Analysis Report https://covid19risk.biosci.gatech.edu/

Overview

General Information

Sample URL:	https://covid19risk.biosci.gatech.edu/
Analysis ID:	321184
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Allocates a big amount of memory (probably used for heap spraying)

Classification

Signatures

Software Vulnerabilities:

Allocates a big amount of memory (probably used for heap spraying)

Source: iexplore.exe

Memory has grown: Private usage: 0MB later: 201MB

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: covid19risk.biosci.gatech.edu

Source: matomo[1].js.2.dr	String found in binary or memory: http://bestiejs.github.io/json3
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://covid19risk.biosci.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://datainterfaces.org/projects/covid19eventi/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://ecotheory.biology.gatech.edu/
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.io
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://friendlycities.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://jordan.biology.gatech.edu/page/
Source: matomo[1].js.2.dr	String found in binary or memory: http://kit.mit-license.org
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://sjbeckett.github.io/
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://abc7news.com/covid-19-map-interactive-coronavirus-risk-calculator-cdc-guidelines-for/6355615
Source: js[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://aroonchan.de
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://blogs.scientificamerican.com/observations/online-covid-19-dashboard-calculates-how-risky-reo
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://cnecovid.isciii.es/covid19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://coronavirus.data.gov.uk
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://cos.gatech.edu/news/georgia-tech-researchers-release-county-level-calculator-estimate-risk-c
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19ireland-geohive.hub.arcgis.com/
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.bi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatecRoot
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-1
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-2M
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-2du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-3
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-4
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-4du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-5
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-6
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-6du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-1getting-sick/prevention.htmlAvailable%20data%20indi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-2
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-2getting-sick/prevention.htmlAvailable%20data%20indi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/$
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/5_50.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/?
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-19
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-1Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-2Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-3Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-4Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-5Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-6Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-1gett
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-2gett
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/ab-6041-6Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/hcp/duration
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/prevent-gett
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/ab-6041-6
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/ab-6041-6du/favicon.ico
Source: imagestore.dat.2.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico~&
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/n
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/og.png
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/tutorial.png
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covidtracking.com/api/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://crosscut.com/2020/03/slow-coronavirus-events-250-plus-people-are-banned-why-250
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://dailymemphian.com/article/15338/shelby-county-coronavirus-cases-grow-by-306
Source: matomo[1].js.2.dr	String found in binary or memory: https://developer.piwik.org/api-reference/tracking-javascript
Source: matomo[1].js.2.dr	String found in binary or memory: https://developer.piwik.org/guides/tracking-javascript-guide#multiple-piwik-trackers
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://doi.org/10.1038/s41562-020-01000-9
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://ecotheory.biosci.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://eventosycovid19.es
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://figshare.com/articles/COVID-19_Event_Risk_Assessment_Planner/11965533
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/appliedbinf/covid19-event-risk-planner
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/jsweitz/covid-19-event-risk-planner
Source: js[1].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: matomo[1].js.2.dr	String found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/nytimes/covid-19-data
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/openZH/covid_19
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/pcm-dpc/COVID-19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://gvwire.com/2020/08/06/if-100-people-go-to-a-party-in-fresno-county-its-99-someone-has-covid-
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://knight-hennessy.stanford.edu/program/scholars/2019/mallory-harris
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://kutv.com/news/local/how-likely-are-you-to-get-covid-19-this-new-map-will-tell-you
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://onemocneni-aktualne.mzcr.cz/covid-19
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: matomo[1].js.2.dr	String found in binary or memory: https://piwik.org
Source: matomo[1].js.2.dr	String found in binary or memory: https://piwik.org/free-software/bsd/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://rstudio.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://scholar.google.com/citations?user=-LBmdhYAAAAJ&hl=en
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://scholar.google.com/citations?user=tygOpuIAAAAJ&hl=en
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://seolhalee.github.io/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://slate.com/technology/2020/05/coronavirus-reopening-math.html
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://twitter.com/joshuasweitz/status/1237556232304508928?s=20
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://twitter.com/malar0ne
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.abil.ihrc.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.ajc.com/blog/get-schooled/scientists-the-math-show-how-large-events-like-march-madness-c
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.atlantamagazine.com/news-culture-articles/coronavirus-cancels-atlanta/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.bloomberg.com/news/newsletters/2020-08-12/maplab-an-actionable-map-of-covid-risk
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.boston.com/news/coronavirus/2020/08/03/interactive-tool-to-determine-your-covid-19-dange
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.bostonglobe.com/2020/11/10/nation/youre-not-doomed-zoom-how-have-safer-thanksgiving-duri
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/co
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20i
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.htmlAvailable%20data%20ind
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.census.gov/data/tables/time-series/demo/popest/2010s-state-total.html
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.data.gouv.fr/fr/datasets/donnees-relatives-aux-resultats-des-tests-virologiques-covid-19
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.data.gv.at/covid-19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.fox5atlanta.com/news/here-are-three-new-ways-to-tell-whether-were-beating-covid-19
Source: js[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-45174995-12
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.healthline.com/health-news/covid19-tracker-assesses-risk-public-gatherings
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.kare11.com/article/news/health/coronavirus/georgia-tech-covid-19-risk-calculator-map-sho
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.latimes.com/science/story/2020-11-11/covid-19-risk-thanksgiving-2020-what-to-expect
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.masslive.com/coronavirus/2020/07/what-are-the-chances-someone-at-your-gathering-in-massa
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nationalgeographic.com/science/2020/03/graphic-see-why-small-groups-are-safer-during-cov
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nature.com/articles/d41591-020-00005-1
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nature.com/articles/s41562-020-01000-9/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nbcsandiego.com/news/local/new-tool-shows-risk-of-encountering-someone-with-covid-19/238
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.newsweek.com/trump-rally-tulsa-oklahoma-coronavirus-cases-covid-19-1511021
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.politico.com/newsletters/politico-nightly-coronavirus-special-edition/2020/07/23/the-pan
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sfchronicle.com/bayarea/article/If-25-people-gather-in-SF-odds-are-34-that-at-15458554.p
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sfgate.com/news/article/Interactive-map-tells-you-how-likely-it-is-15461395.php
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sltrib.com/news/2020/08/02/answers-utahns-frequently/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.webmd.com/lung/news/20201109/whats-my-risk-of-covid
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/thinking-about-a-holiday-gathering-look-at-this-map/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/to-navigate-risk-in-a-pandemic-you-need-a-color-coded-chart/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/whats-social-distancing-flattening-curve-covid-19-questions/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: clean0.win@3/56@7/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5F91CC1A9FC0CE82.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.93.50.164	unknown	United States		54540	INCERO-HVVCUS	false
130.207.66.12	unknown	United States		2637	GEORGIA-TECHUS	false

Contacted Domains

Name	IP	Active
matomo.chande.science	172.93.50.164	true
bioappweitzweb.biosci.gatech.edu	130.207.66.12	true
covid19risk.biosci.gatech.edu	unknown	unknown
d.basemaps.cartocdn.com	unknown	unknown
c.basemaps.cartocdn.com	unknown	unknown
b.basemaps.cartocdn.com	unknown	unknown
a.basemaps.cartocdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://covid19risk.biosci.gatech.edu/#tab-6041-6	false	high
https://covid19risk.biosci.gatech.edu/#tab-6041-5	false	high
https://covid19risk.biosci.gatech.edu/	false	high
https://covid19risk.biosci.gatech.edu/#tab-6041-4	false	high
https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20indicate%20that%20persons,20%20days%20after%20symptom%20onset	false	high
https://covid19risk.biosci.gatech.edu/#tab-7270-2	false	high
https://covid19risk.biosci.gatech.edu/#tab-6041-3	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\8N33DYTK\covid19risk.biosci.gatech[1].xml	ASCII text, with no line terminators	C1DDEA3EF6BBEF3E7060A1A9AD89E4C5	35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966	B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BDD8802F-2B84-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A418E6E3A6CBCCE1FEA485630AFC3E60	CF5C8DF067A7870FAE9B9E708556918EE690769A	5BC9C4454AB8800F8DE13EFF6B7A16777D5E3043FC6E40BFCA700B2FE7CC1860
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	5B0B9A53F1B33D690FD6A8E3DF9FD849	08FDB76279B4DC3DC5CFD7CF3FE20537688C017B	09F392D17073BE5D2FA669C6490212E50E6F7FE3396B8D85A297F10DCFA37A89
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C40E5326-2B84-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	887E6685FC54116912A8E11E097BA6D7	6ED567EDB6E8C672949839FE28300F7537AEFDA0	60AEE06D9D13054BA1536CFB2206C4CB4FB5583800B7613C997ECEB8E849159D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	970650DBAEB73DC63C86EA7FF6636BBD	F7862A8884799D802EA13E2B67BC2B50B34C54A7	BF293D85B63DA7C947C9F31D0EEC0EDFD5948EF7051F703AD6956C0CB16D29B6
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4DD870AFD7E8C8F61D88345A0652331C	7B9C7E447A10941E5F3B2315CF89F622053C098A	27169479D838E778CE25834C4BB9696073084C09FD653715CC52A20E410004E2
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	33E43C2D4F62351FCD8E5B66F5F1CFFC	21550BF5B419938E53B7334F60F6F20C32B54ADF	517A8CA2EF591878A27BFE2F3218864B00ECEBB24C4FEFB0E4CAB7801D7183DB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	8A9BCA5BE3CA1BDEFCCFE17FEA124D48	EF7A2893F18B29A49287A92BD8F21E49936A8C12	BFE5AF5AC0184214FC2D78E77AA0194602C78AD4CA91AB042D950CBA98035A33
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	6FFC91198DD04C9DAA513131500AA235	B2F85F6D5A295A5D3BAA8E484E84F04BB54F616A	344669A60BA8749267789CC3B122453911656316B51D106B1CEA8EED492AE001
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	B50300219F4B1144A3F5437019B9103B	3B35B029FD8E0D05B437467794648E436F9A09DC	67AB4E189866C0FD978E6690BF572DC6DBFB6E94906EA8A3A59B8F5EE853FACD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	DA042BC6AB6813CE474A5C640BBDFA94	E37C268A7902833BD8695D0170294B944C2BB05B	B1B68640B06D3FFA87F801514DE9F965070329CEEFF1927FC6CE573C1BE4BFCA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	1A7153D22E0E3452ECEDF1509DDEF2F6	8460634EDC3CA8A4021FEFF949C89029F861899A	79AA3D283E239A093969E4E00B59AFAA4D6269F2BF72248C385BF3F86D8CC9D6
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	EBEEBD22883D96B248C84701B5ED9F15	2155D8D69809638F2F0D723F4764363F58C1E6A1	B51907DE9164A2A334269409F394708EA38FD9D3F0A4899068E95652F9A882C5
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	D078119714D111AFCAB6717D8FAF91E8	ECE9A2313A8391DCCCFDD9282CD1B945862FFF2C	FFD33564B785EC47715DCDFE631A81348AA5CAA7890331DA32F236FF703013F8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5_50[1].htm	HTML document, ASCII text, with very long lines	D5DF33D48580665F0FFB9AC949E9E798	694C5361A03F227894C8CDBB27D3080A0E8D53F8	6CFDCFF2CAC0FE7BEE829AD1732644FDA1545E8046DC7B50F351CF4B98950AA5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\6[1].png	PNG image data, 256 x 256, 1-bit colormap, non-interlaced	C8EC1F81F88E62CF5E1ED4AB69A7806B	F0C70DE6BC12597BF3A58E5479E10DF3D15048AA	AC71F70963C6BC771B87B03E52A50B57F5F85E63527B517E8D6B46B843775B1A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\7[1].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	B64E750EBA304D8B1FEC58F7215261C5	CAA949EA822B662B9F812A5EBA863CCAC6E71F0E	2FE7D0B1033944C8E7F9B82941A7AAFDD651C11D69DE3D6B0D60D3B54484D23B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\7[2].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	95F64AA30B64F5C8DE27FE9D307701DC	8D45E81E12B49B418B35777EAD512974B1906A2A	17E323B9C2A938A2EA51CAB7EA6B565EF4FC2781E9C15BF9F29820DE8288B060
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\J9KGT5IT.htm	HTML document, UTF-8 Unicode text, with very long lines	813C8C512DF0DB368336F0A4A0ABA3B0	55ED12D387C631399C2D6C2AFD9859CE67500901	7C8E0652E24B6ECC4C2DE30A0B273684506B93A396F0E1D5165A517814B4D20F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	1A2B1B2A10E71FF8F86823637C5FABB2	14B3199CF7C5B7EED9D7C8B4F423828C024A8E82	BF5110DC5C3BD526C3A427691D4A0028F5EF1EB52A609C405D3E14EA3236017B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\matomo[1].js	ASCII text, with very long lines	434F3D0418B4425917954BF073F4D262	1119AD5F14FE6A7CE2CC7BDAEA72245D5E05C71A	0995371A359A4A701D66F8B183DE6144DE9A042E5BAC84B6F920968F51567742
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7[1].png	PNG image data, 256 x 256, 4-bit colormap, non-interlaced	DD20A33E46E382BA6F88440E01DDEF69	BA065756A1629154CA15BC42E3E87A8B9CE8669B	EE2FB2562F8B1598FCC4340CC7F41AD50908C1DBD6CECC5C528894D359806F4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\7[2].png	PNG image data, 256 x 256, 4-bit colormap, non-interlaced	CE05E96AF1DD023C8F1C34E821D7A8BF	F18F0883309BAD42B2D6DED922E5361BFD157D21	E491D92024571CA57C8ADF23A743980D488BA4C2D9B65C1D0EA4FD074E0B87CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	DFEABDE84792228093A5A270352395B6	E41258C9576721025926326F76063C2305586F76	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js	ASCII text, with very long lines	53EE95B384D866E8692BB1AEF923B763	A82812B87B667D32A8E51514C578A5175EDD94B4	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[1].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	CBE5DCE9FF8B165B749589F69769B4D9	BC65680A47EA4C94D21FBF7AA802D82D7E610EAC	321DE44375082B3669485CF0A8C6384D77569126DBBA2ACDC33CA8612679ED8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[2].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	32BCC44EB25B400FC32C76FC33A3307B	7F87D1235E5F8467CDA4AC9B9D82CA702E8EBE51	8D7AD0F153B314DCC2E8A24611C7D36272AB7A720AAD098CEC6D3ADA5BCCDA81
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[3].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	3116FD58A19EB284546DAB18245582D5	96AB5E2B51DACB149054EC162DCF1AB6F6E63F02	BE2315771C1D96FDC42E9A71B71C92401E898E1583B922C16C0C91B01917B298
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5[4].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	EDEE9E19D27BCBDB71CB3EE15B273028	0D97AE2247764B475F4A30EE4F095C18B637A6C7	E8A645FA342AE8402D7922C2FC58AAA32D5993594DA2410F61E3D30C608B6B68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\5_50[1].htm	HTML document, ASCII text, with very long lines	D5DF33D48580665F0FFB9AC949E9E798	694C5361A03F227894C8CDBB27D3080A0E8D53F8	6CFDCFF2CAC0FE7BEE829AD1732644FDA1545E8046DC7B50F351CF4B98950AA5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[1].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	9E2C2C048DF9992AEE98689E00B5DD6F	C073F0593C2B4693E077103F54CC0752B99478D5	53747D63EBFDCC181D91CD4AF911FDDEE7285F8A2644ED667DCF4117E07C3ED1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[2].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	8532E94D07EE477DC456300955F2115D	94BC8B7590384A277947E5E77ED4369A0E78B8D4	7B9A4EC0EF332911A46F4C1B18704476004685A9062EEB4F47DD3FF560066AFB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[3].png	PNG image data, 256 x 256, 1-bit colormap, non-interlaced	C8EC1F81F88E62CF5E1ED4AB69A7806B	F0C70DE6BC12597BF3A58E5479E10DF3D15048AA	AC71F70963C6BC771B87B03E52A50B57F5F85E63527B517E8D6B46B843775B1A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\6[4].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	FCD49E070E0F673538B857B03F1530AB	10B3704A87A0559A2134931F514C4C319E1E75B9	14AF5797249EA620BCAB92D84D1BE119B9840D89DD6D10589802BA11ED4D0402
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	1A2B1B2A10E71FF8F86823637C5FABB2	14B3199CF7C5B7EED9D7C8B4F423828C024A8E82	BF5110DC5C3BD526C3A427691D4A0028F5EF1EB52A609C405D3E14EA3236017B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\5[1].png	PNG image data, 256 x 256, 1-bit colormap, non-interlaced	C8EC1F81F88E62CF5E1ED4AB69A7806B	F0C70DE6BC12597BF3A58E5479E10DF3D15048AA	AC71F70963C6BC771B87B03E52A50B57F5F85E63527B517E8D6B46B843775B1A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\7[1].png	PNG image data, 256 x 256, 8-bit colormap, non-interlaced	3C43D288578FA26FEF894F325BF09E1C	C5183FE9EA6DBB7DDE8BE5E89092B6C456CE361A	FC07ACA3AC30BF00E438BF86099B83094DA322DEA426193152C61E268997416F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\J8TWWBAX.htm	HTML document, UTF-8 Unicode text, with very long lines	5B6427D26205709DB2939EEEEE50C457	AA268CFDFB9925F51D8097704F7D2AFD20618F5E	E6287A98AD1AEA9D8847E089DD7EF3D66EADDC8764E95B522AA7263364E93794
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	DFEABDE84792228093A5A270352395B6	E41258C9576721025926326F76063C2305586F76	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\UT6BD5TO.htm	HTML document, UTF-8 Unicode text, with very long lines	684487952F5FEFB6084275573FF4A9BC	F723E07F5AAE7D42DA67E9D487251D61D171ED15	1A5CDE91F7D441CF9FC34D1540E0114ECF1DF4535BE12B55779E687B9C683253
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	2DC61EB461DA1436F5D22BCE51425660	E1B79BCAB0F073868079D807FAEC669596DC46C1	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	2DC61EB461DA1436F5D22BCE51425660	E1B79BCAB0F073868079D807FAEC669596DC46C1	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\favicon[1].ico	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	1A2B1B2A10E71FF8F86823637C5FABB2	14B3199CF7C5B7EED9D7C8B4F423828C024A8E82	BF5110DC5C3BD526C3A427691D4A0028F5EF1EB52A609C405D3E14EA3236017B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\js[1].js	ASCII text, with very long lines	47B9E15B3916750C526DBC0B01F1481A	461CA764C000D7BA56F2C03D08506C7E58234A31	33825B26BE1CC3A5B642CB9950B2359D709745B35A6D7ACC9E7B55BA940538DD
C:\Users\user\AppData\Local\Temp\dat3A8F.tmp	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Temp\dat96BD.tmp	Embedded OpenType (EOT), FontAwesome family	674F50D287A8C48DC19BA404D20FE713	D980C2CE873DC43AF460D4D572D441304499F400	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
C:\Users\user\AppData\Local\Temp\~DF4BE3F9F4AEA229CF.TMP	data	38181FDFEEDB21DD9CAC5B1E3AD1A76B	D58A293CA2ACB7962407D08CC6F59147605D1F15	8BA71C41943D74CAE8D4473F210CC31ABE9A14223A1B87824FB27B68B24A5ADA
C:\Users\user\AppData\Local\Temp\~DF5F91CC1A9FC0CE82.TMP	data	7AE6223AF1D4AA23501D42717F4D6AEE	19FFD31594E88483994B6A92BBCDA93689310DC3	7A9B4BF02B439FBEF10932F56ADF46126DA589C7B274756338CE02ABE914BFA2
C:\Users\user\AppData\Local\Temp\~DFD87BB83FAD412A7E.TMP	data	94F596CB1DB92F568DD3286AF652971A	DF87D8F0C82234CC0C1674FAE8BBECD330EF1C24	90866272CE3361FBE7E0678E66B1B8C31E700DDBF5AC9391596176F2ED95AC20
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HU3ZWV9Z5JLQJQUXSG7Y.temp	data	D5E8AE99358C43F1DF5259F2A6CC93B3	74567FC4E0E24647BD5B5CC4925B392466D3E099	C37050FD3637D7B7888D6BAED2FBFDC3C7C393F712533C8325139D684B726605

Software Vulnerabilities:

Allocates a big amount of memory (probably used for heap spraying)

Source: iexplore.exe

Memory has grown: Private usage: 0MB later: 201MB

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9ccff3d8,0x01d6bf91</date><accdate>0x9ccff3d8,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9cd4b890,0x01d6bf91</date><accdate>0x9cd4b890,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9cd71af4,0x01d6bf91</date><accdate>0x9cd71af4,0x01d6bf91</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: covid19risk.biosci.gatech.edu

Source: matomo[1].js.2.dr	String found in binary or memory: http://bestiejs.github.io/json3
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://covid19risk.biosci.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://datainterfaces.org/projects/covid19eventi/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://ecotheory.biology.gatech.edu/
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.io
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: dat96BD.tmp.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://friendlycities.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://jordan.biology.gatech.edu/page/
Source: matomo[1].js.2.dr	String found in binary or memory: http://kit.mit-license.org
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: http://sjbeckett.github.io/
Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://abc7news.com/covid-19-map-interactive-coronavirus-risk-calculator-cdc-guidelines-for/6355615
Source: js[1].js.2.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://aroonchan.de
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://blogs.scientificamerican.com/observations/online-covid-19-dashboard-calculates-how-risky-reo
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://cnecovid.isciii.es/covid19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://coronavirus.data.gov.uk
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://cos.gatech.edu/news/georgia-tech-researchers-release-county-level-calculator-estimate-risk-c
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19ireland-geohive.hub.arcgis.com/
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.bi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatecRoot
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-1
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-2M
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-2du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-3
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-4
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-4du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-5
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-6
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-6041-6du/favicon.ico
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-1getting-sick/prevention.htmlAvailable%20data%20indi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-2
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/#tab-7270-2getting-sick/prevention.htmlAvailable%20data%20indi
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/$
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/5_50.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/?
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-19
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-1Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-2Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-3Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-4Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-5Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-6041-6Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-1gett
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/#tab-7270-2gett
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-osci.gatech.edu/ab-6041-6Root
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/hcp/duration
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/XCOVID-ronavirus/2019-ncov/prevent-gett
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/ab-6041-6
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/ab-6041-6du/favicon.ico
Source: imagestore.dat.2.dr, ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico
Source: imagestore.dat.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico~
Source: imagestore.dat.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/favicon.ico~&
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/n
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/og.png
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covid19risk.biosci.gatech.edu/tutorial.png
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://covidtracking.com/api/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://crosscut.com/2020/03/slow-coronavirus-events-250-plus-people-are-banned-why-250
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://dailymemphian.com/article/15338/shelby-county-coronavirus-cases-grow-by-306
Source: matomo[1].js.2.dr	String found in binary or memory: https://developer.piwik.org/api-reference/tracking-javascript
Source: matomo[1].js.2.dr	String found in binary or memory: https://developer.piwik.org/guides/tracking-javascript-guide#multiple-piwik-trackers
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://doi.org/10.1038/s41562-020-01000-9
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://ecotheory.biosci.gatech.edu/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://eventosycovid19.es
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://figshare.com/articles/COVID-19_Event_Risk_Assessment_Planner/11965533
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/appliedbinf/covid19-event-risk-planner
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/jsweitz/covid-19-event-risk-planner
Source: js[1].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: matomo[1].js.2.dr	String found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/nytimes/covid-19-data
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/openZH/covid_19
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://github.com/pcm-dpc/COVID-19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://gvwire.com/2020/08/06/if-100-people-go-to-a-party-in-fresno-county-its-99-someone-has-covid-
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://knight-hennessy.stanford.edu/program/scholars/2019/mallory-harris
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://kutv.com/news/local/how-likely-are-you-to-get-covid-19-this-new-map-will-tell-you
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://onemocneni-aktualne.mzcr.cz/covid-19
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: matomo[1].js.2.dr	String found in binary or memory: https://piwik.org
Source: matomo[1].js.2.dr	String found in binary or memory: https://piwik.org/free-software/bsd/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://rstudio.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://scholar.google.com/citations?user=-LBmdhYAAAAJ&hl=en
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://scholar.google.com/citations?user=tygOpuIAAAAJ&hl=en
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://seolhalee.github.io/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://slate.com/technology/2020/05/coronavirus-reopening-math.html
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://twitter.com/joshuasweitz/status/1237556232304508928?s=20
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://twitter.com/malar0ne
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.abil.ihrc.com/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.ajc.com/blog/get-schooled/scientists-the-math-show-how-large-events-like-march-madness-c
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.atlantamagazine.com/news-culture-articles/coronavirus-cancels-atlanta/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.bloomberg.com/news/newsletters/2020-08-12/maplab-an-actionable-map-of-covid-risk
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.boston.com/news/coronavirus/2020/08/03/interactive-tool-to-determine-your-covid-19-dange
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.bostonglobe.com/2020/11/10/nation/youre-not-doomed-zoom-how-have-safer-thanksgiving-duri
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/co
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/hcp/duration-isolation.html#:%7E:text=Available%20data%20i
Source: {BDD88031-2B84-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.html
Source: ~DFD87BB83FAD412A7E.TMP.1.dr	String found in binary or memory: https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.htmlAvailable%20data%20ind
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.census.gov/data/tables/time-series/demo/popest/2010s-state-total.html
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.data.gouv.fr/fr/datasets/donnees-relatives-aux-resultats-des-tests-virologiques-covid-19
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.data.gv.at/covid-19/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.fox5atlanta.com/news/here-are-three-new-ways-to-tell-whether-were-beating-covid-19
Source: js[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: js[1].js.2.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-45174995-12
Source: js[1].js.2.dr	String found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.healthline.com/health-news/covid19-tracker-assesses-risk-public-gatherings
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.kare11.com/article/news/health/coronavirus/georgia-tech-covid-19-risk-calculator-map-sho
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.latimes.com/science/story/2020-11-11/covid-19-risk-thanksgiving-2020-what-to-expect
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.masslive.com/coronavirus/2020/07/what-are-the-chances-someone-at-your-gathering-in-massa
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nationalgeographic.com/science/2020/03/graphic-see-why-small-groups-are-safer-during-cov
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nature.com/articles/d41591-020-00005-1
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nature.com/articles/s41562-020-01000-9/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.nbcsandiego.com/news/local/new-tool-shows-risk-of-encountering-someone-with-covid-19/238
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.newsweek.com/trump-rally-tulsa-oklahoma-coronavirus-cases-covid-19-1511021
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.politico.com/newsletters/politico-nightly-coronavirus-special-edition/2020/07/23/the-pan
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sfchronicle.com/bayarea/article/If-25-people-gather-in-SF-odds-are-34-that-at-15458554.p
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sfgate.com/news/article/Interactive-map-tells-you-how-likely-it-is-15461395.php
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.sltrib.com/news/2020/08/02/answers-utahns-frequently/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.webmd.com/lung/news/20201109/whats-my-risk-of-covid
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/thinking-about-a-holiday-gathering-look-at-this-map/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/to-navigate-risk-in-a-pandemic-you-need-a-color-coded-chart/
Source: UT6BD5TO.htm.2.dr	String found in binary or memory: https://www.wired.com/story/whats-social-distancing-flattening-curve-covid-19-questions/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: clean0.win@3/56@7/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5F91CC1A9FC0CE82.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2600 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

ID:	321184
Product:	CloudBasic
Start time:	15:03:42
Start date:	20.11.2020
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report https://covid19risk.biosci.gatech.edu/

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs