Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_list
|
URL
|
initial url
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{05EF40B8-BF2A-11EB-90E5-ECF4BB570DC9}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{05EF40BA-BF2A-11EB-90E5-ECF4BB570DC9}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{05EF40BB-BF2A-11EB-90E5-ECF4BB570DC9}.dat
|
Microsoft Word Document
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\errorPageStrings[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\tlserror[1]
|
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\httpErrorPagesScripts[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\NewErrorPageTemplate[1]
|
UTF-8 Unicode (with BOM) text, with CRLF line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF0935CD567CC8F902.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF18359BB68FC599BB.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC22ECB04AC33237C.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
|
|
|
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6080 CREDAT:17410 /prefetch:2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_list
|
unknown
|
|
|
|
https://vaccinecovid19.cra.ac.th/VaccineCOVID19/form/registration_listRoot
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vaccinecovid19.cra.ac.th
|
172.67.214.160
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.214.160
|
vaccinecovid19.cra.ac.th
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\internet explorer\iexplore.exe
|
{05EF40B8-BF2A-11EB-90E5-ECF4BB570DC9}
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
|
|
|
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF56B8F4000
|
unkown
|
page readonly
|
|
|
|
7FF56B849000
|
unkown
|
page readonly
|
|
|
|
2BB93800000
|
unkown
|
page readonly
|
|
|
|
7FF56B8FB000
|
unkown
|
page readonly
|
|
|
|
7FF5A5AB1000
|
unkown
|
page readonly
|
|
|
|
7FF5A5C3F000
|
unkown
|
page readonly
|
|
|
|
2B7736A3000
|
unkown
|
page read and write
|
|
|
|
7FF56B7B3000
|
unkown
|
page readonly
|
|
|
|
2B773713000
|
unkown
|
page read and write
|
|
|
|
2B778BD0000
|
unkown
|
page read and write
|
|
|
|
7FF5A5CD0000
|
unkown
|
page readonly
|
|
|
|
7FF5A5AF4000
|
unkown
|
page readonly
|
|
|
|
BDFE67E000
|
unkown
|
page read and write
|
|
|
|
2BB93810000
|
unkown
|
page readonly
|
|
|
|
2B778B60000
|
unkown
|
page read and write
|
|
|
|
2BB93720000
|
unkown
|
page readonly
|
|
|
|
2B773702000
|
unkown
|
page read and write
|
|
|
|
7FF56B820000
|
unkown
|
page readonly
|
|
|
|
7FF5A5E37000
|
unkown
|
page readonly
|
|
|
|
2B774570000
|
unkown
|
page readonly
|
|
|
|
2B77363D000
|
unkown
|
page read and write
|
|
|
|
2B773510000
|
unkown
|
page readonly
|
|
|
|
BDFDFFF000
|
unkown
|
page read and write
|
|
|
|
7FF56B8C8000
|
unkown
|
page readonly
|
|
|
|
7FF5A5DCF000
|
unkown
|
page readonly
|
|
|
|
2B773D18000
|
unkown
|
page read and write
|
|
|
|
2B778990000
|
unkown
|
page read and write
|
|
|
|
7FF5A5E58000
|
unkown
|
page readonly
|
|
|
|
2B778BF0000
|
unkown
|
page read and write
|
|
|
|
7FF5A5CA3000
|
unkown
|
page readonly
|
|
|
|
2B773F01000
|
unkown
|
page read and write
|
|
|
|
E80097C000
|
unkown
|
page read and write
|
|
|
|
7FF5A5F38000
|
unkown
|
page readonly
|
|
|
|
2B773C00000
|
unkown
|
page read and write
|
|
|
|
2BB91DD7000
|
heap default
|
page read and write
|
|
|
|
7FF5A5C6A000
|
unkown
|
page readonly
|
|
|
|
2B774550000
|
unkown
|
page readonly
|
|
|
|
E8007FD000
|
unkown
|
page read and write
|
|
|
|
7FF5A56C6000
|
unkown
|
page readonly
|
|
|
|
2B773690000
|
unkown
|
page read and write
|
|
|
|
7FF5A5D38000
|
unkown
|
page readonly
|
|
|
|
2B7788F0000
|
unkown
|
page read and write
|
|
|
|
7FF5A5E73000
|
unkown
|
page readonly
|
|
|
|
2B773676000
|
unkown
|
page read and write
|
|
|
|
2BB91D70000
|
unkown
|
page readonly
|
|
|
|
2B774390000
|
unkown
|
page read and write
|
|
|
|
7FF56B873000
|
unkown
|
page readonly
|
|
|
|
7FF5A5AFA000
|
unkown
|
page readonly
|
|
|
|
7FF5A5B00000
|
unkown
|
page readonly
|
|
|
|
2B773657000
|
unkown
|
page read and write
|
|
|
|
2B773BA0000
|
unkown
|
page read and write
|
|
|
|
7FF5A5F7F000
|
unkown
|
page readonly
|
|
|
|
7FF56B845000
|
unkown
|
page readonly
|
|
|
|
7FF56B81C000
|
unkown
|
page readonly
|
|
|
|
2B773800000
|
unkown
|
page readonly
|
|
|
|
7FF5A5E2D000
|
unkown
|
page readonly
|
|
|
|
2B774580000
|
unkown
|
page readonly
|
|
|
|
2B7733D0000
|
heap private
|
page read and write
|
|
|
|
2BB92310000
|
unkown
|
page readonly
|
|
|
|
7FF56B5F3000
|
unkown
|
page readonly
|
|
|
|
2B778EE0000
|
unkown
|
page read and write
|
|
|
|
2B778E40000
|
unkown
|
page readonly
|
|
|
|
2BB938E0000
|
heap private
|
page read and write
|
|
|
|
2B778B60000
|
unkown
|
page write copy
|
|
|
|
7FF5A5E87000
|
unkown
|
page readonly
|
|
|
|
BDFD90E000
|
unkown
|
page read and write
|
|
|
|
7FF5A5D1D000
|
unkown
|
page readonly
|
|
|
|
7FF56B8FE000
|
unkown
|
page readonly
|
|
|
|
2B773B90000
|
unkown
|
page read and write
|
|
|
|
2B7745A0000
|
unkown
|
page readonly
|
|
|
|
E80077E000
|
unkown
|
page read and write
|
|
|
|
7FF5A5ECA000
|
unkown
|
page readonly
|
|
|
|
2B778B64000
|
unkown
|
page readonly
|
|
|
|
2B773600000
|
unkown
|
page read and write
|
|
|
|
2B774590000
|
unkown
|
page readonly
|
|
|
|
2B7745B0000
|
unkown
|
page readonly
|
|
|
|
7FF5A5772000
|
unkown
|
page readonly
|
|
|
|
7FF56B807000
|
unkown
|
page readonly
|
|
|
|
2BB91DB0000
|
heap default
|
page read and write
|
|
|
|
BDFD98E000
|
unkown
|
page read and write
|
|
|
|
2BB93A90000
|
heap private
|
page read and write
|
|
|
|
2B773689000
|
unkown
|
page read and write
|
|
|
|
2BB91D95000
|
heap private
|
page read and write
|
|
|
|
2B773679000
|
unkown
|
page read and write
|
|
|
|
2BB91D30000
|
unkown
|
page read and write
|
|
|
|
2B778C8B000
|
unkown
|
page read and write
|
|
|
|
2B778BF0000
|
unkown
|
page read and write
|
|
|
|
2BB93840000
|
heap private
|
page read and write
|
|
|
|
7FF56B83D000
|
unkown
|
page readonly
|
|
|
|
2B778A98000
|
unkown
|
page read and write
|
|
|
|
7FF56B506000
|
unkown
|
page readonly
|
|
|
|
2B778BA0000
|
unkown
|
page read and write
|
|
|
|
7FF56B4EB000
|
unkown
|
page readonly
|
|
|
|
2BB93D60000
|
heap private
|
page read and write
|
|
|
|
2B773D18000
|
unkown
|
page read and write
|
|
|
|
2B778BF0000
|
unkown
|
page read and write
|
|
|
|
7FF5A5EC3000
|
unkown
|
page readonly
|
|
|
|
2B77362A000
|
unkown
|
page read and write
|
|
|
|
2B774560000
|
unkown
|
page readonly
|
|
|
|
2B778B84000
|
unkown
|
page readonly
|
|
|
|
2B778A9E000
|
unkown
|
page read and write
|
|
|
|
2B778BF0000
|
unkown
|
page readonly
|
|
|
|
2BB91DEB000
|
heap default
|
page read and write
|
|
|
|
2B77369E000
|
unkown
|
page read and write
|
|
|
|
2B773D00000
|
unkown
|
page read and write
|
|
|
|
7FF5A5EAD000
|
unkown
|
page readonly
|
|
|
|
7FF5A5E54000
|
unkown
|
page readonly
|
|
|
|
7FF5A5CA1000
|
unkown
|
page readonly
|
|
|
|
7FF56B8E0000
|
unkown
|
page readonly
|
|
|
|
7FF56B8DB000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F7B000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F7F000
|
unkown
|
page readonly
|
|
|
|
7FF5A5A2F000
|
unkown
|
page readonly
|
|
|
|
2B778C61000
|
unkown
|
page read and write
|
|
|
|
7FF5A5EB9000
|
unkown
|
page readonly
|
|
|
|
7FF5A5AE5000
|
unkown
|
page readonly
|
|
|
|
7FF5A5E6C000
|
unkown
|
page readonly
|
|
|
|
2B778940000
|
unkown
|
page readonly
|
|
|
|
7FF56B7AF000
|
unkown
|
page readonly
|
|
|
|
2B778ED0000
|
unkown
|
page readonly
|
|
|
|
2B778C1C000
|
unkown
|
page read and write
|
|
|
|
7FF5A5750000
|
unkown
|
page readonly
|
|
|
|
7FF5A5EB5000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F46000
|
unkown
|
page readonly
|
|
|
|
2B778980000
|
unkown
|
page read and write
|
|
|
|
BDFE2FF000
|
unkown
|
page read and write
|
|
|
|
BDFE97E000
|
unkown
|
page read and write
|
|
|
|
BDFE87D000
|
unkown
|
page read and write
|
|
|
|
2B7735F0000
|
unkown
|
page readonly
|
|
|
|
2B778AB4000
|
unkown
|
page read and write
|
|
|
|
2B778BB0000
|
unkown
|
page read and write
|
|
|
|
7FF5A5E40000
|
unkown
|
page readonly
|
|
|
|
7FF5A5D4C000
|
unkown
|
page readonly
|
|
|
|
2B778A90000
|
unkown
|
page read and write
|
|
|
|
2B778F10000
|
unkown
|
page readonly
|
|
|
|
7FF56B875000
|
unkown
|
page readonly
|
|
|
|
BDFE0FB000
|
unkown
|
page read and write
|
|
|
|
2B778AD0000
|
unkown
|
page read and write
|
|
|
|
2B778970000
|
unkown
|
page read and write
|
|
|
|
7FF56B4FD000
|
unkown
|
page readonly
|
|
|
|
7FF5A5C6C000
|
unkown
|
page readonly
|
|
|
|
BDFE47A000
|
unkown
|
page read and write
|
|
|
|
2B778BF0000
|
unkown
|
page read and write
|
|
|
|
2B77366F000
|
unkown
|
page read and write
|
|
|
|
7FF56B10D000
|
unkown
|
page readonly
|
|
|
|
7FF5A5C7D000
|
unkown
|
page readonly
|
|
|
|
2B773520000
|
unkown
|
page readonly
|
|
|
|
7FF5A5D14000
|
unkown
|
page readonly
|
|
|
|
BDFE4FF000
|
unkown
|
page read and write
|
|
|
|
2B778900000
|
unkown
|
page read and write
|
|
|
|
7FF5A5F3F000
|
unkown
|
page readonly
|
|
|
|
7FF56B90F000
|
unkown
|
page readonly
|
|
|
|
7FF5A5DF4000
|
unkown
|
page readonly
|
|
|
|
7FF5A56D0000
|
unkown
|
page readonly
|
|
|
|
7FF5A5C87000
|
unkown
|
page readonly
|
|
|
|
2B774383000
|
unkown
|
page read and write
|
|
|
|
2B778C2A000
|
unkown
|
page read and write
|
|
|
|
2B773D02000
|
unkown
|
page read and write
|
|
|
|
7FF5A5B0F000
|
unkown
|
page readonly
|
|
|
|
BDFDCF8000
|
unkown
|
page read and write
|
|
|
|
2B778E30000
|
unkown
|
page readonly
|
|
|
|
E80067C000
|
unkown
|
page read and write
|
|
|
|
2B773C02000
|
unkown
|
page read and write
|
|
|
|
7FF5A5C73000
|
unkown
|
page readonly
|
|
|
|
7FF56B8ED000
|
unkown
|
page readonly
|
|
|
|
7FF5A5E62000
|
unkown
|
page readonly
|
|
|
|
BDFE17E000
|
unkown
|
page read and write
|
|
|
|
2B773C15000
|
unkown
|
page read and write
|
|
|
|
7FF56B8D6000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F6B000
|
unkown
|
page readonly
|
|
|
|
2BB91DD4000
|
heap default
|
page read and write
|
|
|
|
7FF5A5E50000
|
unkown
|
page readonly
|
|
|
|
2B778C00000
|
unkown
|
page read and write
|
|
|
|
7FF56B828000
|
unkown
|
page readonly
|
|
|
|
2B778B87000
|
unkown
|
page readonly
|
|
|
|
2B778B94000
|
unkown
|
page write copy
|
|
|
|
BDFDDFC000
|
unkown
|
page read and write
|
|
|
|
2B7736FB000
|
unkown
|
page read and write
|
|
|
|
7FF5A5C0A000
|
unkown
|
page readonly
|
|
|
|
7FF5A5DB7000
|
unkown
|
page readonly
|
|
|
|
BDFE57E000
|
unkown
|
page read and write
|
|
|
|
7FF5A5A86000
|
unkown
|
page readonly
|
|
|
|
2B773D13000
|
unkown
|
page read and write
|
|
|
|
7FF5A5F4B000
|
unkown
|
page readonly
|
|
|
|
2B773430000
|
heap default
|
page read and write
|
|
|
|
2B778AD4000
|
unkown
|
page read and write
|
|
|
|
2B778C3E000
|
unkown
|
page read and write
|
|
|
|
7FF5A5E98000
|
unkown
|
page readonly
|
|
|
|
2BB91D80000
|
unkown
|
page readonly
|
|
|
|
2B773440000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F5D000
|
unkown
|
page readonly
|
|
|
|
2B773626000
|
unkown
|
page read and write
|
|
|
|
2BB91DBB000
|
heap default
|
page read and write
|
|
|
|
2B773725000
|
unkown
|
page read and write
|
|
|
|
7FF5A5F6E000
|
unkown
|
page readonly
|
|
|
|
BDFDEFB000
|
unkown
|
page read and write
|
|
|
|
2B778AC0000
|
unkown
|
page read and write
|
|
|
|
2B773D58000
|
unkown
|
page read and write
|
|
|
|
BDFE1FE000
|
unkown
|
page read and write
|
|
|
|
2B774361000
|
unkown
|
page read and write
|
|
|
|
2BB91D90000
|
heap private
|
page read and write
|
|
|
|
7FF5A5F64000
|
unkown
|
page readonly
|
|
|
|
2B7748F0000
|
unkown
|
page read and write
|
|
|
|
2B778C0B000
|
unkown
|
page read and write
|
|
|
|
7FF56B87D000
|
unkown
|
page readonly
|
|
|
|
2B778C4B000
|
unkown
|
page read and write
|
|
|
|
7FF5A5E77000
|
unkown
|
page readonly
|
|
|
|
7FF56B7BA000
|
unkown
|
page readonly
|
|
|
|
7FF5A5774000
|
unkown
|
page readonly
|
|
|
|
7FF5A5C71000
|
unkown
|
page readonly
|
|
|
|
7FF5A5E30000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F7D000
|
unkown
|
page readonly
|
|
|
|
7FF5A5F4E000
|
unkown
|
page readonly
|
|
|
|
BDFE37F000
|
unkown
|
page read and write
|
|
|
|
2B773D59000
|
unkown
|
page read and write
|
|
|
|
2BB91CD0000
|
unkown
|
page readonly
|
|
|
|
2BB93820000
|
unkown
|
page readonly
|
|
|
|
2BB91EB0000
|
unkown
|
page readonly
|
|
|
|
7FF56B8CF000
|
unkown
|
page readonly
|
|
|
|
2B778AB1000
|
unkown
|
page read and write
|
|
|
|
2B778E50000
|
unkown
|
page readonly
|
|
|
|
7FF56B853000
|
unkown
|
page readonly
|
|
|
|
BDFE27E000
|
unkown
|
page read and write
|
|
|
|
2BB91F80000
|
unkown
|
page readonly
|
|
|
|
2B773613000
|
unkown
|
page read and write
|
|
|
|
E8008FE000
|
unkown
|
page read and write
|
|
|
|
2B778B97000
|
unkown
|
page write copy
|
|
|
|
2B778EF0000
|
unkown
|
page readonly
|
|
|
|
2B778BE0000
|
unkown
|
page read and write
|
|
|
|
2B778CB8000
|
unkown
|
page read and write
|
|
|
|
7FF5A5E8C000
|
unkown
|
page readonly
|
|
|
|
2B774470000
|
unkown
|
page read and write
|
|
|
|
7FF56B90B000
|
unkown
|
page readonly
|
|
|
|
BDFD88C000
|
unkown
|
page read and write
|
|
|
|
7FF56B90F000
|
unkown
|
page readonly
|
|
|
|
7FF5A5D33000
|
unkown
|
page readonly
|
|
|
|
2B778AB0000
|
unkown
|
page read and write
|
|
|
|
2B778CA7000
|
unkown
|
page read and write
|
|
|
|
2B778A90000
|
unkown
|
page read and write
|
|
|
|
7FF5A5B23000
|
unkown
|
page readonly
|
|
|
|
7FF5A5EE5000
|
unkown
|
page readonly
|
|
|
|
2B778BC0000
|
unkown
|
page read and write
|
|
|
|
2BB93B8F000
|
heap private
|
page read and write
|
|
|
|
2B778C8E000
|
unkown
|
page read and write
|
|
|
|
2B773674000
|
unkown
|
page read and write
|
|
|
|
2B778C5C000
|
unkown
|
page read and write
|
|
|
|
2B778AC0000
|
unkown
|
page read and write
|
|
|
|
2B774380000
|
unkown
|
page read and write
|
|
|
|
2B77369B000
|
unkown
|
page read and write
|
|
|
|
E8006FE000
|
unkown
|
page read and write
|
|
|
|
2BB91D50000
|
unkown
|
page read and write
|
|
|
|
BDFE77C000
|
unkown
|
page read and write
|
|
There are 242 hidden memdumps, click here to show them.