Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\qxn9Zvy1at.exe
|
"C:\Users\user\Desktop\qxn9Zvy1at.exe"
|
 |
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crl.usertrust.
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
https://securetestconnect.app/r
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://securetestconnect.app/connection/testn
|
unknown
|
||
|
https://securetestconnect.app/connection/test
|
172.67.214.45
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://www.microsoft.c
|
unknown
|
||
|
https://securetestconnect.app/connection/testMain
|
unknown
|
||
|
https://www.google.com/
|
unknown
|
||
|
https://securetestconnect.app/f
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
securetestconnect.app
|
172.67.214.45
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.214.45
|
securetestconnect.app
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
|
Blob
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
15524A16000
|
heap
|
page read and write
|
|
|
|
7FF7EBE31000
|
unkown
|
page execute read
|
|
|
|
7FF7EBE31000
|
unkown
|
page execute read
|
|
|
|
15524BC3000
|
heap
|
page read and write
|
|
|
|
155249B8000
|
heap
|
page read and write
|
|
|
|
15524A13000
|
heap
|
page read and write
|
|
|
|
15525031000
|
heap
|
page read and write
|
|
|
|
155249ED000
|
heap
|
page read and write
|
|
|
|
155249ED000
|
heap
|
page read and write
|
|
|
|
15524A05000
|
heap
|
page read and write
|
|
|
|
7FF7EBEC5000
|
unkown
|
page readonly
|
||
|
7FF7EBEDF000
|
unkown
|
page readonly
|
||
|
4BF2F6000
|
stack
|
page read and write
|
||
|
15524A1B000
|
heap
|
page read and write
|
||
|
15526A90000
|
remote allocation
|
page read and write
|
||
|
15524BFD000
|
heap
|
page read and write
|
||
|
15524A10000
|
heap
|
page read and write
|
||
|
7FF7EBEAF000
|
unkown
|
page readonly
|
||
|
7FF7EBE30000
|
unkown
|
page readonly
|
||
|
7FF7EBEA3000
|
unkown
|
page readonly
|
||
|
155250B5000
|
heap
|
page read and write
|
||
|
4BF4FE000
|
stack
|
page read and write
|
||
|
15524A30000
|
heap
|
page read and write
|
||
|
15524A10000
|
heap
|
page read and write
|
||
|
15524A61000
|
heap
|
page read and write
|
||
|
4BF9FB000
|
stack
|
page read and write
|
||
|
155250DA000
|
heap
|
page read and write
|
||
|
15524A90000
|
heap
|
page read and write
|
||
|
15524A06000
|
heap
|
page read and write
|
||
|
15524BC0000
|
heap
|
page read and write
|
||
|
15524A10000
|
heap
|
page read and write
|
||
|
15524A0D000
|
heap
|
page read and write
|
||
|
1552509E000
|
heap
|
page read and write
|
||
|
15525030000
|
heap
|
page read and write
|
||
|
155250A9000
|
heap
|
page read and write
|
||
|
15524A5B000
|
heap
|
page read and write
|
||
|
7FF7EBE8E000
|
unkown
|
page write copy
|
||
|
4BF8FE000
|
stack
|
page read and write
|
||
|
15524B90000
|
heap
|
page read and write
|
||
|
15524A1A000
|
heap
|
page read and write
|
||
|
155249DA000
|
heap
|
page read and write
|
||
|
155250BF000
|
heap
|
page read and write
|
||
|
15524CE5000
|
heap
|
page read and write
|
||
|
15524A06000
|
heap
|
page read and write
|
||
|
15524C03000
|
heap
|
page read and write
|
||
|
15524A66000
|
heap
|
page read and write
|
||
|
15524C04000
|
heap
|
page read and write
|
||
|
7FF7EBEBB000
|
unkown
|
page readonly
|
||
|
7FF7EBEAF000
|
unkown
|
page readonly
|
||
|
4BF6FF000
|
stack
|
page read and write
|
||
|
15524A1F000
|
heap
|
page read and write
|
||
|
155249E8000
|
heap
|
page read and write
|
||
|
4BFAFF000
|
stack
|
page read and write
|
||
|
7FF7EBEC5000
|
unkown
|
page readonly
|
||
|
7FF7EBE92000
|
unkown
|
page readonly
|
||
|
155249ED000
|
heap
|
page read and write
|
||
|
7FF7EBEBB000
|
unkown
|
page readonly
|
||
|
4BF5FF000
|
stack
|
page read and write
|
||
|
7FF7EBE7A000
|
unkown
|
page readonly
|
||
|
7FF7EBE92000
|
unkown
|
page readonly
|
||
|
155249EF000
|
heap
|
page read and write
|
||
|
7FF7EBEAA000
|
unkown
|
page readonly
|
||
|
15524989000
|
heap
|
page read and write
|
||
|
155250A5000
|
heap
|
page read and write
|
||
|
4BF3FE000
|
stack
|
page read and write
|
||
|
15524A55000
|
heap
|
page read and write
|
||
|
15524A24000
|
heap
|
page read and write
|
||
|
15524B70000
|
heap
|
page read and write
|
||
|
15526A90000
|
remote allocation
|
page read and write
|
||
|
155249FF000
|
heap
|
page read and write
|
||
|
7FF7EBE30000
|
unkown
|
page readonly
|
||
|
7FF7EBE8E000
|
unkown
|
page read and write
|
||
|
15526A90000
|
remote allocation
|
page read and write
|
||
|
155249FA000
|
heap
|
page read and write
|
||
|
7FF7EBE9E000
|
unkown
|
page readonly
|
||
|
7FF7EBEAA000
|
unkown
|
page readonly
|
||
|
7FF7EBEA3000
|
unkown
|
page readonly
|
||
|
4BFBFE000
|
stack
|
page read and write
|
||
|
7FF7EBEDF000
|
unkown
|
page readonly
|
||
|
4BF7FF000
|
stack
|
page read and write
|
||
|
7FF7EBE9E000
|
unkown
|
page readonly
|
||
|
15524980000
|
heap
|
page read and write
|
||
|
7FF7EBE7A000
|
unkown
|
page readonly
|
||
|
15524A2B000
|
heap
|
page read and write
|
||
|
15524CE0000
|
heap
|
page read and write
|
||
|
15525099000
|
heap
|
page read and write
|
There are 76 hidden memdumps, click here to show them.