Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\20240416-703661.txt
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F59E174000
|
heap
|
page read and write
|
||
|
2F59C24F000
|
heap
|
page read and write
|
||
|
2F59C218000
|
heap
|
page read and write
|
||
|
2F59C211000
|
heap
|
page read and write
|
||
|
2F59DDC3000
|
heap
|
page read and write
|
||
|
2F59DBF0000
|
heap
|
page read and write
|
||
|
2F59C214000
|
heap
|
page read and write
|
||
|
2F5A0320000
|
heap
|
page read and write
|
||
|
2F59C252000
|
heap
|
page read and write
|
||
|
F9345FE000
|
stack
|
page read and write
|
||
|
2F59C218000
|
heap
|
page read and write
|
||
|
2F59E110000
|
heap
|
page read and write
|
||
|
2F59C212000
|
heap
|
page read and write
|
||
|
2F59C207000
|
heap
|
page read and write
|
||
|
2F59DBF5000
|
heap
|
page read and write
|
||
|
2F59C25B000
|
heap
|
page read and write
|
||
|
2F59C215000
|
heap
|
page read and write
|
||
|
2F59C212000
|
heap
|
page read and write
|
||
|
2F59C208000
|
heap
|
page read and write
|
||
|
2F59C221000
|
heap
|
page read and write
|
||
|
2F59C21F000
|
heap
|
page read and write
|
||
|
2F59C030000
|
heap
|
page read and write
|
||
|
2F59C204000
|
heap
|
page read and write
|
||
|
2F59C188000
|
heap
|
page read and write
|
||
|
2F59C21F000
|
heap
|
page read and write
|
||
|
2F59FB20000
|
trusted library allocation
|
page read and write
|
||
|
2F59C212000
|
heap
|
page read and write
|
||
|
2F59C1C0000
|
heap
|
page read and write
|
||
|
2F5A072B000
|
heap
|
page read and write
|
||
|
2F59DDC0000
|
heap
|
page read and write
|
||
|
2F59C1B6000
|
heap
|
page read and write
|
||
|
2F59C150000
|
heap
|
page read and write
|
||
|
2F59C209000
|
heap
|
page read and write
|
||
|
2F59C208000
|
heap
|
page read and write
|
||
|
2F59C254000
|
heap
|
page read and write
|
||
|
2F59DAD0000
|
trusted library allocation
|
page read and write
|
||
|
2F59DBFC000
|
heap
|
page read and write
|
||
|
2F59C215000
|
heap
|
page read and write
|
||
|
F9340D8000
|
stack
|
page read and write
|
||
|
2F59C209000
|
heap
|
page read and write
|
||
|
2F59DC00000
|
heap
|
page read and write
|
||
|
2F59C1B3000
|
heap
|
page read and write
|
||
|
2F59C214000
|
heap
|
page read and write
|
||
|
F9344FD000
|
stack
|
page read and write
|
||
|
2F59C180000
|
heap
|
page read and write
|
||
|
2F59C18B000
|
heap
|
page read and write
|
||
|
2F59C1FC000
|
heap
|
page read and write
|
||
|
2F59C221000
|
heap
|
page read and write
|
||
|
2F59C1D9000
|
heap
|
page read and write
|
||
|
2F59C213000
|
heap
|
page read and write
|
||
|
2F59C20C000
|
heap
|
page read and write
|
||
|
2F59C214000
|
heap
|
page read and write
|
||
|
2F59C110000
|
heap
|
page read and write
|
There are 43 hidden memdumps, click here to show them.