IOC Report
NFC.bat

loading gifProcessesMemdumps8642010010Label

Processes

Path
Cmdline
Malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\NFC.bat" "
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\NFC.bat" MY_FLAG
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe 11xell.py
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe anatat.py
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe axeter.py
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe asyapes.py
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe astrfos.py
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe vlc44.py
malicious
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
python.exe xwcome.py
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 1 hidden processes, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
1CEC8049000
heap
page read and write
1AE77802000
heap
page read and write
1F5EEE2B000
heap
page read and write
56ABFFE000
stack
page read and write
8A23CFE000
stack
page read and write
56AC3FE000
stack
page read and write
1AE75902000
heap
page read and write
1FB16002000
heap
page read and write
632DFC000
stack
page read and write
92D46FE000
stack
page read and write
1FB15FC0000
heap
page read and write
1F5EEE13000
heap
page read and write
1CEC8002000
heap
page read and write
1CEC7E30000
heap
page read and write
1F5EEE65000
heap
page read and write
210A3C58000
heap
page read and write
1CEC8000000
heap
page read and write
1F5EEF02000
heap
page read and write
1FB1603D000
heap
page read and write
5305DFE000
stack
page read and write
21EA6C40000
heap
page read and write
6329FE000
stack
page read and write
210A3AB0000
heap
page read and write
8A23AFD000
stack
page read and write
1AE7582B000
heap
page read and write
3910FD000
stack
page read and write
1FB18002000
heap
page read and write
210A3C5F000
heap
page read and write
1AE77630000
heap
page read and write
1AE756D0000
heap
page read and write
1FB16057000
heap
page read and write
1AE7584A000
heap
page read and write
210A3C69000
heap
page read and write
21EA6E57000
heap
page read and write
DB214FE000
stack
page read and write
1F5EEE4A000
heap
page read and write
210A3C2B000
heap
page read and write
1CEC7E10000
heap
page read and write
56ABEF7000
stack
page read and write
2A43A213000
heap
page read and write
210A3C13000
heap
page read and write
21EA8B80000
heap
page read and write
1F5EED30000
heap
page read and write
92D47FE000
stack
page read and write
210A3C00000
heap
page read and write
21EA6C20000
heap
page read and write
210A3D02000
heap
page read and write
21EA6F02000
heap
page read and write
8A238FD000
stack
page read and write
21EA6E49000
heap
page read and write
21EA6E2B000
heap
page read and write
2A43A22B000
heap
page read and write
1F5EEE6A000
heap
page read and write
632CFE000
stack
page read and write
1FB16060000
heap
page read and write
92D49FF000
stack
page read and write
2A43C202000
heap
page read and write
210A5A10000
heap
page read and write
1CEC8060000
heap
page read and write
21EA8C02000
heap
page read and write
632AFD000
stack
page read and write
2A43A1C0000
heap
page read and write
56AC1FD000
stack
page read and write
2A43A200000
heap
page read and write
1AE75802000
heap
page read and write
8A23527000
stack
page read and write
DB215FF000
stack
page read and write
1FB16013000
heap
page read and write
1FB15FF0000
heap
page read and write
1F5EEC30000
heap
page read and write
210A3BB0000
heap
page read and write
92D4AFD000
stack
page read and write
390EFD000
stack
page read and write
1FB1602B000
heap
page read and write
632BFF000
stack
page read and write
8A23BFE000
stack
page read and write
390997000
stack
page read and write
1F5EEE5B000
heap
page read and write
5305BFD000
stack
page read and write
1CEC7FF0000
heap
page read and write
92D48FD000
stack
page read and write
210A5C02000
heap
page read and write
1CEC802B000
heap
page read and write
390FFF000
stack
page read and write
3911FC000
stack
page read and write
21EA6D20000
heap
page read and write
210A3C4A000
heap
page read and write
53059FF000
stack
page read and write
1F5EEE02000
heap
page read and write
DB216FD000
stack
page read and write
DB211D8000
stack
page read and write
6328FE000
stack
page read and write
56AC4FC000
stack
page read and write
5305AFF000
stack
page read and write
1FB16049000
heap
page read and write
2A43A0E0000
heap
page read and write
1CEC8057000
heap
page read and write
21EA6E13000
heap
page read and write
5305CFF000
stack
page read and write
1CEC8013000
heap
page read and write
53058F7000
stack
page read and write
DB219FC000
stack
page read and write
1FB16000000
heap
page read and write
92D4387000
stack
page read and write
210A3AD0000
heap
page read and write
1AE75800000
heap
page read and write
2A43A262000
heap
page read and write
1AE757D0000
heap
page read and write
1FB15FE0000
heap
page read and write
1F5F0B90000
heap
page read and write
1AE7586A000
heap
page read and write
56AC2FF000
stack
page read and write
5305EFC000
stack
page read and write
2A43A202000
heap
page read and write
1AE756F0000
heap
page read and write
390CFE000
stack
page read and write
2A43A259000
heap
page read and write
DB217FF000
stack
page read and write
21EA6E60000
heap
page read and write
8A239FF000
stack
page read and write
1F5EEE00000
heap
page read and write
1AE75857000
heap
page read and write
2A43A302000
heap
page read and write
2A43C020000
heap
page read and write
210A3C02000
heap
page read and write
1AE75860000
heap
page read and write
1FB17F20000
heap
page read and write
1CEC8102000
heap
page read and write
56AC0FE000
stack
page read and write
1F5EEC50000
heap
page read and write
1AE75813000
heap
page read and write
21EA6E02000
heap
page read and write
92D4BFC000
stack
page read and write
1F5F0C02000
heap
page read and write
1AE7583D000
heap
page read and write
DB218FD000
stack
page read and write
632597000
stack
page read and write
1CEC7F10000
heap
page read and write
1AE75862000
heap
page read and write
1FB16102000
heap
page read and write
2A43A26A000
heap
page read and write
2A43A249000
heap
page read and write
8A23DFC000
stack
page read and write
21EA6E00000
heap
page read and write
2A43A0C0000
heap
page read and write
1CEC9E02000
heap
page read and write
390DFF000
stack
page read and write
There are 137 hidden memdumps, click here to show them.