Analysis Report http://covid19.iqwasithealth.com/jillian-ratke-iii/kathy_edler-43.zip

Overview

General Information

Sample URL:	http://covid19.iqwasithealth.com/jillian-ratke-iii/kathy_edler-43.zip
Analysis ID:	426544
Infos:
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Classification

Signatures

AV Detection:

Multi AV Scanner detection for domain / URL

Source: covid19.iqwasithealth.com

Virustotal: Detection: 5%

Perma Link

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.29.153.112:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.29.153.112:443 -> 192.168.2.3:49722 version: TLS 1.2

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 28 May 2021 23:26:50 GMTServer: ApacheVary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==Content-Length: 497Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 52 cb 8e d4 30 10 bc cf 57 f4 fa c0 01 36 c9 30 70 40 90 04 b4 0b 48 9c 16 89 41 88 d3 aa 63 f7 c4 d6 fa 85 ed 4c 94 1b bf c1 ef ed 97 e0 cc 8b 81 b9 71 4a b9 5d ae aa ee 4e 7d f5 fe ee 76 fd fd f3 07 90 c9 e8 76 51 cf 1f d0 68 fb 86 91 65 ed 62 01 50 4b 42 d1 66 90 a1 a1 84 c0 25 86 48 a9 61 5f d7 1f 8b 57 ec fc ca a2 a1 86 6d 15 8d de 85 c4 80 3b 9b c8 66 ea a8 44 92 8d a0 ad e2 54 ec 0e d7 a0 ac 4a 0a 75 11 39 6a 6a 9e 97 cb a3 94 56 f6 01 02 e9 86 c5 34 69 8a 92 28 6b c9 40 9b 86 55 55 a7 07 92 2e a6 82 0b 5b 72 67 2a 43 42 61 35 44 0a 55 1c a2 27 2b 48 dc 23 e7 6e b0 a9 ba ef e4 9f 6a c9 63 bc 34 f1 81 72 4e 4b fc cc 64 93 83 c7 b2 8f 09 93 e2 b3 cb 5f cf fe 61 39 d7 6b 42 af e2 2e 4e f6 58 bd dd a0 51 7a 6a ee b2 ef b3 2f 68 e3 eb b1 97 e9 dd 8b e5 f2 cd cb e5 f2 89 50 d1 6b 9c 9a 38 a2 67 17 9d ce 4e 75 b5 9f fa 0c 3b 27 a6 83 bb 50 db 3d ca 58 99 1e b8 c6 18 f3 e3 7d 83 85 97 2e 39 06 31 f0 ff 1b 54 47 1d f2 87 22 3a 67 4b 6f 7b 06 a8 f3 ee 6e 08 e6 32 cc 65 d8 5b 9c 42 c8 d5 31 43 47 c5 cc 62 ed 39 fd 2a f7 b1 3a 91 fd 91 3b 52 17 55 a2 c2 b8 2d 09 d6 ae a5 8a 70 a8 41 86 43 0e 16 c0 a0 9a 7f 1e b4 9c ca ba ea 42 7b 2b 29 cb ee b4 93 33 2e 04 37 66 7d 7f 92 9f 39 17 56 3f 06 8a 49 39 9b f7 fe f4 d3 06 26 37 3c fe fc 15 08 92 24 70 a3 cd 3e 6e 93 0f 67 01 d0 0a 90 b8 25 38 3d bd ce 2b 42 2e c1 0d 29 3b c3 cd 61 ae 25 7c a3 bd 98 44 ef a7 f9 4a 92 f6 e5 29 53 5d 1d f6 95 a3 ed 76 b8 c8 e3 48 46 b7 8b df 9a 24 1b 73 78 03 00 00 Data Ascii: R0W60p@HAcLqJ]N}vvQhebPKBf%Ha_Wm;fDTJu9jjV4i(k@UU.[rg*CBa5DU'+H#njc4rNKd_a9kB.NXQzj/hPk8gNu;'P=X}.91TG":gKo{n2e[B1CGb9*:;RU-pACB{+)3.7f}9V?I9&7<$p>ng%8=+B.);a%|DJ)S]vHF$sx

Source: global traffic	HTTP traffic detected: GET /jillian-ratke-iii/kathy_edler-43.zip HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid19.iqwasithealth.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cgi-sys/suspendedpage.cgi HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid19.iqwasithealth.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/beback-soon.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: http://covid19.iqwasithealth.com/cgi-sys/suspendedpage.cgiAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: bluehost-cdn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /media/user/suspended_account/_bh/suspended.css HTTP/1.1Accept: text/css, /Referer: http://covid19.iqwasithealth.com/cgi-sys/suspendedpage.cgiAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: bluehost-cdn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: covid19.iqwasithealth.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: AutoItHost: covid19.iqwasithealth.com

Source: msapplication.xml0.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x729530cf,0x01d75464</date><accdate>0x729530cf,0x01d75464</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x729530cf,0x01d75464</date><accdate>0x729530cf,0x01d75464</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7299f579,0x01d75464</date><accdate>0x7299f579,0x01d75464</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x7299f579,0x01d75464</date><accdate>0x7299f579,0x01d75464</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x7299f579,0x01d75464</date><accdate>0x7299f579,0x01d75464</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.2.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x7299f579,0x01d75464</date><accdate>0x7299f579,0x01d75464</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: covid19.iqwasithealth.com

Source: ~DF2D0378F71AA387A3.TMP.2.dr	String found in binary or memory: http://covid19.iqwasithealth.com/cgi-sys/suspendedpage.cgi
Source: {9C23E857-C057-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: http://covid19.iqwasithealth.com/cgi-sys/suspendedpage.cgiRoot
Source: css2[1].css.3.dr	String found in binary or memory: http://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8-Vg.woff)
Source: css2[1].css.3.dr	String found in binary or memory: http://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-U1UQ.woff)
Source: msapplication.xml.2.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.2.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.2.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.2.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.2.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.2.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.2.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.2.dr	String found in binary or memory: http://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 52.29.153.112:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.29.153.112:443 -> 192.168.2.3:49722 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@3/23@3/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF0730CF74CFD88E68.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5464 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5464 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.29.153.112	bluehost-cdn.com	United States		16509	AMAZON-02US	false
50.87.248.41	covid19.iqwasithealth.com	United States		46606	UNIFIEDLAYER-AS-1US	true

Contacted Domains

Name	IP	Active
covid19.iqwasithealth.com	50.87.248.41	true
bluehost-cdn.com	52.29.153.112	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://covid19.iqwasithealth.com/cgi-sys/suspendedpage.cgi	true		unknown
http://bluehost-cdn.com/media/user/suspended_account/_bh/suspended.css	false	Avira URL Cloud: safe	unknown
http://covid19.iqwasithealth.com/favicon.ico	true	Avira URL Cloud: safe	unknown
http://covid19.iqwasithealth.com/cgi-sys/suspendedpage.cgi	true		unknown
http://covid19.iqwasithealth.com/jillian-ratke-iii/kathy_edler-43.zip	true		unknown
http://bluehost-cdn.com/media/user/suspended_account/_bh/beback-soon.png	false	Avira URL Cloud: safe	unknown

ID:	426544
Product:	CloudBasic
Start time:	01:26:05
Start date:	29.05.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9C23E855-C057-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	A682E8FBC516F3E8AEFB0389A8CC8C3D	59B990E872ED7A9B489EFD51E290A7A4EDC6E45F	3EF34468DAD4E6DA13FAA3AF867FA9C5D0814047FC0F7929C4AF8D1B07F767B9
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9C23E857-C057-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4A8C8D697E3BF87DF25AC9A2BE4E06C7	425D4EEE76CA70E7F69978BE8185543221EB7EF5	E063B1A4BDFA17AB163533865D548C236E0DBCBA3D076348D7AFA73FBBB42D2B
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9C23E858-C057-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	FFEB765104CF7C6AE410EA4264DCDBAC	6EE453BC36BD44AD5111A4E6B76254F649A4881F	E2D88BF46A93FFB6E301B769C5B4A5D195CB041E96E6AC4A9394F18CEE670AA4
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	4E424A52E2D62B48485C69536FFD1F33	9F0F0C60E6D2E6AF73850A5CADCB7D53760F0038	0A34190FD566E445D73856BFDD25D9B565BE21726C1EB3E22ED01E008894618F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	C058190A5EC13A392F9E287DC7840B92	14B69A5832A20D7539E9776B3967DD3CF66E2519	450B7C6E3291CB13F075541C519489F8DBDEE6C26288BC8262FC290CA1C907AB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	BF3A96369C13EFE2094D6018AD31DB4D	42A94A4B55EBB4BED012781979D1AEDC697190A0	CD467B4829A80AC1136E46F1A9BB69D626CFB80D3FBD45319E67CD26095FAA61
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	CCDFD2F7A6FAB6D4BF77A25192F0F522	34AD5C14B8BA4D3CE9839116CAABFAE5171F6F4B	6A017D01FB6624105DB865C78114D1EF973A2983B3F28C5DD7008902F74CB549
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	CEB1F7A7A36F21EA1F20ED77EDBA4051	48F328756B60E9CC3C31459836DC345F8DBBFD6B	BD6B48F71A89F44BF87554ADF393D2AC2F072351536C251ABA5CD50F4263E4DA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	A0814D40C3DCDA9A8A7B414964D56056	301875A09F5C540DAE68C8787D89181F910652A7	40F19CB431710936D77359D9AA25BE2D49822D8BD35F5B66E4B45D3D65212E44
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	5C0B4D2F0808CC040B32B1FD4591017A	D314C7CC583C723D4C22CEA8C0DF5E9A8E98F0B7	F1D70FC18C6CFB32A59073F0E72D58B67D32C8F02992BF9D9CBFE0607BFEE23D
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	AE442E3D1D5525323CB30C634185E495	7B42401AE65644BE60591DED3C83870720C391A8	4EE30FC9E76148569D0DADF3B3F44619D440E8E5FF377DC9C49427C40BCD6CCF
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	9BF133C1759AD6DF32A9CEF72172EB7D	2E439C560A663119390F3A43E8D511039CE60310	47D006ADDBC47BE9189A3375CDB2D37861F9F4F80486D39D8927C9FBE8E6158B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\beback-soon[1].png	PNG image data, 1430 x 982, 8-bit/color RGBA, non-interlaced	495826852EE860B53716AEEDFCAD9F75	6FF9EEF566AA5BFE11749B37E16C1F24941633CC	A9119A330A2C1F636051FC96E31AF730D7BD096D358D7AD1681AC3770630F4A8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css2[1].css	ASCII text	2FA25E285A753FB92A157D62EBA152FF	E46518F1F513AFA95C5E7A446BA9E296AAB687F0	CFA4432D8EBA96FA3CFE49E0F6EBD9AB197CDC18D50EBB8D019B33E958C34B44
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\beback-soon[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\suspended[1].htm	HTML document, ASCII text, with CRLF line terminators	4F8E702CC244EC5D4DE32740C0ECBD97	3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF	9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\suspended[1].css	ASCII text	FCC0451FD57AE709762EFCCA96001902	D1B2F74C3CF5B11BE47E6A780FDF640A25F245A8	62A3B1D143DB0EA140983CDF2A54D4B87973AAF409B6B4C8370595C80AE5AF9C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem5YaGs126MiZpBA-UN_r8-Vg[1].woff	Web Open Font Format, TrueType, length 57032, version 1.1	9E55836C60E94AAD92DEE91796D5DCCB	086F64719F7B56B2ACA277B74D0561F40E49CFAB	F90019961C130188453DEA8C8A1AA419DA9D414F62E75462980ACE71794D66D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\mem8YaGs126MiZpBA-U1UQ[1].woff	Web Open Font Format, TrueType, length 55324, version 1.1	89BA4E29DC7A63CD15959A5BB068BB0E	250DEBBAEE6E7DC0C79F2BF23D8C84512F03BC10	3ADC584FB0BEF1FBF9B1C0ECDDDE5727643B4334C734DB78B517AB112D92E1D8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\suspendedpage[1].htm	HTML document, UTF-8 Unicode text	998BED8BB5FB5A2207B8D94268D1E0B9	58F3F1208B7D8D2FD0298DD804EBAB5D3D91B40C	4DD3D615813A715CD47725CE1AFC19BA31787B11523081A307288A1AA0AD509C
C:\Users\user\AppData\Local\Temp\~DF0730CF74CFD88E68.TMP	data	40DE297BCDC8C3AB98F8DBA30F15F24B	896318F6F80C29040E69F0A4260A3FBB60E0AB5A	35B195DA5DC569ABA1293CC861266B70A3D93075BCFB6B3F73215E6308DFDC67
C:\Users\user\AppData\Local\Temp\~DF2D0378F71AA387A3.TMP	data	56170A3363A7CADC44EF96562571AA2C	7DFC500196A0C0A6E1BC5E0B1656B353BAF6BD22	4DDD3710102A5DD532534035E2F6C51C2FF6F31498577C046D7070FE4A406697
C:\Users\user\AppData\Local\Temp\~DFF1FEBD55FD9ECCDE.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Analysis Report http://covid19.iqwasithealth.com/jillian-ratke-iii/kathy_edler-43.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs