Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Report.txt
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E9653FE000
|
stack
|
page read and write
|
||
|
28748699000
|
heap
|
page read and write
|
||
|
28749F10000
|
heap
|
page read and write
|
||
|
28748696000
|
heap
|
page read and write
|
||
|
2874A000000
|
trusted library allocation
|
page read and write
|
||
|
28748550000
|
heap
|
page read and write
|
||
|
E9654FE000
|
stack
|
page read and write
|
||
|
28748699000
|
heap
|
page read and write
|
||
|
28749F6C000
|
heap
|
page read and write
|
||
|
28748660000
|
heap
|
page read and write
|
||
|
2874869A000
|
heap
|
page read and write
|
||
|
2874A070000
|
heap
|
page read and write
|
||
|
28748630000
|
heap
|
page read and write
|
||
|
28749F65000
|
heap
|
page read and write
|
||
|
28748668000
|
heap
|
page read and write
|
||
|
E965278000
|
stack
|
page read and write
|
||
|
2874A020000
|
heap
|
page read and write
|
||
|
287486B6000
|
heap
|
page read and write
|
||
|
2874C7C0000
|
heap
|
page read and write
|
||
|
28748690000
|
heap
|
page read and write
|
||
|
287486EA000
|
heap
|
page read and write
|
||
|
2874BFC0000
|
trusted library allocation
|
page read and write
|
||
|
2874A073000
|
heap
|
page read and write
|
||
|
28749F60000
|
heap
|
page read and write
|
||
|
287486BA000
|
heap
|
page read and write
|
There are 15 hidden memdumps, click here to show them.