Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\892016_Past Invoice_03_26_2024_48118858_756483.wsf"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://apllicam.com/operational-resoufrces
|
104.21.48.77
|
|
|
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://apllicam.com/operational-resoufrces.)Settings
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apllicam.com
|
104.21.48.77
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.48.77
|
apllicam.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
209F000
|
stack
|
page read and write
|
||
|
39A2000
|
heap
|
page read and write
|
||
|
169000
|
stack
|
page read and write
|
||
|
398B000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2B9000
|
heap
|
page read and write
|
||
|
3E2B000
|
heap
|
page read and write
|
||
|
3E13000
|
heap
|
page read and write
|
||
|
250000
|
remote allocation
|
page read and write
|
||
|
399F000
|
heap
|
page read and write
|
||
|
3DC3000
|
heap
|
page read and write
|
||
|
3DC3000
|
heap
|
page read and write
|
||
|
3D8E000
|
heap
|
page read and write
|
||
|
2BC000
|
heap
|
page read and write
|
||
|
3DC6000
|
heap
|
page read and write
|
||
|
425F000
|
stack
|
page read and write
|
||
|
3DA3000
|
heap
|
page read and write
|
||
|
2490000
|
heap
|
page read and write
|
||
|
3E11000
|
heap
|
page read and write
|
||
|
3DB3000
|
heap
|
page read and write
|
||
|
3980000
|
heap
|
page read and write
|
||
|
165000
|
stack
|
page read and write
|
||
|
3DB3000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
29E000
|
heap
|
page read and write
|
||
|
3A8000
|
heap
|
page read and write
|
||
|
4850000
|
heap
|
page read and write
|
||
|
3D9F000
|
heap
|
page read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
3DC3000
|
heap
|
page read and write
|
||
|
3E11000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
3E13000
|
heap
|
page read and write
|
||
|
3D80000
|
heap
|
page read and write
|
||
|
2674000
|
heap
|
page read and write
|
||
|
3E23000
|
heap
|
page read and write
|
||
|
3DBF000
|
heap
|
page read and write
|
||
|
39A2000
|
heap
|
page read and write
|
||
|
3DA6000
|
heap
|
page read and write
|
||
|
3D9F000
|
heap
|
page read and write
|
||
|
3E23000
|
heap
|
page read and write
|
||
|
3994000
|
heap
|
page read and write
|
||
|
3DAD000
|
heap
|
page read and write
|
||
|
3D98000
|
heap
|
page read and write
|
||
|
3DA9000
|
heap
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
1D60000
|
heap
|
page read and write
|
||
|
2371000
|
heap
|
page read and write
|
||
|
1D9B000
|
heap
|
page read and write
|
||
|
3E21000
|
heap
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
3E13000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
3DAB000
|
heap
|
page read and write
|
||
|
3E13000
|
heap
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
39A3000
|
heap
|
page read and write
|
||
|
414F000
|
stack
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
4950000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
3E23000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
250000
|
remote allocation
|
page read and write
|
||
|
3DB3000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
4393000
|
heap
|
page read and write
|
||
|
267000
|
heap
|
page read and write
|
||
|
3E2B000
|
heap
|
page read and write
|
||
|
3FDC000
|
stack
|
page read and write
|
||
|
3E11000
|
heap
|
page read and write
|
||
|
3E11000
|
heap
|
page read and write
|
||
|
3DC4000
|
heap
|
page read and write
|
||
|
3E23000
|
heap
|
page read and write
|
||
|
471E000
|
stack
|
page read and write
|
||
|
3DF0000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
1D65000
|
heap
|
page read and write
|
||
|
4380000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
3E2B000
|
heap
|
page read and write
|
||
|
3DC3000
|
heap
|
page read and write
|
||
|
25A6000
|
heap
|
page read and write
|
||
|
3DB3000
|
heap
|
page read and write
|
There are 77 hidden memdumps, click here to show them.