IOC Report
73zGJqwgDy.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\73zGJqwgDy.exe
"C:\Users\user\Desktop\73zGJqwgDy.exe"
 malicious
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

URLs

Name
IP
Malicious
https://checkcloudnet.com/check/connectionUn
unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
unknown
https://checkcloudnet.com/check/connection&
unknown
https://sectigo.com/CPS0
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
unknown
http://ocsp.sectigo.com0
unknown
http://crl.usertrust.
unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
unknown
https://checkcloudnet.com/.
unknown
https://checkcloudnet.com/check/connectionT
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
unknown
https://checkcloudnet.com/check/connection
172.67.174.47
https://checkcloudnet.com/check/connectionlowed
unknown
https://checkcloudnet.com/
unknown
https://checkcloudnet.com/check/connectionPt
unknown
There are 7 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
checkcloudnet.com
172.67.174.47

IPs

IP
Domain
Country
Malicious
172.67.174.47
checkcloudnet.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Blob

Memdumps

Base Address
Regiontype
Protect
Malicious
16028BAC000
heap
page read and write
 malicious
16028D31000
heap
page read and write
 malicious
7FF79B681000
unkown
page execute read
 malicious
16028B9A000
heap
page read and write
 malicious
16028D31000
heap
page read and write
 malicious
16029181000
heap
page read and write
 malicious
7FF79B681000
unkown
page execute read
 malicious
16028BC6000
heap
page read and write
 malicious
16028B9B000
heap
page read and write
 malicious
16028DA2000
heap
page read and write
7FF79B6D7000
unkown
page read and write
16028B00000
heap
page read and write
7FF79B6DB000
unkown
page readonly
16028D97000
heap
page read and write
160291E2000
heap
page read and write
160291FE000
heap
page read and write
7FF79B6C4000
unkown
page readonly
14543FF000
stack
page read and write
16028D4B000
heap
page read and write
16028D3F000
heap
page read and write
16028BDA000
heap
page read and write
7FF79B6EC000
unkown
page readonly
14547FB000
stack
page read and write
16029223000
heap
page read and write
14542FE000
stack
page read and write
1602AC10000
remote allocation
page read and write
7FF79B728000
unkown
page readonly
16028D4A000
heap
page read and write
14541FF000
stack
page read and write
1602AC10000
remote allocation
page read and write
16028BAD000
heap
page read and write
7FF79B6D7000
unkown
page write copy
7FF79B6F8000
unkown
page readonly
14544FE000
stack
page read and write
16028B7A000
heap
page read and write
16028BD5000
heap
page read and write
7FF79B6F3000
unkown
page readonly
16028D92000
heap
page read and write
160291EE000
heap
page read and write
1453EF6000
stack
page read and write
7FF79B704000
unkown
page readonly
16028BDE000
heap
page read and write
16028D3F000
heap
page read and write
16028BD8000
heap
page read and write
16028BFC000
heap
page read and write
16028BE1000
heap
page read and write
16028B38000
heap
page read and write
16028B10000
heap
page read and write
1602AC10000
remote allocation
page read and write
16028D38000
heap
page read and write
7FF79B70E000
unkown
page readonly
7FF79B680000
unkown
page readonly
7FF79B6E7000
unkown
page readonly
16028BCE000
heap
page read and write
16029208000
heap
page read and write
16028D3C000
heap
page read and write
16028D38000
heap
page read and write
16028D9E000
heap
page read and write
16028E30000
heap
page read and write
16028BE5000
heap
page read and write
7FF79B704000
unkown
page readonly
14545FD000
stack
page read and write
14546FF000
stack
page read and write
1453FFE000
stack
page read and write
16028BC9000
heap
page read and write
16028B30000
heap
page read and write
7FF79B6EC000
unkown
page readonly
160291E7000
heap
page read and write
16028D4E000
heap
page read and write
16028B8B000
heap
page read and write
160291F2000
heap
page read and write
7FF79B680000
unkown
page readonly
14540FF000
stack
page read and write
16028DAE000
heap
page read and write
7FF79B6C4000
unkown
page readonly
16028D00000
heap
page read and write
7FF79B6E7000
unkown
page readonly
16028D30000
heap
page read and write
7FF79B6DB000
unkown
page readonly
16028BFC000
heap
page read and write
16028E35000
heap
page read and write
16029180000
heap
page read and write
7FF79B728000
unkown
page readonly
16028D3F000
heap
page read and write
7FF79B6F3000
unkown
page readonly
7FF79B6F8000
unkown
page readonly
16028D31000
heap
page read and write
7FF79B70E000
unkown
page readonly
There are 78 hidden memdumps, click here to show them.