Source: global traffic |
HTTP traffic detected: GET /_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: www.floridahealth.govConnection: Keep-Alive |
Source: unknown |
DNS traffic detected: queries for: www.floridahealth.gov |
Source: wget.exe, 00000002.00000002.260541552.0000000000BC0000.00000004.00000020.sdmp, cmdline.out.2.dr |
String found in binary or memory: http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-va |
Source: classification engine |
Classification label: clean0.win@4/2@1/1 |
Source: C:\Windows\SysWOW64\cmd.exe |
File created: C:\Users\user\Desktop\cmdline.out |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6604:120:WilError_01 |
Source: C:\Windows\SysWOW64\wget.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png' > cmdline.out 2>&1 |
|
Source: unknown |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png' |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.floridahealth.gov/_documents/newsroom/press-releases/2021/01/010421-COVID-19-main-page-vaccine-update.png' |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: wget.exe, 00000002.00000002.260556415.0000000000D58000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Windows\SysWOW64\wget.exe |
Queries volume information: C:\Users\user\Desktop\download VolumeInformation |
Jump to behavior |