Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://www.sbsi.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19507BCD-5A44-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19507BCF-5A44-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{206213CC-5A44-11EB-90EB-ECF4BBEA1588}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\actividade_sindical_styles[1].css
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\covid19vacina1212021[1].htm
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\covid19vacina1212021[2].htm
|
HTML document, UTF-8 Unicode text, with very long lines
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\Plano%20Vacina o%20Covid%2019%20quem%20pode%20aceder%20
s%20fases%20priorit rias[1].htm
|
HTML document, UTF-8 Unicode text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\actividade_sindical_home_styles[1].css
|
ASCII text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].htm
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\footer-bckg[1].htm
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Plano%20Vacina o%20Covid%2019%20quem%20pode%20aceder%20
s%20fases%20priorit rias[1].jpg
|
[TIFF image data, big-endian, direntries=8, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe
Photoshop 22.1 (Windows), datetime=2021:01:12 15:41:49], baseline, precision 8, 2361x3450, frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\covid19vacina1212021[1].htm
|
HTML document, UTF-8 Unicode text, with very long lines
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\favicon[1].htm
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\footer-bckg[1].png
|
PNG image data, 750 x 46, 8-bit/color RGBA, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF34E248AF8712045E.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFBB341796908C5BEC.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFEDD6EA601E384568.TMP
|
data
|
dropped
|
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7024 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.mais.pt/bo/Entidades/PublishingImages/footer-bckg.png
|
193.126.51.80
|
|
|
|
http://www.mais.pt/bo/Entidades/PublishingImages/Plano
|
unknown
|
|
|
|
http://www.sbsi.pt
|
unknown
|
|
|
|
https://www.mais.pt/at
|
unknown
|
|
|
|
https://www.sbsi.pt/bo/Entidades/PublishingImages/Plano%20Vacina
|
unknown
|
|
|
|
http://www.link.pt
|
unknown
|
|
|
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspxiv
|
unknown
|
|
|
|
http://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
193.126.51.80
|
|
|
|
http://www.mais.pt/bo/Entidades/PublishingImages/Plano%20Vacina%C3%A7%C3%A3o%20Covid%2019%20quem%20pode%20aceder%20%C3%A0s%20fases%20priorit%C3%A1rias.jpg
|
193.126.51.80
|
|
|
|
https://www.sbsi.pt/bo/Entidades/PublishingImages/footer-bckg.png
|
unknown
|
|
|
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
unknown
|
|
|
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspxRo
|
unknown
|
|
|
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
|
||
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx12
|
unknown
|
|
|
|
https://www.sbsi.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
unknown
|
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.sbsi.pt
|
193.126.51.80
|
|
|
|
www.mais.pt
|
193.126.51.80
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
193.126.51.80
|
unknown
|
Portugal
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{19507BCD-5A44-11EB-90EB-ECF4BBEA1588}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF5535F7000
|
unkown
|
page readonly
|
|
|
|
7FF55E077000
|
unkown
|
page readonly
|
|
|
|
7FF5535CC000
|
unkown
|
page readonly
|
|
|
|
7FF55E484000
|
unkown
|
page readonly
|
|
|
|
210CD902000
|
unkown
|
page read and write
|
|
|
|
7FF553576000
|
unkown
|
page readonly
|
|
|
|
7FF5535EB000
|
unkown
|
page readonly
|
|
|
|
7FF55E06F000
|
unkown
|
page readonly
|
|
|
|
210CD870000
|
unkown
|
page read and write
|
|
|
|
7FF55E3D8000
|
unkown
|
page readonly
|
|
|
|
7FF553624000
|
unkown
|
page readonly
|
|
|
|
210CD800000
|
unkown
|
page read and write
|
|
|
|
7FF55E39E000
|
unkown
|
page readonly
|
|
|
|
25692FD0000
|
unkown
|
page readonly
|
|
|
|
25691437000
|
unkown
|
page read and write
|
|
|
|
7FF55E342000
|
unkown
|
page readonly
|
|
|
|
7FF4F17E6000
|
unkown
|
page readonly
|
|
|
|
7FF55363E000
|
unkown
|
page readonly
|
|
|
|
210CD690000
|
heap default
|
page read and write
|
|
|
|
7FF55E3EA000
|
unkown
|
page readonly
|
|
|
|
7FF4F179C000
|
unkown
|
page readonly
|
|
|
|
210CD879000
|
unkown
|
page read and write
|
|
|
|
3BC56F7000
|
unkown
|
page read and write
|
|
|
|
7FF4F17D8000
|
unkown
|
page readonly
|
|
|
|
7FF55E06A000
|
unkown
|
page readonly
|
|
|
|
7FF553659000
|
unkown
|
page readonly
|
|
|
|
7FF4F17CF000
|
unkown
|
page readonly
|
|
|
|
7FF55364E000
|
unkown
|
page readonly
|
|
|
|
7FF55E3F4000
|
unkown
|
page readonly
|
|
|
|
210CE200000
|
unkown
|
page readonly
|
|
|
|
7FF55360C000
|
unkown
|
page readonly
|
|
|
|
7FF55E419000
|
unkown
|
page readonly
|
|
|
|
256916D0000
|
unkown
|
page write copy
|
|
|
|
25692ED0000
|
unkown
|
page read and write
|
|
|
|
7FF55DC01000
|
unkown
|
page readonly
|
|
|
|
1C674C45000
|
heap private
|
page read and write
|
|
|
|
7FF4F16D4000
|
unkown
|
page readonly
|
|
|
|
25691400000
|
unkown
|
page read and write
|
|
|
|
7FF4F1330000
|
unkown
|
page readonly
|
|
|
|
7FF5532BD000
|
unkown
|
page readonly
|
|
|
|
210CD780000
|
unkown
|
page readonly
|
|
|
|
7FF55DBFD000
|
unkown
|
page readonly
|
|
|
|
1C674A80000
|
unkown
|
page readonly
|
|
|
|
7FF55E3AB000
|
unkown
|
page readonly
|
|
|
|
7FF4F17B4000
|
unkown
|
page readonly
|
|
|
|
7FF4F176A000
|
unkown
|
page readonly
|
|
|
|
7FF4F1861000
|
unkown
|
page readonly
|
|
|
|
7FF55E363000
|
unkown
|
page readonly
|
|
|
|
1C674A50000
|
unkown
|
page read and write
|
|
|
|
9FAC77E000
|
unkown
|
page read and write
|
|
|
|
7FF4F177B000
|
unkown
|
page readonly
|
|
|
|
7FF55E3CC000
|
unkown
|
page readonly
|
|
|
|
F09C97E000
|
unkown
|
page read and write
|
|
|
|
7FF4F1613000
|
unkown
|
page readonly
|
|
|
|
7FF553673000
|
unkown
|
page readonly
|
|
|
|
7FF4F0FA4000
|
unkown
|
page readonly
|
|
|
|
7FF4F1775000
|
unkown
|
page readonly
|
|
|
|
7FF4F0FAA000
|
unkown
|
page readonly
|
|
|
|
F09CB7F000
|
unkown
|
page read and write
|
|
|
|
7FF5536D2000
|
unkown
|
page readonly
|
|
|
|
7FF4F1770000
|
unkown
|
page readonly
|
|
|
|
1C674BC0000
|
unkown
|
page readonly
|
|
|
|
F09CA7A000
|
unkown
|
page read and write
|
|
|
|
7FF553360000
|
unkown
|
page readonly
|
|
|
|
1C674A70000
|
unkown
|
page readonly
|
|
|
|
7FF55E3A0000
|
unkown
|
page readonly
|
|
|
|
3BC547C000
|
unkown
|
page read and write
|
|
|
|
1C674BE0000
|
unkown
|
page readonly
|
|
|
|
7FF4F1787000
|
unkown
|
page readonly
|
|
|
|
3BC57FF000
|
unkown
|
page read and write
|
|
|
|
1C674C40000
|
heap private
|
page read and write
|
|
|
|
7FF4F1345000
|
unkown
|
page readonly
|
|
|
|
1C6765D0000
|
heap private
|
page read and write
|
|
|
|
7FF55E1C1000
|
unkown
|
page readonly
|
|
|
|
210CD770000
|
unkown
|
page readonly
|
|
|
|
210CD790000
|
unkown
|
page read and write
|
|
|
|
7FF552E78000
|
unkown
|
page readonly
|
|
|
|
7FF4F1854000
|
unkown
|
page readonly
|
|
|
|
7FF4F15C1000
|
unkown
|
page readonly
|
|
|
|
7FF55E48A000
|
unkown
|
page readonly
|
|
|
|
210CD802000
|
unkown
|
page read and write
|
|
|
|
25691429000
|
unkown
|
page read and write
|
|
|
|
1C674BD0000
|
unkown
|
page readonly
|
|
|
|
3BC527C000
|
unkown
|
page read and write
|
|
|
|
7FF55E492000
|
unkown
|
page readonly
|
|
|
|
7FF55E2A8000
|
unkown
|
page readonly
|
|
|
|
7FF55E41D000
|
unkown
|
page readonly
|
|
|
|
3BC557B000
|
unkown
|
page read and write
|
|
|
|
9FAC6FC000
|
unkown
|
page read and write
|
|
|
|
210CD846000
|
unkown
|
page read and write
|
|
|
|
7FF55E3A5000
|
unkown
|
page readonly
|
|
|
|
25691600000
|
unkown
|
page readonly
|
|
|
|
7FF55E15B000
|
unkown
|
page readonly
|
|
|
|
7FF55E05C000
|
unkown
|
page readonly
|
|
|
|
7FF55E340000
|
unkown
|
page readonly
|
|
|
|
1C676BD0000
|
heap private
|
page read and write
|
|
|
|
1C6763F0000
|
unkown
|
page readonly
|
|
|
|
25691720000
|
unkown
|
page readonly
|
|
|
|
7FF4F1862000
|
unkown
|
page readonly
|
|
|
|
210CDA00000
|
unkown
|
page readonly
|
|
|
|
7FF55E281000
|
unkown
|
page readonly
|
|
|
|
1C674A30000
|
unkown
|
page read and write
|
|
|
|
1C674900000
|
unkown
|
page readonly
|
|
|
|
7FF55E29B000
|
unkown
|
page readonly
|
|
|
|
25691380000
|
heap private
|
page read and write
|
|
|
|
7FF55E3CF000
|
unkown
|
page readonly
|
|
|
|
210CD884000
|
unkown
|
page read and write
|
|
|
|
1C674FE0000
|
unkown
|
page readonly
|
|
|
|
7FF553634000
|
unkown
|
page readonly
|
|
|
|
9FAC7FE000
|
unkown
|
page read and write
|
|
|
|
1C674AA7000
|
heap default
|
page read and write
|
|
|
|
3BC55FE000
|
unkown
|
page read and write
|
|
|
|
7FF5535CA000
|
unkown
|
page readonly
|
|
|
|
1C676920000
|
heap private
|
page read and write
|
|
|
|
7FF4F17ED000
|
unkown
|
page readonly
|
|
|
|
7FF55E408000
|
unkown
|
page readonly
|
|
|
|
25691453000
|
unkown
|
page read and write
|
|
|
|
210CD83C000
|
unkown
|
page read and write
|
|
|
|
9FAC4FE000
|
unkown
|
page read and write
|
|
|
|
210CD6A0000
|
unkown
|
page readonly
|
|
|
|
1C674960000
|
unkown
|
page readonly
|
|
|
|
7FF5536CA000
|
unkown
|
page readonly
|
|
|
|
7FF55E1F9000
|
unkown
|
page readonly
|
|
|
|
25691413000
|
unkown
|
page read and write
|
|
|
|
7FF5535DE000
|
unkown
|
page readonly
|
|
|
|
3BC537E000
|
unkown
|
page read and write
|
|
|
|
F09CAFE000
|
unkown
|
page read and write
|
|
|
|
7FF55E2A3000
|
unkown
|
page readonly
|
|
|
|
7FF55357C000
|
unkown
|
page readonly
|
|
|
|
7FF5535E0000
|
unkown
|
page readonly
|
|
|
|
1C674ADD000
|
heap default
|
page read and write
|
|
|
|
256913F0000
|
unkown
|
page readonly
|
|
|
|
2569143F000
|
unkown
|
page read and write
|
|
|
|
7FF4F176E000
|
unkown
|
page readonly
|
|
|
|
7FF4F1651000
|
unkown
|
page readonly
|
|
|
|
1C674C50000
|
unkown
|
page readonly
|
|
|
|
7FF55E411000
|
unkown
|
page readonly
|
|
|
|
3BC52FE000
|
unkown
|
page read and write
|
|
|
|
7FF5535E5000
|
unkown
|
page readonly
|
|
|
|
7FF55362A000
|
unkown
|
page readonly
|
|
|
|
1C676A1F000
|
heap private
|
page read and write
|
|
|
|
7FF4F166B000
|
unkown
|
page readonly
|
|
|
|
256913E0000
|
heap default
|
page read and write
|
|
|
|
1C674AA0000
|
heap default
|
page read and write
|
|
|
|
210CD813000
|
unkown
|
page read and write
|
|
|
|
9FAC5FE000
|
unkown
|
page read and write
|
|
|
|
7FF4F16DC000
|
unkown
|
page readonly
|
|
|
|
9FAC57E000
|
unkown
|
page read and write
|
|
|
|
210CD822000
|
unkown
|
page read and write
|
|
|
|
7FF4F175C000
|
unkown
|
page readonly
|
|
|
|
25691AB0000
|
unkown
|
page readonly
|
|
|
|
210CDD90000
|
unkown
|
page readonly
|
|
|
|
F09C8FE000
|
unkown
|
page read and write
|
|
|
|
3BC58FF000
|
unkown
|
page read and write
|
|
|
|
25691402000
|
unkown
|
page read and write
|
|
|
|
7FF5536D1000
|
unkown
|
page readonly
|
|
|
|
210CD82A000
|
unkown
|
page read and write
|
|
|
|
F09C9F9000
|
unkown
|
page read and write
|
|
|
|
7FF4F17DE000
|
unkown
|
page readonly
|
|
|
|
7FF5532BA000
|
unkown
|
page readonly
|
|
|
|
7FF4F16BD000
|
unkown
|
page readonly
|
|
|
|
7FF553648000
|
unkown
|
page readonly
|
|
|
|
7FF4F185A000
|
unkown
|
page readonly
|
|
|
|
7FF4F17C4000
|
unkown
|
page readonly
|
|
|
|
7FF55E1C5000
|
unkown
|
page readonly
|
|
|
|
7FF55365D000
|
unkown
|
page readonly
|
|
|
|
7FF55E416000
|
unkown
|
page readonly
|
|
|
|
7FF4F175A000
|
unkown
|
page readonly
|
|
|
|
25691502000
|
unkown
|
page read and write
|
|
|
|
7FF55E3B7000
|
unkown
|
page readonly
|
|
|
|
1C676720000
|
heap private
|
page read and write
|
|
|
|
7FF55E3FE000
|
unkown
|
page readonly
|
|
|
|
7FF553618000
|
unkown
|
page readonly
|
|
|
|
7FF55E491000
|
unkown
|
page readonly
|
|
|
|
7FF5536C4000
|
unkown
|
page readonly
|
|
|
|
F09C87B000
|
unkown
|
page read and write
|
|
|
|
7FF55E3E4000
|
unkown
|
page readonly
|
|
|
|
7FF55E39A000
|
unkown
|
page readonly
|
|
|
|
7FF4F179F000
|
unkown
|
page readonly
|
|
|
|
9FAC47C000
|
unkown
|
page read and write
|
|
|
|
9FAC67D000
|
unkown
|
page read and write
|
|
|
|
7FF553572000
|
unkown
|
page readonly
|
|
|
|
7FF4F16C3000
|
unkown
|
page readonly
|
|
|
|
7FF4F17E9000
|
unkown
|
page readonly
|
|
|
|
7FF4F1336000
|
unkown
|
page readonly
|
|
|
|
7FF4F1090000
|
unkown
|
page readonly
|
|
|
|
210CD913000
|
unkown
|
page read and write
|
|
|
|
7FF4F17BA000
|
unkown
|
page readonly
|
|
|
|
7FF4F17A7000
|
unkown
|
page readonly
|
|
|
|
7FF55E40E000
|
unkown
|
page readonly
|
|
|
|
7FF55E166000
|
unkown
|
page readonly
|
|
|
|
210CE002000
|
unkown
|
page read and write
|
|
|
|
7FF5533D5000
|
unkown
|
page readonly
|
|
|
|
210CD630000
|
heap private
|
page read and write
|
|
|
|
7FF553656000
|
unkown
|
page readonly
|
|
|
|
7FF4F14E7000
|
unkown
|
page readonly
|
|
There are 186 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
|
|
|
https://www.mais.pt/atividadesindical/informacao/publicacoes/Newsletters/covid19vacina1212021.aspx
|
|