IOC Report
phishing email.txt

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\phishing email.txt

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase

Memdumps

Base Address
Regiontype
Protect
Malicious
235B70E0000
heap
page read and write
235B70E9000
heap
page read and write
235B7000000
heap
page read and write
235B70ED000
heap
page read and write
235B70A0000
heap
page read and write
235B8B25000
heap
page read and write
235B7108000
heap
page read and write
FE08478000
stack
page read and write
235BA980000
trusted library allocation
page read and write
235B70EE000
heap
page read and write
235B70E6000
heap
page read and write
235B89D0000
trusted library allocation
page read and write
235B70C0000
heap
page read and write
235B70B8000
heap
page read and write
235B70B0000
heap
page read and write
235B7040000
heap
page read and write
235B8AE0000
heap
page read and write
235B6F20000
heap
page read and write
235B70DE000
heap
page read and write
235B7139000
heap
page read and write
FE085FE000
stack
page read and write
235BB180000
heap
page read and write
235B712C000
heap
page read and write
235B8B20000
heap
page read and write
235B70A3000
heap
page read and write
235B70E9000
heap
page read and write
FE086FF000
stack
page read and write
235B8B2C000
heap
page read and write
There are 18 hidden memdumps, click here to show them.