Click to jump to signature section
Source: notepad.exe, 00000000.00000002.536901438.0000017F797B0000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Users\user\Desktop\C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.infC:\Windows\system32\NOTEPAD.EXEWinSta0\Default |
Source: notepad.exe, 00000000.00000002.536901438.0000017F797B0000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.inf |
Source: notepad.exe, 00000000.00000002.537345191.0000017F79B65000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Users\user\Desktop\autorun.inf |
Source: notepad.exe, 00000000.00000002.537345191.0000017F79B65000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Windows\system32\NOTEPAD.EXEC:\Users\user\Desktop\autorun.inf |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: autorun.inf |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: autorun.infH |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: .autorun.inf |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: /C:/Users/user/Desktop/autorun.infW |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: C:\Users\user\Desktop\autorun.infD |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: /C:/Users/user/Desktop/autorun.inf |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: file:///C:/Users/user/Desktop/autorun.inf |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: autorun.inf |
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [autorun] |
Source: autorun.inf | Binary or memory string: [autorun] |
Source: C:\Windows\System32\notepad.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 |
Source: C:\Windows\System32\notepad.exe | Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: classification engine | Classification label: clean1.winINF@1/0@0/0 |
Source: autorun.inf | Joe Sandbox Cloud Basic: Detection: clean Score: 2 | Perma Link |
Source: C:\Windows\System32\notepad.exe | Queries volume information: C:\Users\user\Desktop\autorun.inf VolumeInformation |