Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://covid19-immunization-learning-program-2021.ca
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6F4F255-ACAF-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C6F4F257-ACAF-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D11BB3E3-ACAF-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]
|
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF8871264A31297677.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF9EF82C794688C218.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFDEBAB469D463D922.TMP
|
data
|
dropped
|
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6024 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://covid19-immunization-learning-program-2021.ca/Root
|
unknown
|
|
|
|
http://covid19-immunization-learning-program-2021.ca/
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
covid19-immunization-learning-program-2021.ca
|
162.241.217.204
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.241.217.204
|
covid19-immunization-learning-program-2021.ca
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{C6F4F255-ACAF-11EB-90E4-ECF4BB862DED}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17DBDE13000
|
unkown
|
page read and write
|
|
|
|
7FF57D1F0000
|
unkown
|
page readonly
|
|
|
|
7FF57D531000
|
unkown
|
page readonly
|
|
|
|
7FF57D67C000
|
unkown
|
page readonly
|
|
|
|
17DBDC60000
|
heap default
|
page read and write
|
|
|
|
17DBE460000
|
unkown
|
page readonly
|
|
|
|
7FF57D4E8000
|
unkown
|
page readonly
|
|
|
|
7FF57D608000
|
unkown
|
page readonly
|
|
|
|
641F77E000
|
unkown
|
page read and write
|
|
|
|
7FF57D606000
|
unkown
|
page readonly
|
|
|
|
17DBDE00000
|
unkown
|
page read and write
|
|
|
|
7FF57D66C000
|
unkown
|
page readonly
|
|
|
|
17DBDE29000
|
unkown
|
page read and write
|
|
|
|
7FF57D41A000
|
unkown
|
page readonly
|
|
|
|
7FF57D666000
|
unkown
|
page readonly
|
|
|
|
17DBDE02000
|
unkown
|
page read and write
|
|
|
|
7FF57D697000
|
unkown
|
page readonly
|
|
|
|
7FF57D62E000
|
unkown
|
page readonly
|
|
|
|
7FF57D635000
|
unkown
|
page readonly
|
|
|
|
17DBDD60000
|
unkown
|
page read and write
|
|
|
|
7FF57D65D000
|
unkown
|
page readonly
|
|
|
|
17DBDC70000
|
unkown
|
page readonly
|
|
|
|
17DBE800000
|
unkown
|
page readonly
|
|
|
|
7FF57D649000
|
unkown
|
page readonly
|
|
|
|
7FF57D676000
|
unkown
|
page readonly
|
|
|
|
7FF57D6F1000
|
unkown
|
page readonly
|
|
|
|
17DBE000000
|
unkown
|
page readonly
|
|
|
|
17DBDF13000
|
unkown
|
page read and write
|
|
|
|
641F97B000
|
unkown
|
page read and write
|
|
|
|
7FF57D6EE000
|
unkown
|
page readonly
|
|
|
|
641F6FF000
|
unkown
|
page read and write
|
|
|
|
7FF57D56C000
|
unkown
|
page readonly
|
|
|
|
641FA77000
|
unkown
|
page read and write
|
|
|
|
7FF57D63F000
|
unkown
|
page readonly
|
|
|
|
7FF57D6F9000
|
unkown
|
page readonly
|
|
|
|
17DBDE8A000
|
unkown
|
page read and write
|
|
|
|
17DBDE4F000
|
unkown
|
page read and write
|
|
|
|
17DBDD40000
|
unkown
|
page readonly
|
|
|
|
7FF57D1EA000
|
unkown
|
page readonly
|
|
|
|
7FF57D694000
|
unkown
|
page readonly
|
|
|
|
7FF57D47F000
|
unkown
|
page readonly
|
|
|
|
641F67B000
|
unkown
|
page read and write
|
|
|
|
17DBDF02000
|
unkown
|
page read and write
|
|
|
|
641F875000
|
unkown
|
page read and write
|
|
|
|
17DBDE70000
|
unkown
|
page read and write
|
|
|
|
17DBDC00000
|
heap private
|
page read and write
|
|
|
|
7FF57D61A000
|
unkown
|
page readonly
|
|
|
|
7FF57D200000
|
unkown
|
page readonly
|
|
|
|
7FF57D602000
|
unkown
|
page readonly
|
|
|
|
641FB7F000
|
unkown
|
page read and write
|
|
|
|
7FF57D685000
|
unkown
|
page readonly
|
|
|
|
17DBDE55000
|
unkown
|
page read and write
|
|
|
|
7FF57D5F2000
|
unkown
|
page readonly
|
|
|
|
641FC7F000
|
unkown
|
page read and write
|
|
|
|
7FF57CE94000
|
unkown
|
page readonly
|
|
|
|
7FF57D537000
|
unkown
|
page readonly
|
|
|
|
17DBDD50000
|
unkown
|
page readonly
|
|
|
|
7FF57D4CA000
|
unkown
|
page readonly
|
|
|
|
7FF57D690000
|
unkown
|
page readonly
|
|
|
|
7FF57D503000
|
unkown
|
page readonly
|
|
|
|
7FF57D5F0000
|
unkown
|
page readonly
|
|
|
|
17DBDE49000
|
unkown
|
page read and write
|
|
|
|
7FF57D50D000
|
unkown
|
page readonly
|
|
|
|
17DBDF08000
|
unkown
|
page read and write
|
|
|
|
7FF57D6F9000
|
unkown
|
page readonly
|
|
|
|
17DBE602000
|
unkown
|
page read and write
|
|
|
|
17DBDE3C000
|
unkown
|
page read and write
|
|
|
|
17DBDE48000
|
unkown
|
page read and write
|
|
|
|
7FF57D4BE000
|
unkown
|
page readonly
|
|
There are 59 hidden memdumps, click here to show them.