Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://vaccinecovid19.cra.ac.th/
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ED206118-BF25-11EB-90E5-ECF4BB2D2496}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED20611A-BF25-11EB-90E5-ECF4BB2D2496}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED20611B-BF25-11EB-90E5-ECF4BB2D2496}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\tlserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF40F5096E1EA1EB12.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF5E2719AC2903A56D.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFFD717E35E1808EEA.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5192 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://vaccinecovid19.cra.ac.th/
|
unknown
|
|
|
|
https://vaccinecovid19.cra.ac.th/Root
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vaccinecovid19.cra.ac.th
|
172.67.214.160
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.214.160
|
vaccinecovid19.cra.ac.th
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{ED206118-BF25-11EB-90E5-ECF4BB2D2496}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF599B81000
|
unkown
|
page readonly
|
|
|
|
7FF599D95000
|
unkown
|
page readonly
|
|
|
|
1E06B65F000
|
unkown
|
page read and write
|
|
|
|
1E06BD40000
|
unkown
|
page readonly
|
|
|
|
F03EF7000
|
unkown
|
page read and write
|
|
|
|
1E06B713000
|
unkown
|
page read and write
|
|
|
|
F03A7B000
|
unkown
|
page read and write
|
|
|
|
7FF599E69000
|
unkown
|
page readonly
|
|
|
|
7FF599E23000
|
unkown
|
page readonly
|
|
|
|
1E06B5F0000
|
heap default
|
page read and write
|
|
|
|
7FF599D06000
|
unkown
|
page readonly
|
|
|
|
1E06C000000
|
unkown
|
page readonly
|
|
|
|
1E06B655000
|
unkown
|
page read and write
|
|
|
|
7FF5999C1000
|
unkown
|
page readonly
|
|
|
|
1E06B800000
|
unkown
|
page readonly
|
|
|
|
7FF599E0F000
|
unkown
|
page readonly
|
|
|
|
F03DFE000
|
unkown
|
page read and write
|
|
|
|
7FF599D25000
|
unkown
|
page readonly
|
|
|
|
7FF599F17000
|
unkown
|
page readonly
|
|
|
|
7FF599E5D000
|
unkown
|
page readonly
|
|
|
|
7FF599D28000
|
unkown
|
page readonly
|
|
|
|
7FF599D20000
|
unkown
|
page readonly
|
|
|
|
1E06B65F000
|
unkown
|
page read and write
|
|
|
|
1E06B600000
|
unkown
|
page read and write
|
|
|
|
F03FFE000
|
unkown
|
page read and write
|
|
|
|
7FF599E1F000
|
unkown
|
page readonly
|
|
|
|
F040FE000
|
unkown
|
page read and write
|
|
|
|
1E06B708000
|
unkown
|
page read and write
|
|
|
|
7FF599E3A000
|
unkown
|
page readonly
|
|
|
|
7FF599CAA000
|
unkown
|
page readonly
|
|
|
|
1E06BAD0000
|
unkown
|
page readonly
|
|
|
|
1E06B68B000
|
unkown
|
page read and write
|
|
|
|
7FF599EC7000
|
unkown
|
page readonly
|
|
|
|
1E06B62C000
|
unkown
|
page read and write
|
|
|
|
7FF599ECD000
|
unkown
|
page readonly
|
|
|
|
1E06C340000
|
unkown
|
page readonly
|
|
|
|
1E06B64F000
|
unkown
|
page read and write
|
|
|
|
7FF599AD5000
|
unkown
|
page readonly
|
|
|
|
1E06BE02000
|
unkown
|
page read and write
|
|
|
|
7FF599EDB000
|
unkown
|
page readonly
|
|
|
|
7FF5999C7000
|
unkown
|
page readonly
|
|
|
|
1E06B602000
|
unkown
|
page read and write
|
|
|
|
7FF599E2D000
|
unkown
|
page readonly
|
|
|
|
1E06B671000
|
unkown
|
page read and write
|
|
|
|
F03B7E000
|
unkown
|
page read and write
|
|
|
|
7FF599CD7000
|
unkown
|
page readonly
|
|
|
|
7FF599F03000
|
unkown
|
page readonly
|
|
|
|
7FF599F17000
|
unkown
|
page readonly
|
|
|
|
F03D7B000
|
unkown
|
page read and write
|
|
|
|
7FF599ED4000
|
unkown
|
page readonly
|
|
|
|
1E06B702000
|
unkown
|
page read and write
|
|
|
|
1E06B63C000
|
unkown
|
page read and write
|
|
|
|
1E06B613000
|
unkown
|
page read and write
|
|
|
|
7FF599E67000
|
unkown
|
page readonly
|
|
|
|
7FF599E42000
|
unkown
|
page readonly
|
|
|
|
7FF599EC1000
|
unkown
|
page readonly
|
|
|
|
1E06B629000
|
unkown
|
page read and write
|
|
|
|
7FF599E56000
|
unkown
|
page readonly
|
|
|
|
7FF599F12000
|
unkown
|
page readonly
|
|
|
|
F03C75000
|
unkown
|
page read and write
|
|
|
|
7FF599E11000
|
unkown
|
page readonly
|
|
|
|
7FF599D58000
|
unkown
|
page readonly
|
|
|
|
F03AFE000
|
unkown
|
page read and write
|
|
|
|
7FF599ED7000
|
unkown
|
page readonly
|
|
|
|
7FF599F06000
|
unkown
|
page readonly
|
|
|
|
7FF599EC4000
|
unkown
|
page readonly
|
|
|
|
7FF599E36000
|
unkown
|
page readonly
|
|
|
|
7FF599EEA000
|
unkown
|
page readonly
|
|
|
|
1E06BD50000
|
unkown
|
page read and write
|
|
|
|
1E06B700000
|
unkown
|
page read and write
|
|
|
|
1E06B590000
|
heap private
|
page read and write
|
|
|
|
1E06B8D0000
|
unkown
|
page readonly
|
|
There are 62 hidden memdumps, click here to show them.