Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8CE55B2F-BF24-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CE55B31-BF24-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CE55B32-BF24-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\tlserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF11488D19FA3C340E.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF9D5291095A25E853.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFA8B32C6652EFFCF8.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4648 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration
|
unknown
|
|
|
|
https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registrationRoot
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vaccinecovid19.cra.ac.th
|
104.21.53.156
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.53.156
|
vaccinecovid19.cra.ac.th
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{8CE55B2F-BF24-11EB-90E4-ECF4BB862DED}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17B8AC02000
|
unkown
|
page read and write
|
|
|
|
7FF5EB4FA000
|
unkown
|
page readonly
|
|
|
|
7FF52A9FC000
|
unkown
|
page readonly
|
|
|
|
7FF5A1EAA000
|
unkown
|
page readonly
|
|
|
|
2979B887000
|
unkown
|
page read and write
|
|
|
|
2979B913000
|
unkown
|
page read and write
|
|
|
|
2979B813000
|
unkown
|
page read and write
|
|
|
|
7FF5A1E98000
|
unkown
|
page readonly
|
|
|
|
7FF5A1EC5000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F06000
|
unkown
|
page readonly
|
|
|
|
2979B88D000
|
unkown
|
page read and write
|
|
|
|
7FF5EB5D9000
|
unkown
|
page readonly
|
|
|
|
7FF52AA17000
|
unkown
|
page readonly
|
|
|
|
2979B84E000
|
unkown
|
page read and write
|
|
|
|
7FF52A883000
|
unkown
|
page readonly
|
|
|
|
7FF5A1E5C000
|
unkown
|
page readonly
|
|
|
|
17B8AC13000
|
unkown
|
page read and write
|
|
|
|
7FF52A9C9000
|
unkown
|
page readonly
|
|
|
|
7FF5EB39E000
|
unkown
|
page readonly
|
|
|
|
9E117E000
|
unkown
|
page read and write
|
|
|
|
2979C540000
|
unkown
|
page readonly
|
|
|
|
2979B760000
|
heap private
|
page read and write
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
7FF5EB556000
|
unkown
|
page readonly
|
|
|
|
7FF52A98A000
|
unkown
|
page readonly
|
|
|
|
7FF5EB5D9000
|
unkown
|
page readonly
|
|
|
|
126E11D0000
|
heap default
|
page read and write
|
|
|
|
7FF52A9E6000
|
unkown
|
page readonly
|
|
|
|
7FF5A1803000
|
unkown
|
page readonly
|
|
|
|
17B8C670000
|
unkown
|
page read and write
|
|
|
|
7FF5A1CF0000
|
unkown
|
page readonly
|
|
|
|
17B8AB40000
|
unkown
|
page write copy
|
|
|
|
7FF5EB3AA000
|
unkown
|
page readonly
|
|
|
|
7FF5EB54C000
|
unkown
|
page readonly
|
|
|
|
7FF5A1E5A000
|
unkown
|
page readonly
|
|
|
|
B24387B000
|
unkown
|
page read and write
|
|
|
|
7FF5A1E96000
|
unkown
|
page readonly
|
|
|
|
17B8AD02000
|
unkown
|
page read and write
|
|
|
|
7FF5EB565000
|
unkown
|
page readonly
|
|
|
|
7FF52A92A000
|
unkown
|
page readonly
|
|
|
|
7FF5A1ED9000
|
unkown
|
page readonly
|
|
|
|
7FF52AA10000
|
unkown
|
page readonly
|
|
|
|
17B8AC29000
|
unkown
|
page read and write
|
|
|
|
7FF5EB577000
|
unkown
|
page readonly
|
|
|
|
126E1313000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D93000
|
unkown
|
page readonly
|
|
|
|
17073F9000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D78000
|
unkown
|
page readonly
|
|
|
|
170747E000
|
unkown
|
page read and write
|
|
|
|
7FF5A1F7E000
|
unkown
|
page readonly
|
|
|
|
17072FE000
|
unkown
|
page read and write
|
|
|
|
7FF5A1EED000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F27000
|
unkown
|
page readonly
|
|
|
|
7FF52A982000
|
unkown
|
page readonly
|
|
|
|
7FF5EB5D1000
|
unkown
|
page readonly
|
|
|
|
B243B7F000
|
unkown
|
page read and write
|
|
|
|
17B8AB30000
|
heap default
|
page read and write
|
|
|
|
7FF52A99A000
|
unkown
|
page readonly
|
|
|
|
7FF52A6D4000
|
unkown
|
page readonly
|
|
|
|
7FF5A1EFC000
|
unkown
|
page readonly
|
|
|
|
9E10FE000
|
unkown
|
page read and write
|
|
|
|
7FF5A1BF7000
|
unkown
|
page readonly
|
|
|
|
7FF52A9EC000
|
unkown
|
page readonly
|
|
|
|
17074FC000
|
unkown
|
page read and write
|
|
|
|
7FF52A986000
|
unkown
|
page readonly
|
|
|
|
7FF5EB570000
|
unkown
|
page readonly
|
|
|
|
7FF5A1C50000
|
unkown
|
page readonly
|
|
|
|
B243977000
|
unkown
|
page read and write
|
|
|
|
7FF52A9DD000
|
unkown
|
page readonly
|
|
|
|
7FF5A1EBE000
|
unkown
|
page readonly
|
|
|
|
7FF5EB574000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F89000
|
unkown
|
page readonly
|
|
|
|
2979B900000
|
unkown
|
page read and write
|
|
|
|
7FF52A2F7000
|
unkown
|
page readonly
|
|
|
|
1706FDB000
|
unkown
|
page read and write
|
|
|
|
7FF5A1C45000
|
unkown
|
page readonly
|
|
|
|
2979B7E0000
|
unkown
|
page readonly
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
7FF52AA14000
|
unkown
|
page readonly
|
|
|
|
2979B7D0000
|
unkown
|
page readonly
|
|
|
|
17B8AC40000
|
unkown
|
page read and write
|
|
|
|
9E12FF000
|
unkown
|
page read and write
|
|
|
|
7FF5EB4E8000
|
unkown
|
page readonly
|
|
|
|
126E1400000
|
unkown
|
page readonly
|
|
|
|
B2433EE000
|
unkown
|
page read and write
|
|
|
|
7FF52A927000
|
unkown
|
page readonly
|
|
|
|
7FF5EB546000
|
unkown
|
page readonly
|
|
|
|
2979B7F0000
|
unkown
|
page read and write
|
|
|
|
17B8AC6C000
|
unkown
|
page read and write
|
|
|
|
7FF5A1E37000
|
unkown
|
page readonly
|
|
|
|
7FF52AA07000
|
unkown
|
page readonly
|
|
|
|
7FF5A1E41000
|
unkown
|
page readonly
|
|
|
|
7FF5A1BE4000
|
unkown
|
page readonly
|
|
|
|
7FF52A887000
|
unkown
|
page readonly
|
|
|
|
7FF52A6E3000
|
unkown
|
page readonly
|
|
|
|
7FF5EB515000
|
unkown
|
page readonly
|
|
|
|
17B8AD13000
|
unkown
|
page read and write
|
|
|
|
126E1520000
|
unkown
|
page readonly
|
|
|
|
7FF52A7E0000
|
unkown
|
page readonly
|
|
|
|
126E123F000
|
unkown
|
page read and write
|
|
|
|
126E2CC0000
|
unkown
|
page read and write
|
|
|
|
7FF52A868000
|
unkown
|
page readonly
|
|
|
|
7FF52A9B5000
|
unkown
|
page readonly
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
7FF52A6E7000
|
unkown
|
page readonly
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
7FF5EB0CA000
|
unkown
|
page readonly
|
|
|
|
7FF5EB4D2000
|
unkown
|
page readonly
|
|
|
|
7FF5A1E9A000
|
unkown
|
page readonly
|
|
|
|
17B8AED0000
|
unkown
|
page readonly
|
|
|
|
170727F000
|
unkown
|
page read and write
|
|
|
|
7FF5A1F24000
|
unkown
|
page readonly
|
|
|
|
170737A000
|
unkown
|
page read and write
|
|
|
|
7FF5EB411000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F17000
|
unkown
|
page readonly
|
|
|
|
7FF52A740000
|
unkown
|
page readonly
|
|
|
|
126E126C000
|
unkown
|
page read and write
|
|
|
|
B243A7F000
|
unkown
|
page read and write
|
|
|
|
2979B908000
|
unkown
|
page read and write
|
|
|
|
2979B853000
|
unkown
|
page read and write
|
|
|
|
17B8AE00000
|
unkown
|
page readonly
|
|
|
|
9E107B000
|
unkown
|
page read and write
|
|
|
|
2979B7C0000
|
heap default
|
page read and write
|
|
|
|
7FF5EB55C000
|
unkown
|
page readonly
|
|
|
|
126E1213000
|
unkown
|
page read and write
|
|
|
|
7FF5A1F89000
|
unkown
|
page readonly
|
|
|
|
7FF52A7CA000
|
unkown
|
page readonly
|
|
|
|
2979B849000
|
unkown
|
page read and write
|
|
|
|
B2432EB000
|
unkown
|
page read and write
|
|
|
|
7FF5EB2FA000
|
unkown
|
page readonly
|
|
|
|
17B8AC55000
|
unkown
|
page read and write
|
|
|
|
7FF5EB0D0000
|
unkown
|
page readonly
|
|
|
|
17B8AB90000
|
unkown
|
page readonly
|
|
|
|
7FF52A931000
|
unkown
|
page readonly
|
|
|
|
126E1302000
|
unkown
|
page read and write
|
|
|
|
17B8AAD0000
|
heap private
|
page read and write
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
2979B847000
|
unkown
|
page read and write
|
|
|
|
7FF52A94C000
|
unkown
|
page readonly
|
|
|
|
7FF5A1EF6000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D97000
|
unkown
|
page readonly
|
|
|
|
2979B902000
|
unkown
|
page read and write
|
|
|
|
7FF5EB212000
|
unkown
|
page readonly
|
|
|
|
7FF5A1E3A000
|
unkown
|
page readonly
|
|
|
|
7FF52A988000
|
unkown
|
page readonly
|
|
|
|
7FF5EB51F000
|
unkown
|
page readonly
|
|
|
|
7FF52AA79000
|
unkown
|
page readonly
|
|
|
|
17B8AD00000
|
unkown
|
page read and write
|
|
|
|
126E11E0000
|
unkown
|
page readonly
|
|
|
|
7FF52A9AE000
|
unkown
|
page readonly
|
|
|
|
2979B86E000
|
unkown
|
page read and write
|
|
|
|
7FF5EB3C8000
|
unkown
|
page readonly
|
|
|
|
126E1202000
|
unkown
|
page read and write
|
|
|
|
7FF52AA6E000
|
unkown
|
page readonly
|
|
|
|
7FF5A1E92000
|
unkown
|
page readonly
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
7FF52AA79000
|
unkown
|
page readonly
|
|
|
|
126E1300000
|
unkown
|
page read and write
|
|
|
|
2979B82A000
|
unkown
|
page read and write
|
|
|
|
7FF52A9BF000
|
unkown
|
page readonly
|
|
|
|
7FF5A1807000
|
unkown
|
page readonly
|
|
|
|
7FF52A735000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F20000
|
unkown
|
page readonly
|
|
|
|
7FF52A94A000
|
unkown
|
page readonly
|
|
|
|
9E11FA000
|
unkown
|
page read and write
|
|
|
|
9E127A000
|
unkown
|
page read and write
|
|
|
|
7FF5EB50E000
|
unkown
|
page readonly
|
|
|
|
7FF5A1CDA000
|
unkown
|
page readonly
|
|
|
|
2979B84B000
|
unkown
|
page read and write
|
|
|
|
126E1256000
|
unkown
|
page read and write
|
|
|
|
7FF5EB4D0000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F81000
|
unkown
|
page readonly
|
|
|
|
2979BAD0000
|
unkown
|
page readonly
|
|
|
|
7FF5EB35F000
|
unkown
|
page readonly
|
|
|
|
126E1229000
|
unkown
|
page read and write
|
|
|
|
2979B86A000
|
unkown
|
page read and write
|
|
|
|
7FF5EB5CE000
|
unkown
|
page readonly
|
|
|
|
2979B83C000
|
unkown
|
page read and write
|
|
|
|
2979BA00000
|
unkown
|
page readonly
|
|
|
|
7FF5A1BF3000
|
unkown
|
page readonly
|
|
|
|
9E137E000
|
unkown
|
page read and write
|
|
|
|
7FF5EB44C000
|
unkown
|
page readonly
|
|
|
|
7FF5EB3ED000
|
unkown
|
page readonly
|
|
|
|
B24377E000
|
unkown
|
page read and write
|
|
|
|
126E14D0000
|
unkown
|
page write copy
|
|
|
|
7FF5EB0E0000
|
unkown
|
page readonly
|
|
|
|
7FF52A9F6000
|
unkown
|
page readonly
|
|
|
|
7FF5EB4E2000
|
unkown
|
page readonly
|
|
|
|
7FF5A1F0C000
|
unkown
|
page readonly
|
|
|
|
126E2DC0000
|
unkown
|
page readonly
|
|
|
|
2979B800000
|
unkown
|
page read and write
|
|
|
|
7FF52A2F3000
|
unkown
|
page readonly
|
|
|
|
7FF52AA71000
|
unkown
|
page readonly
|
|
|
|
126E1200000
|
unkown
|
page read and write
|
|
|
|
17B8AC00000
|
unkown
|
page read and write
|
|
|
|
7FF5EB417000
|
unkown
|
page readonly
|
|
|
|
7FF5EB529000
|
unkown
|
page readonly
|
|
|
|
17B8AC6A000
|
unkown
|
page read and write
|
|
|
|
17B8C770000
|
unkown
|
page readonly
|
|
|
|
7FF5EB53D000
|
unkown
|
page readonly
|
|
|
|
7FF5A1ECF000
|
unkown
|
page readonly
|
|
|
|
2979C002000
|
unkown
|
page read and write
|
|
|
|
126E1170000
|
heap private
|
page read and write
|
|
|
|
7FF5EB3E3000
|
unkown
|
page readonly
|
|
|
|
B24336E000
|
unkown
|
page read and write
|
|
|
|
2979C200000
|
unkown
|
page readonly
|
|
|
|
7FF5EB4E6000
|
unkown
|
page readonly
|
|
There are 197 hidden memdumps, click here to show them.