
|
page read and write
|
||
|
C47BEFE000
|
stack
|
page read and write
|
||
|
C47C3FC000
|
stack
|
page read and write
|
||
|
18A26B80000
|
heap
|
page read and write
|
There are 98 hidden memdumps, click here to show them.