Skip to content

Commit

Permalink
Analyzer: if a process is created from a dropped file, capture (dump)…
Browse files Browse the repository at this point in the history 
… the file immediately
  • Loading branch information
@kevoreilly
kevoreilly committed Mar 11, 2024
1 parent 5c8e4e0 commit 4e89d74
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions analyzer/windows/analyzer.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1284,6 +1284,8 @@ def _handle_process(self, data):
interest = filepath
else:
interest = self.analyzer.config.target
if filepath.lower() in self.analyzer.files.files:
self.analyzer.files.delete_file(file_path, process_id)
is_64bit = proc.is_64bit()
filename = os.path.basename(filepath)
if self.analyzer.SERVICES_PID and process_id == self.analyzer.SERVICES_PID:
Expand Down

0 comments on commit 4e89d74

Please sign in to comment.