Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
FSJs1TlAyf.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
||
\Device\ConDrv
|
JSON data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\FSJs1TlAyf.exe
|
"C:\Users\user\Desktop\FSJs1TlAyf.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7FF715201000
|
unkown
|
page execute read
|
||
7FF71524D000
|
unkown
|
page readonly
|
||
1AC10084000
|
heap
|
page read and write
|
||
1AC10000000
|
heap
|
page read and write
|
||
7FF71523C000
|
unkown
|
page write copy
|
||
1AC10020000
|
heap
|
page read and write
|
||
347C7CF000
|
stack
|
page read and write
|
||
347C3E6000
|
stack
|
page read and write
|
||
7FF715200000
|
unkown
|
page readonly
|
||
7FF71524B000
|
unkown
|
page read and write
|
||
7FF71524D000
|
unkown
|
page readonly
|
||
7FF71522A000
|
unkown
|
page readonly
|
||
1AC10070000
|
heap
|
page read and write
|
||
347C3EC000
|
stack
|
page read and write
|
||
1AC10078000
|
heap
|
page read and write
|
||
1AC10040000
|
heap
|
page read and write
|
||
1AC10010000
|
heap
|
page readonly
|
||
1AC102E0000
|
heap
|
page read and write
|
||
7FF71523C000
|
unkown
|
page read and write
|
||
7FF715201000
|
unkown
|
page execute read
|
||
7FF715200000
|
unkown
|
page readonly
|
||
347C5DF000
|
stack
|
page read and write
|
||
7FF71522A000
|
unkown
|
page readonly
|
There are 13 hidden memdumps, click here to show them.