Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

http://test-for-coronavirus.service.gov.uk

URL

initial url

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71C4B54A-6705-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71C4B54C-6705-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71C4B54D-6705-11EB-90EB-ECF4BBEA1588}.dat

Microsoft Word Document

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\EHM9IL5G.htm

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\action-link-arrow--simple-light-404cfd5992e74d48ac785545369ce0368ef54590a692afa37b1b50035b13a0e8[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\application-4f43482b9f6ae15fcc694ae1eed5151184ae405b9f2839659981cf24a440ff81[1].css

UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\application-770051122f7036d2e18191b049a9a550df0aec8ed74b4dadd1e5dfabf87a1eef[1].css

UTF-8 Unicode (with BOM) text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\application-fdd87be62b9f4ff1d54836999198a70a4315c6e5bdc9c95cec3a6f9cb14bcac2[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bold-affa96571d-v2-5a2a925237869837d1afdd0a70ffded0717296d2d25885865d19c0da7f3ece5d[1].woff

Web Open Font Format, TrueType, length 40816, version 1.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\citizenship[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\collect[1].gif

GIF image data, version 89a, 1 x 1

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cookies[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\get-coronavirus-test[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\light-f591b13f7d-v2-091aa3008e57dfeea899e33243c1d4ea95bab658f1cc2191679193bcbfac0b7b[1].woff

Web Open Font Format, TrueType, length 43425, version 1.2

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\light-f591b13f7d-v2-091aa3008e57dfeea899e33243c1d4ea95bab658f1cc2191679193bcbfac0b7b[2].woff

Web Open Font Format, TrueType, length 43425, version 1.2

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\light-f591b13f7d-v2.f591b13f[1].woff

Web Open Font Format, TrueType, length 43425, version 1.2

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nhs-logo-56b9384aa9a842b9de96d72c468fbbdb1d6a1455124cf382f752466d9dcee087[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\print-87286b175ef4a7b195cf3798d8c97cdc8a3efefd09eecc15c0675f8627aab2ff[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\search-button-ca89b2a79f944909ceb7370d3f0b78811d32b96e883348fcd8886f63dd619585[1].png

PNG image data, 105 x 70, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\search-button-ca89b2a79f944909ceb7370d3f0b78811d32b96e883348fcd8886f63dd619585[2].png

PNG image data, 105 x 70, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\transition-2021-header-background-897cf522ad2d5dfbdd3d6364e6f602e55798923ca7311f721d275dcd0499f22e[1].jpg

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2560x1920, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\app.b210efc9[1].css

UTF-8 Unicode text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\application-09c2711b945df4f236974198f4f548b96c1e36db334900caddc2454ee0dd0b0e[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\business[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\chunk-vendors.33f4ad10[1].js

UTF-8 Unicode text, with very long lines, with LF, NEL line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\core-layout-5c9e91c1edfd49978562c26e27d70735f37888ac7de52549466b18d1672c7733[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\covid-19-promo-stay-home-5f631a879aa33cbd5d583aef098037076e279ba4c929b4fd4833072229b78129[1].png

PNG image data, 600 x 400, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\global-bar-init-8937018756a61669aeb0eb79274b88cfdcb3ef4b32093b7a72b00776d61b1135[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\gov.uk_logotype_crown_invert_trans-203e1db49d3eff430d7dc450ce723c1002542fe1d2bce661b6d8571f14c1043c[1].png

PNG image data, 72 x 64, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\header-footer-only-f3ca9f5744a1346a673f6e1f6e4718387458bf7290b2f8e80be700fd1ef1e786[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-1.12.4-c731c20e2995c576b0509d3bd776f7ab64a66b95363a3b5fae9864299ee594ed[1].js

HTML document, ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\nhs-app--480w-0289cc69ab921551cf45466e1d55843784f93082f5f5484c34a8721e86f2d4f3[1].jpg

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 480x322, frames 3

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\print-c01e429d41f73399d834c2cd00c8ce3304065c2ddea267f84e2e2fc1ce033990[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\surveys-b5737b46c55d5682514456a1bf0cea2075accf1fb9a09c790d988346bdadba95[1].js

ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\take-action-amber-ed37d78dd940d181c13d2689c7ca16a10891d89e5d278eef21e0e0001fb5a477[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\take-action-red-5117cea61725753ad21e17234e1d12f5605c1ab8df1eab37bd7d557d200a5006[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\transition[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\B3G463H9.htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\analytics[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\app.f6cc719e[1].js

UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\application-61879034ce7a0faaef322b8f1c486203d3e4db4114fe3af0878643f5443ec8a9[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\benefits[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bold-affa96571d-v2-5a2a925237869837d1afdd0a70ffded0717296d2d25885865d19c0da7f3ece5d[1].woff

Web Open Font Format, TrueType, length 40816, version 1.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\childcare-parenting[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\collect[1].gif

GIF image data, version 89a, 1 x 1

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\core-layout-print-c5e97d0ed0feb1d1fc703ef0ed5201026330ec091e02c33fb1db277df068ede5[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\coronavirus[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\de7abc5226925203ac10b0a4a94af949[1].ico

MS Windows icon resource - 3 icons, 16x16, 4 bits/pixel, 32x32, 8 bits/pixel

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon-8d811b8c3badbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc40907[1].ico

MS Windows icon resource - 2 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\light-f591b13f7d-v2-091aa3008e57dfeea899e33243c1d4ea95bab658f1cc2191679193bcbfac0b7b[1].woff

Web Open Font Format, TrueType, length 43425, version 1.2

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\print-201d42d936c6b04f842cfb5c884991d16baeccdfe7cc9724bcb0b1b63229e154[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\take-action-green-201c5dfb37cd72eb3603b1afe36c913fecfda46ecb6221f1ed8c59708bc103e0[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\v1-2c037cf7e1-light-1a1bd902f82aaab4185bc1995206ccdead57a5b0adc91ff8403468fe7047c1b4[1].eot

Embedded OpenType (EOT), NTA family

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\v1-fb2676462a-bold-a49a59a7c9fc3873b9b864f9185ba79d7848db4b4e0f248ce87a819ee48fff93[1].eot

Embedded OpenType (EOT), NTA family

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\XL83A0L9.htm

HTML document, ASCII text, with very long lines, with no line terminators

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\action-link-arrow--dark-369062711cc40dfad1a70748d783b77cb2a3a7c410e2a8aaf361b21003a685dc[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\action-link-arrow--simple-light-404cfd5992e74d48ac785545369ce0368ef54590a692afa37b1b50035b13a0e8[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\action-link-arrow--transparent-bec06cc283979226b8f511bb8ab9f76acba7ef2496cfd75f9feeecc7dc33cdb3[1].svg

SVG Scalable Vector Graphics image

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\application-52ff18f344c18eb902c183228cb909a4b6d12f8515ceec07260d629b04658a22[1].js

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\births-deaths-marriages[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bold-affa96571d-v2-5a2a925237869837d1afdd0a70ffded0717296d2d25885865d19c0da7f3ece5d[1].woff

Web Open Font Format, TrueType, length 40816, version 1.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bold-affa96571d-v2.affa9657[1].woff

Web Open Font Format, TrueType, length 40816, version 1.0

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\cookie-details[1].htm

HTML document, UTF-8 Unicode text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464c01[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\govuk-crest-bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b[1].png

PNG image data, 125 x 102, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\govuk-template-3e3f4a131aca72f9b2e458dfd318f65420aef6ada35539243aac38ebbbbcc64f[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\govuk-template-print-1076519521c2fffbbf75ab3b0d3b32ee2d96ac7e9778f1cdfac1771eefd1a1c0[1].css

ASCII text, with very long lines

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\open-government-licence-c1aedc8257961b938b4c7a21a2b0db3f2716dd9ef782cea73110dc69107c9042[1].png

PNG image data, 41 x 17, 8-bit/color RGBA, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\search-button-ca89b2a79f944909ceb7370d3f0b78811d32b96e883348fcd8886f63dd619585[1].png

PNG image data, 105 x 70, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\transition-period-66a6f30ec259bbe404b654f89b5fa78e5d4823dbfc64ab475a39ebe40da75e20[1].png

PNG image data, 600 x 400, 8-bit colormap, non-interlaced

downloaded

C:\Users\user\AppData\Local\Temp\~DF54BDC0B4AB2DE106.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFAF42DC3D297B44A5.TMP

data

dropped

C:\Users\user\AppData\Local\Temp\~DFF1BBD90A9C4D4EBC.TMP

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P86I5XZXMDLUFB2S3TKL.temp

data

dropped

There are 75 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Program Files\internet explorer\iexplore.exe

'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	5188
Target ID:	1
Parent PID:	800
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files\internet explorer\iexplore.exe
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Size:	823560
MD5:	6465CB92B25A7BC1DF8E01D8AC5E7596
Time:	17:24:25
Date:	04/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff78b6b0000
Modulesize:	831488
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary,	Process Injection

C:\Program Files (x86)\Internet Explorer\iexplore.exe

'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5188 CREDAT:17410 /prefetch:2

Details

Is windows:	true
Is dropped:	false
PID:	5832
Target ID:	2
Parent PID:	5188
Name:	iexplore.exe
Class:	iexplore
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5188 CREDAT:17410 /prefetch:2
Size:	822536
MD5:	071277CC2E3DF41EEEA8013E2AB58D5A
Time:	17:24:25
Date:	04/02/2021
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1190000
Modulesize:	827392
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary,	Process Injection

URLs

Name

Malicious

https://www.gov.uk/assets/static/gov.uk_logotype_crown_invert_trans-203e1db49d3eff430d7dc450ce723c10

unknown

https://www.gov.uk%2Ftransition/&subject=UK

unknown

https://www.nhs.uk/conditions/coronavirus-covid-19/self-isolation-and-treatment/when-to-self-isolate

unknown

https://serapi-prd-gov-1-sp.test-for-coronavirus.service.gov.uk

unknown

https://gov.wales/covid-19-alert-levels?priority-taxon=774cee22-d896-44c1-a611-e3109cce8eae

unknown

https://www.gov.uk/assets/static/fonts/v1-458f8ea81c-light-048b93884a1b51d20f2a3140541d450cb6b82c6c2

unknown

https://www.publichealth.hscni.net/covid-19-coronavirus/northern-ireland-covid-19-vaccination-progra

unknown

https://www.youtube.com/watch?v=AesZZsO9mm4

unknown

https://youtu.be/zCqo7MhQT6U

unknown

https://www.gov.uk/assets/static/fonts-c57ab80a95f2b1764162611b3c98a4c098b356f8e30baf1e50cd63edea464

unknown

https://www.gov.uk/coronavirus-taxon

unknown

https://www.gov.uk/get-coronavirus-test#get-a-free-test-online

unknown

https://www.citizensadvice.org.uk/work/coronavirus-if-youre-worried-about-working?priority-taxon=774

unknown

https://www.gov.uk/apply-coronavirus-test

unknown

https://www.gov.uk/coronaviruscontentbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc40907.ico

unknown

https://www.gov.uk/assets/static/govuk-template-ie8-e4fff1a2ce0e93e66e96db6eedae992a3859b1e608aa46bd

unknown

https://nhsdigital.eu.qualtrics.com/jfe/form/SV_9nlBZPMlvhP4wSx

unknown

https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/

unknown

https://nhsdigital.eu.qualtrics.com/jfe/form/SV_3aat0cpPDmep4pL?Q_PopulateResponse=

unknown

http://test-for-coronavirus.service.gov.uk/

13.225.78.60

https://stats.g.doubleclick.net/j/collect

unknown

https://www.gov.uk/assets/static/fonts/v1-f38ad40456-light-b98fe790388f58c950f2bed1ca8ad02fa168d6eff

unknown

https://www.gov.uk/assets/static/fonts/v1-62cc6f0a28-tabular-light-b36c2402a99df8f8195129efa8edbd6ec

unknown

https://www.gov.uk/get-coronavirus-test#getting-a-test-for-someone-else

unknown

http://www.reddit.com/

unknown

https://openjsf.org/

unknown

https://www.gov.uk/browse/births-deaths-marriages

https://www.gov.uk/get-coronavirus-testzGet

unknown

https://www.gov.uk/browse/citizenship

https://www.gov.uk/browse/citizenshipbBrowse:

unknown

https://sdsapi-prd-gov-1-sp.test-for-coronavirus.service.gov.uk

unknown

https://test-for-coronavirus.service.gov.uk/register-home-test

unknown

https://www.gov.uk/assets/government-frontend/govuk_publishing_components/govuk-logo-e5962881254c9ad

unknown

https://www.gov.uk/assets/static/surveys-b5737b46c55d5682514456a1bf0cea2075accf1fb9a09c790d988346bda

unknown

https://www.gov.uk/government/organisations/government-digital-service

unknown

https://schema.org

unknown

https://www.gov.uunknown

unknown

https://www.nidirect.gov.uk/campaigns/coronavirus-covid-19

unknown

http://underscorejs.org/LICENSE

unknown

https://www.nhsinform.scot/healthy-living/immunisation/vaccines/coronavirus-covid-19-vaccine?priorit

unknown

https://www.gov.uk/help/cookiesus-test.uk/

unknown

https://www.gov.uk/browse/business

https://www.gov.uk/assets/static/apple-touch-icon-a318f305290c523aed80082456175b46c95350c0eeac93f42e

unknown

https://test-for-coronavirus.service.gov.uk/

unknown

https://www.gov.uk/browse/citizenshiprentingl

unknown

https://www.gov.uk/assets/static/header-footer-only-f3ca9f5744a1346a673f6e1f6e4718387458bf7290b2f8e8

unknown

https://www.gov.uk/browse/births-deaths-marriages

unknown

https://phw.nhs.wales/topics/immunisation-and-vaccines/covid-19-vaccination-information/?priority-ta

unknown

https://www.gov.uk/browse/births-deaths-marriagesfBrowse:

unknown

https://www.gov.uk/assets/static/opengraph-image-a1f7d89ffd0782738b1aeb0da37842d8bd0addbd724b8e58c3e

unknown

https://www.gov.uk/assets/government-frontend/govuk_publishing_components/govuk-schema-placeholder-1

unknown

https://www.gov.uk/assets/static/favicon-8d811b8c3badbc0b0e2f6e25d3660a96cc0cca7993e6f32e98785f205fc

unknown

https://www.nhs.uk/conditions/coronavirus-covid-19/

unknown

https://www.gov.uk/assets/government-frontend/govuk_publishing_components/govuk-schema-placeholder-4

unknown

https://www.gov.uk/coronavirusjCoronavirus

unknown

https://www.nhs.uk/

unknown

https://www.gov.uk/browse/childcare-parenting

https://npms.io/search?q=ponyfill.

unknown

https://www.gov.uk/assets/static/fonts/v1-357fdfbcc3-tabular-bold-0cff7dfafbfd65a765046861e6967892b2

unknown

https://www.youtube.com/user/Number10gov/videos

unknown

https://www.gov.uk/browse/childcare-parentingges

unknown

http://www.amazon.com/

unknown

https://www.smartsurvey.co.uk/

unknown

https://www.nidirect.gov.uk/articles/coronavirus-covid-19-regulations-guidance-what-restrictions-mea

unknown

http://www.twitter.com/

unknown

https://organisation-number-lookup.test-for-coronavirus.service.gov.uk/

unknown

https://www.gov.uk/getavirus.service.gov.uk/-coronavirus-test.uk/Root

unknown

https://www.gov.uk/assets/static/apple-touch-icon-152x152-02457fcdcee8d309276305af2233d41bfb8fd055e8

unknown

https://www.gov.uk/help/cookies

http://schema.org

unknown

https://www.gov.uk/assets/static/ie-a4524544a53d57a7e259b4bb966b9c32557c98c920b77e52d09304642b68401a

unknown

https://www.gov.uk/assets/static/fonts/v1-2c037cf7e1-light-1a1bd902f82aaab4185bc1995206ccdead57a5b0a

unknown

https://www.nhs.uk/conditions/coronavirus-covid-19/testing-and-tracing/nhs-test-and-trace-if-youre-c

unknown

https://www.gov.uk/browse/benefits

https://www.gov.scot/coronavirus-covid-19/

unknown

https://www.gov.uk/government/publications/coronavirus-outbreak-faqs-what-you-can-and-cant-do/corona

unknown

https://www.gov.uk/assets/static/fonts/v1-fb2676462a-bold-a49a59a7c9fc3873b9b864f9185ba79d7848db4b4e

unknown

https://www.gov.uk/coronavirus-taxon/testing

unknown

https://tdsapi-prd-gov-1-sp.test-for-coronavirus.service.gov.uk

unknown

https://www.gov.uk/coronavirus-taxon/rules-and-restrictions

unknown

http://www.nytimes.com/

unknown

https://www.gov.uk/browse/benefits2Browse:

unknown

https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-gov

unknown

https://www.gov.uk/report-covid19-result

unknown

https://www.gov.uk/check-school-closure

unknown

https://test-for-coronavirus.service.gov.uk/register

unknown

https://www.gov.uk/browse/businessths-marriagesf

unknown

https://www.gov.uk/help/cookies

unknown

https://www.gov.uk/assets/static/fonts/v1-851b10ccdd-tabular-light-5f44884b5bbefe279fb3529a09941c7c1

unknown

https://youtu.be/eYETUcSFXmw

unknown

https://www.gov.uk/help/cookie-detailsPDetails

unknown

https://settings.login.nhs.uk/

unknown

https://auth.login.nhs.uk/authorize

unknown

https://www.gov.uk/get-coronavirus-test#get-help-applying

unknown

https://www.gov.uk/assets/collections/nhs-logo-56b9384aa9a842b9de96d72c468fbbdb1d6a1455124cf382f7524

unknown

https://www.gov.uk/get-coronavirus-test#stay-at-home-if-you-have-symptoms

unknown

https://www.gov.uk/assets/static/fonts/v1-498ea8ffe2-tabular-light-c45387d8b19c716ac713adceddbbfaafc

unknown

https://www.gov.uk/get-coronavirus-test#what-the-test-involves

unknown

http://www.wikipedia.com/

unknown

https://ads-prd-gov-1-sp.test-for-coronavirus.service.gov.uk

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

test-for-coronavirus.service.gov.uk

13.225.78.60

Details

Name:	test-for-coronavirus.service.gov.uk
IP:	13.225.78.60
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking,	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking,	Application Layer Protocol Non-Application Layer Protocol
Urls found in memory or binary data	Networking,
Uses secure TLS version for HTTPS connections	Compliance, Networking,

www-gov-uk.map.fastly.net

151.101.0.144

Details

Name:	www-gov-uk.map.fastly.net
IP:	151.101.0.144
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

www.gov.uk

unknown

IPs

Domain

Country

Active

Malicious

151.101.0.144

unknown

United States

unknown

Details

IP:	151.101.0.144
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

13.225.78.60

unknown

United States

unknown

Details

IP:	13.225.78.60
TargetID:	2
Current Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking,

Registry

Path

Value

Malicious

C:\Program Files\internet explorer\iexplore.exe

{71C4B54A-6705-11EB-90EB-ECF4BBEA1588}

C:\Program Files\internet explorer\iexplore.exe

MFV

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

Blocked

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

Count

C:\Program Files\internet explorer\iexplore.exe

Time

C:\Program Files\internet explorer\iexplore.exe

LoadTimeArray

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

DecayDateQueue

C:\Program Files\internet explorer\iexplore.exe

LastProcessed

C:\Program Files\internet explorer\iexplore.exe

MFV

C:\Program Files\internet explorer\iexplore.exe

CVListPingLastYMD

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-912

C:\Program Files (x86)\Internet Explorer\iexplore.exe

@C:\Windows\System32\ieframe.dll,-904

There are 20 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF59C55E000

unkown

page readonly

7FF59C644000

unkown

page readonly

7F33F4E000

unkown

page read and write

7FF59C560000

unkown

page readonly

7FF59C5AA000

unkown

page readonly

7FF59C54C000

unkown

page readonly

24BE0A40000

heap private

page read and write

7FF59C23D000

unkown

page readonly

7FF59C5CE000

unkown

page readonly

7FF59C64A000

unkown

page readonly

7FF59C651000

unkown

page readonly

24BDEB2D000

heap default

page read and write

24BDEA20000

unkown

page read and write

24BDEF80000

unkown

page readonly

7F343FF000

unkown

page read and write

7FF59C5D6000

unkown

page readonly

24BDEA60000

unkown

page readonly

7FF59C4F2000

unkown

page readonly

7F3437E000

unkown

page read and write

7FF59C5C8000

unkown

page readonly

7FF59C5F3000

unkown

page readonly

7FF59BD33000

unkown

page readonly

7FF59C652000

unkown

page readonly

7F342FC000

unkown

page read and write

7FF59C577000

unkown

page readonly

24BDEAC5000

heap private

page read and write

7F33ECC000

unkown

page read and write

7F3447F000

unkown

page read and write

24BE0690000

heap private

page read and write

24BDEAD0000

unkown

page readonly

7FF59C5B4000

unkown

page readonly

24BDEAE0000

unkown

page readonly

7FF59C5D9000

unkown

page readonly

7FF59C5BE000

unkown

page readonly

24BDEA40000

unkown

page read and write

7FF59C4FC000

unkown

page readonly

24BDEAF0000

heap default

page read and write

7F3427D000

unkown

page read and write

24BE0550000

heap private

page read and write

24BDEBF0000

unkown

page readonly

7FF59C54A000

unkown

page readonly

24BDEAB0000

unkown

page readonly

24BDE8F0000

unkown

page readonly

24BE0780000

heap private

page read and write

7F33FCE000

unkown

page read and write

24BE0390000

unkown

page readonly

24BDE950000

unkown

page readonly

7FF59C355000

unkown

page readonly

24BE087F000

heap private

page read and write

7FF59C23A000

unkown

page readonly

7FF59C56B000

unkown

page readonly

7FF59C58C000

unkown

page readonly

24BDEAC0000

heap private

page read and write

7FF59C565000

unkown

page readonly

24BDEAF7000

heap default

page read and write

24BDEA70000

unkown

page readonly

7FF59C598000

unkown

page readonly

7FF59C5DD000

unkown

page readonly

7FF59C4F6000

unkown

page readonly

7FF59C5A4000

unkown

page readonly

There are 50 hidden memdumps, click here to show them.

DOM / HTML

URL

Malicious

https://www.gov.uk/browse/business

https://www.gov.uk/browse/benefits

https://www.gov.uk/help/cookie-details

https://www.gov.uk/coronavirus

https://www.gov.uk/browse/childcare-parenting

https://www.gov.uk/transition

https://www.gov.uk/browse/citizenship

https://www.gov.uk/help/cookies

https://www.gov.uk/

https://www.gov.uk/browse/births-deaths-marriages

https://www.gov.uk/help/cookies#content

https://www.gov.uk/help/cookies

There are 2 hidden doms, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

DOM / HTML