Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

mkcert.exe

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

initial sample

Details

Filetype:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy:	4.726446878171124
Filename:	mkcert.exe
Filesize:	10240
MD5:	7cc2b35154e9569269a8c5cd5c25f414
SHA1:	ac6051394348ab5ff9d29c27a33750ead25493c3
SHA256:	3ed7944368bb86402333fc360415c763b7924179601db092cca8009b45cfe0b7
SHA512:	348f8ac6afd6f5c81af76ab562b2c65f3edb912c364dbe8c81e6e09688d8091396e16f0d3a5866514095772a8c363c3ad6a771e001fdbf22febb26d7b5d5f1c0
SSDEEP:	192:HKtUTv5X4KGlbLopgq2sZr5vPcee0wS2vBOpAZ:HKtIOPlfxq2sZ9vwOq
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.#c.........."...0..............=... ...@....@.. ....................................`................................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Allocates memory with a write watch (potentially for evading sandboxes)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion
Contains long sleeps (>= 3 min)	Malware Analysis System Evasion
Detected potential crypto function	System Summary	Archive Collected Data Encrypted Channel
Enables debug privileges	Anti Debugging
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)	Malware Analysis System Evasion
May sleep (evasive loops) to hinder dynamic analysis	Malware Analysis System Evasion
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses code obfuscation techniques (call, push, ret)	Data Obfuscation	Obfuscated Files or Information
Contains functionality to query system information	Malware Analysis System Evasion	System Information Discovery
Contains medium sleeps (>= 30s)	Malware Analysis System Evasion
Creates files inside the user directory	System Summary	Masquerading
Creates guard pages, often used to prevent reverse engineering and debugging	Anti Debugging	Disable or Modify Tools
Creates mutexes	System Summary
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Queries the cryptographic machine GUID	Language, Device and Operating System Detection
Reads software policies	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
Uses an in-process (OLE) Automation server	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary
Uses Microsoft Silverlight	System Summary

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Category:	dropped
Dump:	77EC63BDA74BD0D0E0426DC8F8008506.0.dr
ID:	dr_4
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Entropy:	7.995787876711886
Encrypted:	true
Ssdeep:	1536:4vHkVfDISE//aDY0WAXTF+0daIpyFQaqPZkatNjgkFOE4/JZZWnEn6:4vHKfMSeKFXdBcmnXkksE40E6
Size:	69211
Whitelisted:	false
Reputation:	moderate

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

dropped

Details

File:	C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Category:	dropped
Dump:	77EC63BDA74BD0D0E0426DC8F80085060.0.dr
ID:	dr_5
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	data
Entropy:	3.1225101819215357
Encrypted:	false
Ssdeep:	6:kKuTN+SkQlPlEGYRMY9z+4KlDA3RUe1HEbpo:G8kPlE99SNxAhUe1HEVo
Size:	330
Whitelisted:	false
Reputation:	low

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mkcert.exe.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mkcert.exe.log
Category:	dropped
Dump:	mkcert.exe.log.0.dr
ID:	dr_7
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	5.303585162920836
Encrypted:	false
Ssdeep:	48:MxHK1BIYHKh6ozaAHKzI+6eQD3uMIHxz1O1jH8mHAHjHKo01OmtHoA+HKLHLHKgB:iq1yYqh6oRqzrFeeMIRxurgDqoI1tIAB
Size:	2966
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epl2j0gi.api.ps1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epl2j0gi.api.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_epl2j0gi.api.ps1.0.dr
ID:	dr_2
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	high

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hxksep0d.1bn.psm1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hxksep0d.1bn.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_hxksep0d.1bn.psm1.0.dr
ID:	dr_3
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	high

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkfmsclc.hpv.psm1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkfmsclc.hpv.psm1
Category:	dropped
Dump:	__PSScriptPolicyTest_lkfmsclc.hpv.psm1.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4agtt0c.k02.ps1

ASCII text, with no line terminators

dropped

Details

File:	C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m4agtt0c.k02.ps1
Category:	dropped
Dump:	__PSScriptPolicyTest_m4agtt0c.k02.ps1.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	ASCII text, with no line terminators
Entropy:	4.038920595031593
Encrypted:	false
Ssdeep:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
Size:	60
Whitelisted:	false
Reputation:	timeout

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process	System Summary
Creates temporary files	System Summary

\Device\ConDrv

ASCII text, with CRLF line terminators

dropped

Details

File:	\Device\ConDrv
Category:	dropped
Dump:	ConDrv.0.dr
ID:	dr_6
Target ID:	0
Process:	C:\Users\user\Desktop\mkcert.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	3.966738780375731
Encrypted:	false
Ssdeep:	3:TnkcUDhXVmkkcjbvjXmnN:TnG9lTkcjbvrC
Size:	42
Whitelisted:	false
Reputation:	timeout

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\mkcert.exe

Details

Is windows:	false
Is dropped:	false
PID:	5300
Target ID:	0
Parent PID:	5352
Name:	mkcert.exe
Path:	C:\Users\user\Desktop\mkcert.exe
Commandline:	C:\Users\user\Desktop\mkcert.exe
Size:	10240
MD5:	7CC2B35154E9569269A8C5CD5C25F414
Time:	17:26:27
Date:	18/03/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xca0000
Modulesize:	32768
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process	System Summary
Creates files inside the user directory	System Summary	Masquerading
PE file has an executable .text section and no other executable section	System Summary
Parts of this applications are using the .NET runtime (Probably coded in C#)	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a COM descriptor data directory	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2856
Target ID:	1
Parent PID:	5300
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	875008
MD5:	81CA40085FC75BABD2C91D18AA9FFA68
Time:	17:26:27
Date:	18/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff621960000
Modulesize:	901120
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://nuget.org/NuGet.exe

unknown

http://pesterbdd.com/images/Pester.png

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

http://schemas.xmlsoap.org/wsdl/

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://contoso.com/License

unknown

https://contoso.com/Icon

unknown

http://www.quovadis.bm0

unknown

https://ocsp.quovadisoffshore.com0

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

https://github.com/Pester/Pester

unknown

There are 3 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\REQUEST\Certificates\DCFAAC6AAF19C606A0546FBD5AEB657469C82477

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\REQUEST\Certificates\DCFAAC6AAF19C606A0546FBD5AEB657469C82477
Value name:	Blob
Value data:	03 00 00 00 01 00 00 00 14 00 00 00 DC FA AC 6A AF 19 C6 06 A0 54 6F BD 5A EB 65 74 69 C8 24 77 0B 00 00 00 01 00 00 00 44 00 00 00 43 00 61 00 6E 00 6F 00 6E 00 20 00 45 00 4D 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 00 00 02 00 00 00 01 00 00 00 FC 00 00 00 1C 00 00 00 AC 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 00 61 00 6E 00 6F 00 6E 00 20 00 45 00 4D 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 43 00 6F 00 6E 00 74 00 61 00 69 00 6E 00 65 00 72 00 2D 00 39 00 30 00 30 00 36 00 34 00 65 00 31 00 31 00 2D 00 39 00 33 00 32 00 34 00 2D 00 34 00 30 00 38 00 30 00 2D 00 62 00 61 00 34 00 65 00 2D 00 38 00 38 00 63 00 32 00 33 00 36 00 36 00 66 00 61 00 38 00 37 00 62 00 00 00 00 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 53 00 6F 00 66 00 74 00 77 00 61 00 72 00 65 00 20 00 4B 00 65 00 79 00 20 00 53 00 74 00 6F 00 72 00 61 00 67 00 65 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 00 00 20 00 00 00 01 00 00 00 74 03 00 00 30 82 03 70 30 82 02 58 A0 03 02 01 02 02 10 18 CC AC 89 55 90 9F 96 41 B2 15 52 9C EE F9 C5 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 20 31 1E 30 1C 06 03 55 04 03 0C 15 43 61 6E 6F 6E 20 45 4D 43 20 41 70 70 6C 69 63 61 74 69 6F 6E 30 1E 17 0D 32 34 30 33 31 38 31 36 31 38 33 38 5A 17 0D 32 35 30 33 31 38 31 36 33 38 33 38 5A 30 20 31 1E 30 1C 06 03 55 04 03 0C 15 43 61 6E 6F 6E 20 45 4D 43 20 41 70 70 6C 69 63 61 74 69 6F 6E 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A4 F6 1D BC 38 B3 19 2D B7 E2 19 1E 59 DA 99 03 30 0C 1B 19 4E A4 D1 2E 2B 2B 91 D9 4E 02 34 EC CF FA 0C A4 B1 60 38 3F 65 7A 35 17 38 F7 A5 42 67 8C E2 16 A5 A6 3B 0B 66 42 A4 F5 22 AA 9B 84 30 0C C1 4B 7D F4 AF F6 E7 86 B6 9C 10 34 74 0A F9 0A 2F EA 1F 6C 98 BC B1 51 6B AE 02 7E 35 98 C1 FD 7B B6 6F D8 0C EA E9 B3 07 76 BF 53 11 13 66 F8 57 D0 68 35 4F 14 99 9F 4D F2 B7 11 ED 28 5A F6 08 DB 3C 25 41 69 3E CB FC 9F 5F F7 83 F8 7A BB B6 99 83 DB B6 C4 AE 41 22 D0 58 54 3C 8B 0D 92 5B 60 00 D9 E6 39 F8 A1 78 B8 C2 4D 86 45 59 F4 F5 57 33 F5 FF 7F 2E 96 C4 D0 A5 EF 99 B7 32 AF 73 99 07 54 79 64 CC 10 62 DF 6F D5 F0 28 1A 04 F7 36 B9 67 73 12 96 4A 34 CA 61 64 72 F2 20 19 7F 49 78 8E 09 46 44 A9 3A F1 BA B1 EC E3 CD 66 CA B8 95 1D 8E A4 66 12 7F 2F 9D EC B5 91 02 03 01 00 01 A3 81 A5 30 81 A2 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 01 30 1D 06 03 55 1D 0E 04 16 04 14 5E 06 A4 89 3B EF 4F CB 9B 01 29 B5 2F E4 F0 FF 16 BC 83 61 30 52 06 0A 2B 06 01 04 01 82 37 0A 0B 0B 04 44 43 00 61 00 6E 00 6F 00 6E 00 20 00 45 00 4D 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 00 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 1B 50 FC 1D B7 05 48 99 C0 EB 08 AA 1F 66 94 53 CE 08 D3 9D 22 39 65 A1 10 A2 07 74 A5 61 CF 10 69 0E 8B 0E 63 70 09 F6 7E 58 C5 83 8A B0 AC 80 8F 8A ED 8E A0 92 48 E3 4B 04 51 AC 22 CA 70 A5 CE 32 0E 8B 75 7B C7 B5 31 E2 59 3C AC 14 9A A2 F9 B4 B6 43 B2 9F 08 E9 C4 D5 1E 60 D6 BD FE 72 34 21 1A E7 4A E2 87 B3 5C AD A4 5E E5 75 AA 79 CB 49 79 4D 7A 9B 9C 3E 10 CC 09 FC 60 46 CA 92 44 B5 3D 70 A3 BA 3A 1C 56 DB 42 8E C4 CC 55 EE B3 12 C8 A7 29 14 7F C1 80 FC 4D 6B 2E 8F 72 60 12 1E 05 BE 96 9E D3 A1 9D 51 99 B6 A0 F3 FA 30 25 FB C2 8D 63 C0 2D 58 F0 12 99 62 1C 87 8A EA 4B 2E 31 7A BE 79 3A B3 A7 38 E3 90 D1 0D 15 89 F2 B2 B4 2C 7D 6E 46 0F 26 37 34 CD 3A 55 95 16 72 B1 29 13 9C 7B E4 6C 04 9C 86 E8 65 49 16 92 3F 70 88 A6 3F 94 C9 15 3B 40 0D BC 43 90 1E B4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\0EE2B3F9B153D807CCA729F5DB30AC534602C3E5

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\0EE2B3F9B153D807CCA729F5DB30AC534602C3E5
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 5A 55 86 CC F5 D1 82 55 83 84 35 94 31 8A 91 07 0F 00 00 00 01 00 00 00 20 00 00 00 CC 39 77 65 1B 6F 7C 95 C5 79 C3 6B 06 15 BB 23 99 49 78 E8 57 FF 5A 56 B7 3E 83 A4 DF 18 38 3F 14 00 00 00 01 00 00 00 14 00 00 00 5E 06 A4 89 3B EF 4F CB 9B 01 29 B5 2F E4 F0 FF 16 BC 83 61 19 00 00 00 01 00 00 00 10 00 00 00 72 07 FD 66 EE E5 58 57 15 26 9E AF FB 8F F9 21 03 00 00 00 01 00 00 00 14 00 00 00 0E E2 B3 F9 B1 53 D8 07 CC A7 29 F5 DB 30 AC 53 46 02 C3 E5 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 20 00 00 00 01 00 00 00 1E 03 00 00 30 82 03 1A 30 82 02 02 A0 03 02 01 02 02 10 43 94 59 1B 46 0D 15 AC 47 99 9A 64 A6 CB 17 77 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 20 31 1E 30 1C 06 03 55 04 03 0C 15 43 61 6E 6F 6E 20 45 4D 43 20 41 70 70 6C 69 63 61 74 69 6F 6E 30 1E 17 0D 32 34 30 33 31 38 31 36 31 38 33 38 5A 17 0D 32 39 30 33 31 38 31 36 32 36 32 39 5A 30 20 31 1E 30 1C 06 03 55 04 03 0C 15 43 61 6E 6F 6E 20 45 4D 43 20 41 70 70 6C 69 63 61 74 69 6F 6E 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A4 F6 1D BC 38 B3 19 2D B7 E2 19 1E 59 DA 99 03 30 0C 1B 19 4E A4 D1 2E 2B 2B 91 D9 4E 02 34 EC CF FA 0C A4 B1 60 38 3F 65 7A 35 17 38 F7 A5 42 67 8C E2 16 A5 A6 3B 0B 66 42 A4 F5 22 AA 9B 84 30 0C C1 4B 7D F4 AF F6 E7 86 B6 9C 10 34 74 0A F9 0A 2F EA 1F 6C 98 BC B1 51 6B AE 02 7E 35 98 C1 FD 7B B6 6F D8 0C EA E9 B3 07 76 BF 53 11 13 66 F8 57 D0 68 35 4F 14 99 9F 4D F2 B7 11 ED 28 5A F6 08 DB 3C 25 41 69 3E CB FC 9F 5F F7 83 F8 7A BB B6 99 83 DB B6 C4 AE 41 22 D0 58 54 3C 8B 0D 92 5B 60 00 D9 E6 39 F8 A1 78 B8 C2 4D 86 45 59 F4 F5 57 33 F5 FF 7F 2E 96 C4 D0 A5 EF 99 B7 32 AF 73 99 07 54 79 64 CC 10 62 DF 6F D5 F0 28 1A 04 F7 36 B9 67 73 12 96 4A 34 CA 61 64 72 F2 20 19 7F 49 78 8E 09 46 44 A9 3A F1 BA B1 EC E3 CD 66 CA B8 95 1D 8E A4 66 12 7F 2F 9D EC B5 91 02 03 01 00 01 A3 50 30 4E 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 01 30 1D 06 03 55 1D 0E 04 16 04 14 5E 06 A4 89 3B EF 4F CB 9B 01 29 B5 2F E4 F0 FF 16 BC 83 61 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 0F E3 61 B1 71 17 2D 0D 8E EF 53 0E 72 F3 BF 49 4D 64 60 2A F1 BC CD 27 56 75 80 59 4D 9F EF B6 EE BD FA 52 0E 32 E3 E7 1A 64 A3 07 C0 0E C4 1F A4 B3 95 24 D5 9E 8C 63 EC D1 87 CE 4B 71 F4 1F 4B 77 05 74 70 E0 12 52 16 52 27 F2 43 B3 37 43 CF 7A AE AF F0 57 12 E4 2E F7 3A 8C 1A 7B 2E B4 6C 7A F0 AC B2 31 E8 CE D1 EA BF 8A 9E 35 D4 EB 37 8F 46 09 BE 09 F6 49 5E 9A 5D 7E 6E F0 AE 2D 1E 06 30 DF 32 D4 D9 98 5C D7 A9 66 FC 1B 08 A6 04 E5 92 15 67 F7 55 9D 29 D9 42 65 A0 B2 03 A8 45 4F 9D 49 47 C3 D3 C1 F8 72 9A 03 1C 95 B6 3B FD C9 45 59 7D 95 13 EB BD D1 8C E7 D4 F3 74 15 C1 1B 7F B0 A4 C7 C7 E8 F8 27 9F E5 E5 53 A0 E8 BE 15 36 9E B2 E4 2E 48 57 DC DF DC 4B B5 81 BA A1 6E 55 58 51 7A 1C 82 1A 8C D2 FF 28 EE 0A 84 92 09 A4 A4 14 C3 6E 51 FF B8 8E D7 46 00 51 C7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\0EE2B3F9B153D807CCA729F5DB30AC534602C3E5

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\0EE2B3F9B153D807CCA729F5DB30AC534602C3E5
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 5A 55 86 CC F5 D1 82 55 83 84 35 94 31 8A 91 07 0F 00 00 00 01 00 00 00 20 00 00 00 CC 39 77 65 1B 6F 7C 95 C5 79 C3 6B 06 15 BB 23 99 49 78 E8 57 FF 5A 56 B7 3E 83 A4 DF 18 38 3F 14 00 00 00 01 00 00 00 14 00 00 00 5E 06 A4 89 3B EF 4F CB 9B 01 29 B5 2F E4 F0 FF 16 BC 83 61 19 00 00 00 01 00 00 00 10 00 00 00 72 07 FD 66 EE E5 58 57 15 26 9E AF FB 8F F9 21 03 00 00 00 01 00 00 00 14 00 00 00 0E E2 B3 F9 B1 53 D8 07 CC A7 29 F5 DB 30 AC 53 46 02 C3 E5 5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 0B 00 00 00 01 00 00 00 44 00 00 00 43 00 61 00 6E 00 6F 00 6E 00 20 00 45 00 4D 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 43 00 65 00 72 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 65 00 00 00 02 00 00 00 01 00 00 00 FC 00 00 00 1C 00 00 00 AC 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 00 61 00 6E 00 6F 00 6E 00 20 00 45 00 4D 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 43 00 6F 00 6E 00 74 00 61 00 69 00 6E 00 65 00 72 00 2D 00 39 00 30 00 30 00 36 00 34 00 65 00 31 00 31 00 2D 00 39 00 33 00 32 00 34 00 2D 00 34 00 30 00 38 00 30 00 2D 00 62 00 61 00 34 00 65 00 2D 00 38 00 38 00 63 00 32 00 33 00 36 00 36 00 66 00 61 00 38 00 37 00 62 00 00 00 00 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 53 00 6F 00 66 00 74 00 77 00 61 00 72 00 65 00 20 00 4B 00 65 00 79 00 20 00 53 00 74 00 6F 00 72 00 61 00 67 00 65 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 00 00 47 00 00 00 01 00 00 00 0E 00 00 00 39 00 33 00 36 00 39 00 30 00 35 00 00 00 20 00 00 00 01 00 00 00 1E 03 00 00 30 82 03 1A 30 82 02 02 A0 03 02 01 02 02 10 43 94 59 1B 46 0D 15 AC 47 99 9A 64 A6 CB 17 77 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 20 31 1E 30 1C 06 03 55 04 03 0C 15 43 61 6E 6F 6E 20 45 4D 43 20 41 70 70 6C 69 63 61 74 69 6F 6E 30 1E 17 0D 32 34 30 33 31 38 31 36 31 38 33 38 5A 17 0D 32 39 30 33 31 38 31 36 32 36 32 39 5A 30 20 31 1E 30 1C 06 03 55 04 03 0C 15 43 61 6E 6F 6E 20 45 4D 43 20 41 70 70 6C 69 63 61 74 69 6F 6E 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 A4 F6 1D BC 38 B3 19 2D B7 E2 19 1E 59 DA 99 03 30 0C 1B 19 4E A4 D1 2E 2B 2B 91 D9 4E 02 34 EC CF FA 0C A4 B1 60 38 3F 65 7A 35 17 38 F7 A5 42 67 8C E2 16 A5 A6 3B 0B 66 42 A4 F5 22 AA 9B 84 30 0C C1 4B 7D F4 AF F6 E7 86 B6 9C 10 34 74 0A F9 0A 2F EA 1F 6C 98 BC B1 51 6B AE 02 7E 35 98 C1 FD 7B B6 6F D8 0C EA E9 B3 07 76 BF 53 11 13 66 F8 57 D0 68 35 4F 14 99 9F 4D F2 B7 11 ED 28 5A F6 08 DB 3C 25 41 69 3E CB FC 9F 5F F7 83 F8 7A BB B6 99 83 DB B6 C4 AE 41 22 D0 58 54 3C 8B 0D 92 5B 60 00 D9 E6 39 F8 A1 78 B8 C2 4D 86 45 59 F4 F5 57 33 F5 FF 7F 2E 96 C4 D0 A5 EF 99 B7 32 AF 73 99 07 54 79 64 CC 10 62 DF 6F D5 F0 28 1A 04 F7 36 B9 67 73 12 96 4A 34 CA 61 64 72 F2 20 19 7F 49 78 8E 09 46 44 A9 3A F1 BA B1 EC E3 CD 66 CA B8 95 1D 8E A4 66 12 7F 2F 9D EC B5 91 02 03 01 00 01 A3 50 30 4E 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 01 30 1D 06 03 55 1D 0E 04 16 04 14 5E 06 A4 89 3B EF 4F CB 9B 01 29 B5 2F E4 F0 FF 16 BC 83 61 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 0F E3 61 B1 71 17 2D 0D 8E EF 53 0E 72 F3 BF 49 4D 64 60 2A F1 BC CD 27 56 75 80 59 4D 9F EF B6 EE BD FA 52 0E 32 E3 E7 1A 64 A3 07 C0 0E C4 1F A4 B3 95 24 D5 9E 8C 63 EC D1 87 CE 4B 71 F4 1F 4B 77 05 74 70 E0 12 52 16 52 27 F2 43 B3 37 43 CF 7A AE AF F0 57 12 E4 2E F7 3A 8C 1A 7B 2E B4 6C 7A F0 AC B2 31 E8 CE D1 EA BF 8A 9E 35 D4 EB 37 8F 46 09 BE 09 F6 49 5E 9A 5D 7E 6E F0 AE 2D 1E 06 30 DF 32 D4 D9 98 5C D7 A9 66 FC 1B 08 A6 04 E5 92 15 67 F7 55 9D 29 D9 42 65 A0 B2 03 A8 45 4F 9D 49 47 C3 D3 C1 F8 72 9A 03 1C 95 B6 3B FD C9 45 59 7D 95 13 EB BD D1 8C E7 D4 F3 74 15 C1 1B 7F B0 A4 C7 C7 E8 F8 27 9F E5 E5 53 A0 E8 BE 15 36 9E B2 E4 2E 48 57 DC DF DC 4B B5 81 BA A1 6E 55 58 51 7A 1C 82 1A 8C D2 FF 28 EE 0A 84 92 09 A4 A4 14 C3 6E 51 FF B8 8E D7 46 00 51 C7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Keys\5E06A4893BEF4FCB9B0129B52FE4F0FF16BC8361

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Keys\5E06A4893BEF4FCB9B0129B52FE4F0FF16BC8361
Value name:	Blob
Value data:	02 00 00 00 00 00 00 00 FC 00 00 00 1C 00 00 00 AC 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 00 61 00 6E 00 6F 00 6E 00 20 00 45 00 4D 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 20 00 43 00 6F 00 6E 00 74 00 61 00 69 00 6E 00 65 00 72 00 2D 00 39 00 30 00 30 00 36 00 34 00 65 00 31 00 31 00 2D 00 39 00 33 00 32 00 34 00 2D 00 34 00 30 00 38 00 30 00 2D 00 62 00 61 00 34 00 65 00 2D 00 38 00 38 00 63 00 32 00 33 00 36 00 36 00 66 00 61 00 38 00 37 00 62 00 00 00 00 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 53 00 6F 00 66 00 74 00 77 00 61 00 72 00 65 00 20 00 4B 00 65 00 79 00 20 00 53 00 74 00 6F 00 72 00 61 00 67 00 65 00 20 00 50 00 72 00 6F 00 76 00 69 00 64 00 65 00 72 00 00 00 23 00 00 00 00 00 00 00 14 00 00 00 5E 06 A4 89 3B EF 4F CB 9B 01 29 B5 2F E4 F0 FF 16 BC 83 61

Memdumps

Base Address

Regiontype

Protect

Malicious

DFE000

stack

page read and write

6430000

trusted library allocation

page read and write

59F6000

heap

page read and write

14DC000

heap

page read and write

6950000

trusted library allocation

page read and write

13ED000

trusted library allocation

page execute and read and write

9630000

trusted library allocation

page read and write

5B1D000

trusted library allocation

page read and write

914F000

stack

page read and write

9150000

heap

page read and write

99EE000

stack

page read and write

37C6000

trusted library allocation

page read and write

5C00000

trusted library allocation

page read and write

30F0000

heap

page execute and read and write

140B000

trusted library allocation

page execute and read and write

5B16000

trusted library allocation

page read and write

16AC000

stack

page read and write

91C0000

heap

page read and write

D80000

heap

page read and write

91B0000

trusted library allocation

page execute and read and write

9560000

trusted library allocation

page execute and read and write

59CE000

stack

page read and write

642E000

stack

page read and write

64E1000

heap

page read and write

9249000

heap

page read and write

1220000

heap

page read and write

961E000

stack

page read and write

6970000

trusted library allocation

page execute and read and write

4119000

trusted library allocation

page read and write

9659000

trusted library allocation

page read and write

92D7000

heap

page read and write

7C50000

trusted library allocation

page read and write

7DEE000

stack

page read and write

5B19000

trusted library allocation

page read and write

5B4D000

trusted library allocation

page read and write

16F0000

heap

page read and write

578E000

stack

page read and write

382E000

trusted library allocation

page read and write

64D2000

heap

page read and write

6520000

heap

page read and write

9281000

heap

page read and write

97F0000

trusted library allocation

page execute and read and write

9E5D000

stack

page read and write

7A90000

trusted library allocation

page read and write

7CAE000

stack

page read and write

9070000

trusted library allocation

page execute and read and write

975C000

trusted library allocation

page read and write

9030000

trusted library allocation

page read and write

5B48000

trusted library allocation

page read and write

1402000

trusted library allocation

page read and write

984D000

stack

page read and write

9A10000

trusted library allocation

page read and write

93C0000

trusted library allocation

page read and write

922F000

heap

page read and write

D3C000

stack

page read and write

5DB0000

trusted library allocation

page read and write

37F8000

trusted library allocation

page read and write

9675000

trusted library allocation

page read and write

7BA0000

trusted library allocation

page read and write

7AE0000

trusted library allocation

page execute and read and write

4111000

trusted library allocation

page read and write

9735000

trusted library allocation

page read and write

A49F000

stack

page read and write

964B000

trusted library allocation

page read and write

8EDE000

stack

page read and write

13D3000

trusted library allocation

page execute and read and write

9640000

trusted library allocation

page read and write

68E8000

trusted library allocation

page read and write

6542000

heap

page read and write

9780000

trusted library allocation

page read and write

16EA000

trusted library allocation

page read and write

9690000

trusted library allocation

page read and write

13C0000

trusted library allocation

page read and write

7A60000

trusted library allocation

page read and write

7B00000

trusted library allocation

page read and write

A05E000

stack

page read and write

649C000

heap

page read and write

6920000

trusted library allocation

page read and write

6A10000

trusted library allocation

page read and write

7A10000

trusted library allocation

page read and write

9648000

trusted library allocation

page read and write

9B5E000

stack

page read and write

8E9C000

stack

page read and write

68CC000

stack

page read and write

5C20000

trusted library allocation

page read and write

5108000

trusted library allocation

page read and write

16C0000

trusted library allocation

page read and write

64AC000

heap

page read and write

4132000

trusted library allocation

page read and write

FFC60000

trusted library allocation

page execute and read and write

9A5E000

stack

page read and write

7B80000

trusted library allocation

page execute and read and write

9663000

trusted library allocation

page read and write

A5DE000

stack

page read and write

13D4000

trusted library allocation

page read and write

CA2000

unkown

page readonly

5D05000

trusted library allocation

page read and write

19C6000

heap

page read and write

58B0000

trusted library allocation

page execute and read and write

5790000

trusted library allocation

page read and write

9259000

heap

page read and write

4101000

trusted library allocation

page read and write

7A20000

trusted library allocation

page read and write

141E000

heap

page read and write

9760000

trusted library allocation

page read and write

96EF000

trusted library allocation

page read and write

6490000

heap

page read and write

16ED000

trusted library allocation

page read and write

971E000

trusted library allocation

page read and write

96D6000

trusted library allocation

page read and write

325B000

trusted library allocation

page read and write

7AA0000

trusted library allocation

page read and write

7AF0000

trusted library allocation

page execute and read and write

9278000

heap

page read and write

1400000

trusted library allocation

page read and write

7AC0000

trusted library allocation

page execute and read and write

91A0000

trusted library allocation

page read and write

13DD000

trusted library allocation

page execute and read and write

17FE000

stack

page read and write

9750000

trusted library allocation

page read and write

5BB0000

trusted library allocation

page read and write

68DF000

trusted library allocation

page read and write

1225000

heap

page read and write

58C0000

heap

page execute and read and write

7A30000

trusted library allocation

page read and write

8D9E000

stack

page read and write

9706000

trusted library allocation

page read and write

1405000

trusted library allocation

page execute and read and write

6980000

trusted library allocation

page read and write

950F000

stack

page read and write

1444000

heap

page read and write

13E0000

trusted library allocation

page read and write

A600000

trusted library allocation

page execute and read and write

9510000

heap

page read and write

9643000

trusted library allocation

page read and write

67CE000

stack

page read and write

150A000

heap

page read and write

7C20000

trusted library allocation

page execute and read and write

A5E0000

trusted library allocation

page read and write

30DE000

stack

page read and write

9D40000

trusted library allocation

page read and write

6494000

heap

page read and write

9000000

trusted library allocation

page read and write

7BF0000

trusted library allocation

page read and write

899F000

stack

page read and write

7EC0000

trusted library allocation

page execute and read and write

9860000

trusted library allocation

page read and write

6910000

trusted library allocation

page read and write

910D000

stack

page read and write

922D000

heap

page read and write

6A30000

trusted library allocation

page read and write

9668000

trusted library allocation

page read and write

58AE000

stack

page read and write

8BDE000

stack

page read and write

3493000

trusted library allocation

page read and write

6990000

trusted library allocation

page read and write

9050000

trusted library allocation

page read and write

529D000

stack

page read and write

64EF000

heap

page read and write

5BA0000

trusted library allocation

page read and write

59E7000

heap

page read and write

6590000

heap

page read and write

59FB000

heap

page read and write

96ED000

trusted library allocation

page read and write

6930000

trusted library allocation

page execute and read and write

A4DE000

stack

page read and write

13F0000

trusted library allocation

page read and write

6509000

heap

page read and write

1990000

trusted library allocation

page read and write

9740000

trusted library allocation

page read and write

9020000

trusted library allocation

page execute and read and write

5AE0000

trusted library allocation

page read and write

16D0000

heap

page read and write

5BB9000

trusted library allocation

page read and write

16E0000

trusted library allocation

page read and write

120E000

stack

page read and write

CD0000

heap

page read and write

14E1000

heap

page read and write

5BBB000

trusted library allocation

page read and write

678F000

stack

page read and write

8A9E000

stack

page read and write

9680000

trusted library allocation

page read and write

132E000

stack

page read and write

99F0000

trusted library allocation

page read and write

90A0000

trusted library allocation

page execute and read and write

7A80000

trusted library allocation

page read and write

57E0000

trusted library allocation

page read and write

9267000

heap

page read and write

7DAE000

stack

page read and write

96A0000

trusted library allocation

page read and write

19B6000

trusted library allocation

page read and write

CA0000

unkown

page readonly

7EE0000

trusted library allocation

page read and write

16F7000

heap

page read and write

13E3000

trusted library allocation

page read and write

410B000

trusted library allocation

page read and write

9190000

trusted library allocation

page read and write

928F000

heap

page read and write

9245000

heap

page read and write

9010000

trusted library allocation

page read and write

8B9E000

stack

page read and write

963C000

trusted library allocation

page execute and read and write

5AD0000

trusted library allocation

page read and write

95BE000

stack

page read and write

6523000

heap

page read and write

6A20000

trusted library allocation

page read and write

9620000

trusted library allocation

page read and write

96FF000

trusted library allocation

page read and write

9CF0000

trusted library allocation

page read and write

7E2E000

stack

page read and write

5B25000

trusted library allocation

page read and write

68D1000

trusted library allocation

page read and write

FFC78000

trusted library allocation

page execute and read and write

59E1000

heap

page read and write

95D0000

trusted library allocation

page execute and read and write

37C4000

trusted library allocation

page read and write

6515000

heap

page read and write

96F4000

trusted library allocation

page read and write

95C3000

trusted library allocation

page read and write

1620000

trusted library allocation

page read and write

19C0000

heap

page read and write

9738000

trusted library allocation

page read and write

92AE000

heap

page read and write

37C8000

trusted library allocation

page read and write

8D5E000

stack

page read and write

9636000

trusted library allocation

page execute and read and write

4115000

trusted library allocation

page read and write

1407000

trusted library allocation

page execute and read and write

19A0000

trusted library allocation

page read and write

6960000

trusted library allocation

page read and write

9550000

trusted library allocation

page read and write

5BC0000

trusted library allocation

page read and write

95C0000

trusted library allocation

page read and write

9683000

trusted library allocation

page read and write

99AE000

stack

page read and write

19CE000

heap

page read and write

8FE0000

trusted library allocation

page read and write

7C10000

trusted library allocation

page read and write

7F00000

trusted library allocation

page read and write

13D0000

trusted library allocation

page read and write

6940000

trusted library allocation

page execute and read and write

967E000

trusted library allocation

page read and write

9295000

heap

page read and write

90C0000

trusted library allocation

page execute and read and write

9657000

trusted library allocation

page read and write

568E000

stack

page read and write

9060000

trusted library allocation

page read and write

68F0000

trusted library allocation

page read and write

A39E000

stack

page read and write

7B60000

trusted library allocation

page read and write

9CC0000

trusted library allocation

page execute and read and write

7A00000

trusted library allocation

page read and write

1437000

heap

page read and write

9639000

trusted library allocation

page execute and read and write

95CD000

trusted library allocation

page execute and read and write

68F6000

trusted library allocation

page read and write

10F8000

stack

page read and write

7C00000

trusted library allocation

page execute and read and write

7AB0000

trusted library allocation

page read and write

1418000

heap

page read and write

9040000

trusted library allocation

page execute and read and write

9686000

trusted library allocation

page read and write

4177000

trusted library allocation

page read and write

5B30000

trusted library allocation

page read and write

136D000

stack

page read and write

9651000

trusted library allocation

page read and write

7A40000

trusted library allocation

page read and write

7EF0000

trusted library allocation

page read and write

7B90000

trusted library allocation

page execute and read and write

96F1000

trusted library allocation

page read and write

68F8000

trusted library allocation

page read and write

348D000

trusted library allocation

page read and write

8FF0000

trusted library allocation

page execute and read and write

7A50000

trusted library allocation

page read and write

9F5D000

stack

page read and write

8C5E000

stack

page read and write

7B70000

trusted library allocation

page read and write

3101000

trusted library allocation

page read and write

8C1F000

stack

page read and write

7A70000

trusted library allocation

page read and write

68D4000

trusted library allocation

page read and write

35F4000

trusted library allocation

page read and write

160E000

stack

page read and write

13F6000

trusted library allocation

page execute and read and write

16B0000

trusted library allocation

page execute and read and write

19B0000

trusted library allocation

page read and write

9B60000

trusted library allocation

page read and write

5B10000

trusted library allocation

page read and write

940E000

stack

page read and write

96C2000

trusted library allocation

page read and write

5B40000

trusted library allocation

page read and write

9570000

trusted library allocation

page read and write

64FF000

heap

page read and write

96E0000

trusted library allocation

page read and write

8FDE000

stack

page read and write

166E000

stack

page read and write

5B20000

trusted library allocation

page read and write

9232000

heap

page read and write

55E0000

heap

page read and write

971C000

trusted library allocation

page read and write

1410000

heap

page read and write

68EC000

trusted library allocation

page read and write

9665000

trusted library allocation

page read and write

5BA3000

trusted library allocation

page read and write

3154000

trusted library allocation

page read and write

59F2000

heap

page read and write

1451000

heap

page read and write

5B90000

trusted library allocation

page read and write

7AD0000

trusted library allocation

page read and write

7EBE000

stack

page read and write

5D30000

trusted library allocation

page execute and read and write

7BE0000

trusted library allocation

page read and write

There are 302 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
mkcert.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportmkcert.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
mkcert.exe