IOC Report
autorun.inf

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.inf

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase

Memdumps

Base Address
Regiontype
Protect
Malicious
1A58A320000
heap
page read and write
1D3D1F9000
stack
page read and write
1A58A39F000
heap
page read and write
1A58BC83000
heap
page read and write
1A58A39F000
heap
page read and write
1A58A220000
heap
page read and write
1A58DC10000
trusted library allocation
page read and write
1A58A3CC000
heap
page read and write
1D3D67F000
stack
page read and write
1A58A350000
heap
page read and write
1A58A37A000
heap
page read and write
1A58E410000
heap
page read and write
1A58BBE0000
trusted library allocation
page read and write
1A58BC80000
heap
page read and write
1A58BCC0000
heap
page read and write
1A58A397000
heap
page read and write
1A58A3B9000
heap
page read and write
1A58A3A3000
heap
page read and write
1A58A39C000
heap
page read and write
1A58A3CC000
heap
page read and write
1A58A35D000
heap
page read and write
1D3D57E000
stack
page read and write
1A58A260000
heap
page read and write
1A58A3A3000
heap
page read and write
1A58A3B9000
heap
page read and write
1A58A140000
heap
page read and write
1A58BCC5000
heap
page read and write
1A58A3B8000
heap
page read and write
1A58BC00000
heap
page read and write
1A58A367000
heap
page read and write
1A58A328000
heap
page read and write
1A58BCCC000
heap
page read and write
1A58A330000
heap
page read and write
There are 23 hidden memdumps, click here to show them.