Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\update.bat" "
|
 |
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\update.bat" MY_FLAG
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe ana.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python ab.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe en.py
|
|
|
|
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
|
python.exe eni.py
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\taskkill.exe
|
taskkill /F /IM cmd.exe
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
237BFC00000
|
heap
|
page read and write
|
||
|
E204EFD000
|
stack
|
page read and write
|
||
|
224714E0000
|
heap
|
page read and write
|
||
|
96CB5FD000
|
stack
|
page read and write
|
||
|
E17F6FD000
|
stack
|
page read and write
|
||
|
237BDE6B000
|
heap
|
page read and write
|
||
|
96CB2FE000
|
stack
|
page read and write
|
||
|
224715C0000
|
heap
|
page read and write
|
||
|
22473602000
|
heap
|
page read and write
|
||
|
96CB0F8000
|
stack
|
page read and write
|
||
|
E17F1E7000
|
stack
|
page read and write
|
||
|
24B26060000
|
heap
|
page read and write
|
||
|
22471657000
|
heap
|
page read and write
|
||
|
E2051FC000
|
stack
|
page read and write
|
||
|
24B27E02000
|
heap
|
page read and write
|
||
|
237BDE02000
|
heap
|
page read and write
|
||
|
244A1402000
|
heap
|
page read and write
|
||
|
24B26013000
|
heap
|
page read and write
|
||
|
237BDE46000
|
heap
|
page read and write
|
||
|
2449F3D0000
|
heap
|
page read and write
|
||
|
22471702000
|
heap
|
page read and write
|
||
|
2449F310000
|
heap
|
page read and write
|
||
|
96CB1FE000
|
stack
|
page read and write
|
||
|
24B26049000
|
heap
|
page read and write
|
||
|
E204FFF000
|
stack
|
page read and write
|
||
|
22471645000
|
heap
|
page read and write
|
||
|
2247166B000
|
heap
|
page read and write
|
||
|
237BDDA0000
|
heap
|
page read and write
|
||
|
22471660000
|
heap
|
page read and write
|
||
|
22471613000
|
heap
|
page read and write
|
||
|
836F9FF000
|
stack
|
page read and write
|
||
|
22471602000
|
heap
|
page read and write
|
||
|
96CB4FE000
|
stack
|
page read and write
|
||
|
E2050FE000
|
stack
|
page read and write
|
||
|
2247164A000
|
heap
|
page read and write
|
||
|
237BDF02000
|
heap
|
page read and write
|
||
|
24B2602A000
|
heap
|
page read and write
|
||
|
2449F449000
|
heap
|
page read and write
|
||
|
E17F8FD000
|
stack
|
page read and write
|
||
|
E17F9FC000
|
stack
|
page read and write
|
||
|
237BDE00000
|
heap
|
page read and write
|
||
|
2449F502000
|
heap
|
page read and write
|
||
|
24B26102000
|
heap
|
page read and write
|
||
|
2449F340000
|
heap
|
page read and write
|
||
|
E204CFE000
|
stack
|
page read and write
|
||
|
2449F458000
|
heap
|
page read and write
|
||
|
836F8FD000
|
stack
|
page read and write
|
||
|
224714C0000
|
heap
|
page read and write
|
||
|
E17F7FF000
|
stack
|
page read and write
|
||
|
2247162A000
|
heap
|
page read and write
|
||
|
836FDFC000
|
stack
|
page read and write
|
||
|
2449F413000
|
heap
|
page read and write
|
||
|
237BDE5F000
|
heap
|
page read and write
|
||
|
2449F444000
|
heap
|
page read and write
|
||
|
237BFE02000
|
heap
|
page read and write
|
||
|
836FAFD000
|
stack
|
page read and write
|
||
|
96CB6FC000
|
stack
|
page read and write
|
||
|
2449F462000
|
heap
|
page read and write
|
||
|
24B26057000
|
heap
|
page read and write
|
||
|
836FBFE000
|
stack
|
page read and write
|
||
|
24B25F10000
|
heap
|
page read and write
|
||
|
24B25E30000
|
heap
|
page read and write
|
||
|
22471600000
|
heap
|
page read and write
|
||
|
E2049C7000
|
stack
|
page read and write
|
||
|
2449F46B000
|
heap
|
page read and write
|
||
|
24B26000000
|
heap
|
page read and write
|
||
|
836F5D7000
|
stack
|
page read and write
|
||
|
E204DFF000
|
stack
|
page read and write
|
||
|
237BDE57000
|
heap
|
page read and write
|
||
|
E17F5FF000
|
stack
|
page read and write
|
||
|
836FCFE000
|
stack
|
page read and write
|
||
|
24B2606B000
|
heap
|
page read and write
|
||
|
2449F402000
|
heap
|
page read and write
|
||
|
96CB3FD000
|
stack
|
page read and write
|
||
|
E17F4FF000
|
stack
|
page read and write
|
||
|
2449F42A000
|
heap
|
page read and write
|
||
|
237BDE4A000
|
heap
|
page read and write
|
||
|
237BDCC0000
|
heap
|
page read and write
|
||
|
237BDE13000
|
heap
|
page read and write
|
||
|
237BDCA0000
|
heap
|
page read and write
|
||
|
24B26002000
|
heap
|
page read and write
|
||
|
24B25FF0000
|
heap
|
page read and write
|
||
|
2449F400000
|
heap
|
page read and write
|
||
|
237BDE2A000
|
heap
|
page read and write
|
||
|
2449F330000
|
heap
|
page read and write
|
||
|
24B25E10000
|
heap
|
page read and write
|
||
|
22473420000
|
heap
|
page read and write
|
There are 77 hidden memdumps, click here to show them.