IOC Report
Wendy Brooks.txt

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Wendy Brooks.txt

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase

Memdumps

Base Address
Regiontype
Protect
Malicious
24152810000
heap
page read and write
24154340000
heap
page read and write
24154503000
heap
page read and write
24152968000
heap
page read and write
2415294C000
heap
page read and write
241542D0000
heap
page read and write
2415294B000
heap
page read and write
2415434C000
heap
page read and write
24152953000
heap
page read and write
24152970000
heap
page read and write
2415298F000
heap
page read and write
451AFE8000
stack
page read and write
24152968000
heap
page read and write
24154345000
heap
page read and write
2415294B000
heap
page read and write
24152948000
heap
page read and write
24156B60000
heap
page read and write
451B47F000
stack
page read and write
24156360000
trusted library allocation
page read and write
241528F0000
heap
page read and write
24152918000
heap
page read and write
2415299E000
heap
page read and write
241542B0000
trusted library allocation
page read and write
241541D0000
heap
page read and write
451B37E000
stack
page read and write
24152910000
heap
page read and write
24152946000
heap
page read and write
24152943000
heap
page read and write
241529A3000
heap
page read and write
24154500000
heap
page read and write
There are 20 hidden memdumps, click here to show them.