Source: notepad.exe, 00000001.00000002.538132856.0000022135195000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Users\user\Desktop\autorun.inf |
Source: notepad.exe, 00000001.00000002.538132856.0000022135195000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\NOTEPAD.EXEC:\Users\user\Desktop\autorun.infk |
Source: notepad.exe, 00000001.00000002.537989942.0000022134EEC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: autorun.inf |
Source: notepad.exe, 00000001.00000002.537989942.0000022134EEC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: autorun.infH |
Source: notepad.exe, 00000001.00000002.537989942.0000022134EEC000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .autorun.inf |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Users\user\Desktop\autorun.inf |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: /C:/Users/user/Desktop/autorun.inffN8 |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: /C:/Users/user/Desktop/autorun.inf |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: autorun.inf |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: autorun.infH |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: .autorun.inf |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: file:///C:/Users/user/Desktop/autorun.inf-F& |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: autorun.infWB |
Source: notepad.exe, 00000001.00000002.538019996.0000022134EFE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: [autorun] |
Source: notepad.exe, 00000001.00000002.537892584.0000022134EB0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Users\user\Desktop\C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.infC:\Windows\system32\NOTEPAD.EXEWinSta0\Default |
Source: notepad.exe, 00000001.00000002.537892584.0000022134EB0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.inf |
Source: notepad.exe, 00000001.00000002.537892584.0000022134EB0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.infQ |
Source: autorun.inf |
Binary or memory string: [autorun] |
Source: C:\Windows\System32\notepad.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 |
Jump to behavior |
Source: C:\Windows\System32\notepad.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: classification engine |
Classification label: clean1.winINF@1/0@0/0 |
Source: autorun.inf |
Joe Sandbox Cloud Basic: Detection: clean Score: 2 |
Perma Link |
Source: C:\Windows\System32\notepad.exe |
Queries volume information: C:\Users\user\Desktop\autorun.inf VolumeInformation |
Jump to behavior |