Windows Analysis Report http://covid-19.in.th/

Overview

General Information

Sample URL:	http://covid-19.in.th/
Analysis ID:	451066
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49730 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid-19.in.thConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/main.css HTTP/1.1Accept: text/css, /Referer: http://covid-19.in.th/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid-19.in.thConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/bm/cv/669835187/api.js HTTP/1.1Accept: application/javascript, /;q=0.8Referer: http://covid-19.in.th/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: covid-19.in.thConnection: Keep-Alive

Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "http://www.facebook.com/cloudflare", equals www.facebook.com (Facebook)
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "http://www.twitter.com/cloudflare", equals www.twitter.com (Twitter)
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "http://www.youtube.com/user/CloudflareTeam" equals www.youtube.com (Youtube)
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: "https://www.linkedin.com/company/cloudflare", equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: covid-19.in.th

Source: unknown

HTTP traffic detected: POST /cdn-cgi/bm/cv/result?req_id=6719d64d08990eb7 HTTP/1.1Accept: */*Content-Type: application/jsonReferer: http://covid-19.in.th/Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: covid-19.in.thContent-Length: 355Connection: Keep-AliveCache-Control: no-cache

Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://api.jqueryui.com/category/ui-core/
Source: ~DF64BF8B4AEFB55D6C.TMP.2.dr	String found in binary or memory: http://covid-19.in.th/
Source: ~DF64BF8B4AEFB55D6C.TMP.2.dr	String found in binary or memory: http://covid-19.in.th/N
Source: {FBE078D1-E967-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: http://covid-19.in.th/Root
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://getify.mit-license.org
Source: chunk-55d37f7935d3778f0709[1].js.3.dr	String found in binary or memory: http://greensock.com
Source: chunk-55d37f7935d3778f0709[1].js.3.dr	String found in binary or memory: http://greensock.com/standard-license
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://jquery.org/license
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: http://jqueryui.com
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://plus.google.com/
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://schema.org
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://schema.org/Article
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://www.cloudflare.com
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://www.twitter.com/cloudflare
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: http://www.youtube.com/user/CloudflareTeam
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/css/application-ee0728fba2.min.css
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-01f71c423e068664057e.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-06380521ff19239efe05.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-1560bda32b9d6d231e95.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-1c4da1169909c3c43069.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-232ffa51e57f882f0534.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-27eef9fa207b28718df2.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-3125ea56e87c986b133e.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-55ad6e1817237ece29a0.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-55d37f7935d3778f0709.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-5c6ec7c6f9d0b6f9dd57.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-5d677ef1b4eeb74635d3.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-5f991135348b5b16cb1b.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-962e1864decb73b3a75a.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-cc3c9c6363f24544e951.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-cd8895b507ee9e702e17.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-e06d79a8c06c0d46865a.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-e50bafad0559f7d0a0f0.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/chunk-e6a0177c9a8b595a3dd2.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://assets.www.cloudflare.com/js/runtime-6a16446847617098e330.js
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iab2Data.json
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
Source: e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json.3.dr	String found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Source: api[1].js0.3.dr	String found in binary or memory: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting
Source: chunk-e6a0177c9a8b595a3dd2[1].js.3.dr	String found in binary or memory: https://github.com/imakewebthings/waypoints/blob/master/licenses.txt
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: https://github.com/polygonplanet/weakmap-polyfill
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://jquery.com/
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://jquery.org/license
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://js.foundation/
Source: chunk-232ffa51e57f882f0534[1].js.3.dr	String found in binary or memory: https://sizzlejs.com/
Source: chunk-5d677ef1b4eeb74635d3[1].js.3.dr	String found in binary or memory: https://vimeo.com/api/oembed.json?url=
Source: chunk-cd8895b507ee9e702e17[1].js.3.dr	String found in binary or memory: https://www.cloudflare.com
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing/
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico~
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/img/cf-facebook-card.png
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/img/cf-twitter-card.png
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.js
Source: 5xx-error-landing[1].htm.3.dr	String found in binary or memory: https://www.linkedin.com/company/cloudflare

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725

Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.124.96:443 -> 192.168.2.3:49730 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/56@4/2

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF57B235A356874BB7.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2396 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2396 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.159.246	covid-19.in.th	United States		13335	CLOUDFLARENETUS	false
104.16.124.96	www.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
www.cloudflare.com	104.16.124.96	true
assets.www.cloudflare.com	104.16.124.96	true
covid-19.in.th	172.67.159.246	true
favicon.ico	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://covid-19.in.th/	false		unknown
http://covid-19.in.th/cdn-cgi/styles/main.css	false	Avira URL Cloud: safe	unknown
http://covid-19.in.th/cdn-cgi/bm/cv/669835187/api.js	false	Avira URL Cloud: safe	unknown
http://covid-19.in.th/cdn-cgi/bm/cv/result?req_id=6719d64d08990eb7	false	Avira URL Cloud: safe	unknown
http://covid-19.in.th/	false		unknown
https://www.cloudflare.com/5xx-error-landing/	false		high

ID:	451066
Product:	CloudBasic
Start time:	07:36:33
Start date:	20.07.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\8120Q1N4\www.cloudflare[1].xml	ASCII text, with no line terminators	B9C5EB570521110110BB7DFF12AF780D	27F5BEBC2200FD8D0B51A93D1357EA954BE44079	90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBE078CF-E967-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	75B6923EED70574AF5CEC147EDE38B68	8D364E99DA2BDC9F47F9B5E2FEAADF826B398C4B	8434CC766BA7176482EF8F6F4450EDEFC20772BC8BE22D3F044F22028C1DD649
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBE078D1-E967-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	4B6AFC718A577D23B4078A66CC9C77AB	2A41A10702E0C8E9302AFF96CD4957BE411A09EF	B79164EF48B598A1712BFA8D8767BEE27E12849E6DB61E3B44B1FB782D2061D7
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBE078D2-E967-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	BD3C09ED45DE42B0C6DCA74EBE9DCA68	D560B5752B60B55F5D8A1BC0D0FA76104A421AF8	8A7093BE1A10611029A9B99298EAE15C9C716CF74FB5DF813378F79029E0C6CD
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	38FBA069009B0CC9E3807426A7C0C8C0	4C36635E971EF82F32913CD5AE7530C966D85FDA	0617475066F098403C9DED92F9CE31EC6A1FE91B9BA3E2D318BC0E73C33A465C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5xx-error-landing[1].htm	HTML document, UTF-8 Unicode text, with very long lines	95C01EF7019FF0EF6E8535634CA52087	970E97070998A33B67E9A0E8A09ED29ED1328A50	E82385BFBD576B0DCDC13DEB989A17E130DA1B5C6A2586B4F4574A12069AE74E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ao-com[1].svg	SVG Scalable Vector Graphics image	35250DF100EA12026E3F89D01AA86CF5	AAEA904EF92151B36C7C716A017E2E56058FBFD5	1C628EA1BB79FEA6C359F96B1212499AB6062B192E3BCC088F2CE0586610B092
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\discord[1].svg	SVG Scalable Vector Graphics image	3448F00B277AFBFBA697CE8F31FF2489	E546276DF70EB84552E57C0E85650D7C1A3B9964	18B0F4EE016FF8DA58E83BBC3387B0CEE3011636E6AAFC7F65CA3193444FDA07
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e34df59b-4a48-4bf9-b2b5-7a4bb09cd231[1].json	ASCII text, with very long lines, with no line terminators	EED86A060DC84BB386C91A036C7379CD	C9BDEA10B2410AFCAAB8566E09D7E6A2CECA214D	0A7037843713FE40028AC64F9E8295ECC778FE75E1AB4EB413D44F4EB8F61C79
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\en[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	8EA288422E1BD1BE70EA1387EF313A6E	37AAAE757FAD30D3D8FC0A7AA91E2DACABF7D246	8F9EF35C8BB712AFA239DAB6764F65755A8C092BA54C5CFF8F828C9A41BB76ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\log-me-in[1].svg	SVG Scalable Vector Graphics image	D2ABAD763443A92351B5CB911BE5E442	50142DF7FDA1F7BD8F197328F070A2DC7ECD617F	F25C4C7620F8228007475B542D28418E6623302F3CF338EB8AE2B3EEB2558C33
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo-cloudflare[1].svg	SVG Scalable Vector Graphics image	B8054BFFF1F7B60ABA9F2087CBC9BFCE	D97366F3991F2198DC2F8D0AE6BA0AAE2418F247	D2E1935E577B782725B4D7CDAE566481706DD12AAADBFA2BBB6140B4D24C7043
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mapbox[1].svg	SVG Scalable Vector Graphics image	CED0C24A8BD4418FAFEC0E151E805F0A	6FECFB9422729F4BCD41E4B8D307A8B2471842A1	C4123349FB4CD728256D1FD09A31B36FF8CEB31553C4955A1F2085D3534E91A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\marketo[1].svg	SVG Scalable Vector Graphics image	5CDEF9839F693A29A7B9F61FECE66FA1	12CB67AE89F0F5779236464E1F834497F528A62C	D7349E77199B82A7A86E674056A02CC53F1853F18F0EC13693277E1CEE52F67A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otBannerSdk[1].js	ASCII text, with very long lines	76E4D874B9B184D135AF9055DCE948F6	49BEAD4F9F3E1CB814AE3A6C4D41916E335B9951	80A4168DA3BFEB8A7A3D725AD6AABAFC536C28503E6C053B3B8067FD1B5CD0CB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otFlat[1].json	ASCII text, with very long lines	DB7B898247FBD56626448860E42D0E8D	8EAB737CCDC1ECD0F12843EB4C364004139AAAA0	06B10167B8D0AC41C1B681A2CCE2977F08C4BB49F3261D7FF2FCE60B0E59F7C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\5xx-error-screenshot[1].png	PNG image data, 3473 x 2127, 8-bit/color RGB, non-interlaced	2CFBA918DA5ACE6D738CF232CC63F87A	F79A71B271ED3A94C52D684613FEDCF78C7D0F75	0F7F0349844A5B0DB39F2C6455F59E2C09A8306387D19B0097A89FD78EAC263D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\api[1].js	UTF-8 Unicode text, with very long lines	6C6281C15CBC981BC05942BAC40BCD7E	6015D314D852ECC0C0158731D8E06724805E38E5	0D3118E306C6A26F1D2EFCB698984E6922C5E7E155C94A84760E36E5592A3C11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cookie-banner-close[1].svg	SVG Scalable Vector Graphics image	9C51826AA58DB2EBB532085EDFEAE7C6	C8A8642168C7C1FF62E39D586CB618ADCEC0C89B	628E1E79D510C99A5ACB5365A6A1B20513724B53EDF80897A0AA3FA6236F25A1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\crunchbase[1].svg	SVG Scalable Vector Graphics image	62A3993BF9388776606B366302FF6949	D63210EBEEA33E560CCC4BCC14799BA519846B4A	24F33F0458791C167EF9A5EB05BB31EE1AA038DE981A5715CF20ED8CC3EFFA6F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico	MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel	88415ACDA09A4CBD9D87543C3BA78180	2DEC4705E9AB399EFDC6EEF36E079AA31D1DF8D9	20CCCC47C1BAC9D2EF36B6A1C58AF58C5C169AD5CA084080F0392B86F949641C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\library-of-congress[1].svg	SVG Scalable Vector Graphics image	D05B1F27272DCBD8D1F0ED7A02AC68BA	F297B32B3DE81C52CA0C0C43000BAE5CC140A665	A3FCA10E250E9A55CCA8D692EB836D6AD811D2400ECDA63FEB7504176CB0425B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-cloudflare-dark[1].svg	SVG Scalable Vector Graphics image	D884003E20E8243AD893D526B5295C26	A4CB44B0D69CF50D0F4D694E1989ED24022B5D7D	3863E9324177796ABC3FE195E77F0EDE0F1197296FE49D0EF11E9633C292A9E0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\montecito[1].svg	SVG Scalable Vector Graphics image	B36C464CB2656E4D0851420484BDC521	B0743FC94733F68CE64FA88F79079FD68B6C5771	379CD5F631C2D78BD2222E2FC1964A090FAA83846BED9EFD029F51B62039EA9F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\okcupid[1].svg	SVG Scalable Vector Graphics image	D5220031C58C55B723A094C1BDA15D3C	5C9E330D7FE4DDBF2A942595EACACAD5BB181043	06D506F4548612F963DC93C5BFC5A90D574E31B49A9DD33206521A147D34E2F3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\trace[1].txt	ASCII text	0A726B8568B1DC2CD7B4581C86A63666	4410E4C893EE03B835132ED9C26A4B4823CB34D6	4848CF17724102DFF229AEE425F844B16DE903AC92005510B2615107E7586536
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\udacity[1].svg	SVG Scalable Vector Graphics image	BF4951E4477FA7FAD14F2C1BE52CD84A	4CFC46AECBB7D3415E8525EFD67CEC8338E158F1	DCBC458EB3EFBCD19B2752BA9D1C4F64AEE91757C3FA3DA51ACBE09FAA74F394
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\zendesk[1].svg	SVG Scalable Vector Graphics image	6388271BC4AC3457F646A7A8552C0670	99F5559BCA88DD4815EFD164D8E7B6D4553A1360	DE1F509BC976B8DB5A86B0BD302729E4E05004F9CAD710115C5DE1AEC94447AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\api[1].js	UTF-8 Unicode text, with very long lines	6C6281C15CBC981BC05942BAC40BCD7E	6015D314D852ECC0C0158731D8E06724805E38E5	0D3118E306C6A26F1D2EFCB698984E6922C5E7E155C94A84760E36E5592A3C11
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\application-ee0728fba2.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	EE0728FBA2E48A9C31E7C4339A078773	B7DDBCC98100287EB4278C963C32EC7BADEA9072	45F4086E46553F084A5CCA5D02F860E89EC1CBD39EB504648F67FAF2D0AC71A9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-01f71c423e068664057e[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	BF56419853AD9973AF0A09F4C3F3A11E	1B5F23C38AB3ADD96514532A71A34C5020656397	A6A6CFD5BD799A1F26DC1DE52D9259535B28EF50EC1CC8751C25A7982657A33C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-06380521ff19239efe05[1].js	ASCII text, with very long lines, with no line terminators	5B223758613BB302A5076A05C4305B7A	32A369D40C2ADE979352C2E234CD786776801863	DB84A4255A6657B7DA3B01B60AB76A0C85EFE26480A28DA50783864F26845CD5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-1c4da1169909c3c43069[1].js	ASCII text, with no line terminators	7D78F9CD7969C5A9B19FADCDF622EF89	DEAE6686519CF1AA5C9FAFB8A55179533B785E9A	5993759DF9D0357000201A26C7FF79EC8B0E44668EE57B496F5B10132090533D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-27eef9fa207b28718df2[1].js	ASCII text, with very long lines	6C3F4456672E85441FF6B8D8BEF00FEE	9BD99E849B59AE221E4A0DDC1FB05B0F38745C16	B04CCEC03DFB79773658C5A78C23D8CF914EBF939003BB291746DBB9F462CACF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-3125ea56e87c986b133e[1].js	ASCII text, with very long lines, with no line terminators	A2D21D3F79316BD4AAD9913CB4F4288F	9F70F2C752BAA9527EFAF68E7A00972F9A31E113	F64F2EFF7CEC2E81FFA39F89304552364C72E9FE97D0A652A44FFBB43EBDACFF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-55d37f7935d3778f0709[1].js	ASCII text, with very long lines	EBDC60D18B7C19C85643F8A211A7A1AB	4BD6F41AA7C504DC418D9E0A5C39547CB28B006F	90CF3CE8BB829E7936024115F34AA72113E771BB6E59F82C71D7A49D13C475FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\chunk-5d677ef1b4eeb74635d3[1].js	UTF-8 Unicode text, with very long lines	96D479C6BBFAB9B993E368BDBC5E9675	2AE2B7DD4BD0D2C5A6B89989AD7F43B43270762A	027BCAB37313D3FBF259F6DE6EA4C167E7F89E67C96165F556FFF1065977C440
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\digital-ocean[1].svg	SVG Scalable Vector Graphics image	005E13698D0CFFE38329C5D50424B74B	39BDB9DA0F419EF22C522F084645F9AFE42BBC86	A75A06B5A6A63A9FD7EE3419B31918991570C3B1916C4DF70064BA2F234736EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otPcCenter[1].json	ASCII text, with very long lines	31AA46AF83C456854922DD51159828F2	B5499133ABD83E2B7E0A351C78DCC0E0146083FF	C5015A9D4B5C5F025E2A826F1489C250C23FD70A63BB019A75CFC9E9A3025079
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-1560bda32b9d6d231e95[1].js	ASCII text, with very long lines, with no line terminators	ECA0FC93D1FFCF079107DB64776A6D8D	5529EF293A1EE4E64C3181A5C1F6EF0C84EDD3CE	929B068B89A3F2494100299B2D6FCFAFC4ADF24095B3B90A75C42EB6E0A3B57C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-232ffa51e57f882f0534[1].js	UTF-8 Unicode text, with very long lines	6262B17D31C33B46985406187768157A	CF83D13837A59B05E5DACD993AF0296F68DE7B43	6E515BD86767A477EA60730417D91BB40FEBC33AD88BA2311FAED5F3641F4B1D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-55ad6e1817237ece29a0[1].js	ASCII text, with very long lines, with no line terminators	DCAA94734CE93779A5693DF4E1D18F6B	65465C4F52BA3E9FF7B34B5C314FE5078CB97A61	C97B7772FAA33FD9DE67596C0198DEBE23EA7361E4BA24AB3F437A3F4F489B8F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-5c6ec7c6f9d0b6f9dd57[1].js	ASCII text, with very long lines, with no line terminators	B423D1DB71CF1B5DF25AB49948518F79	3DECD1313E3B71CEB6DC9B3187A218E8EEE3B335	9AA1004BB8A904564BB85D2B8340F7A05D562DB17F7C2B912C023AF26DAB75D2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-5f991135348b5b16cb1b[1].js	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators	F79451A95BB3FD064385B82146D90090	C5DD0228F171577DE7AFAFD757F6CEA5288300E0	188758602AB2CE77DDAC21CD7FFF813F43715500ADA3D9A5E0462F5605243098
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-962e1864decb73b3a75a[1].js	ASCII text, with very long lines, with no line terminators	E6975A9FD7181FF254E8788E5AB2D8B9	E3145942376C31A616E9D7C49A7622C82F8A010F	E083E8542BC2DE7DCCC65573F16A951874E5A7920A59ADFFD6FD2D1D27C31740
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-cc3c9c6363f24544e951[1].js	ASCII text, with very long lines, with no line terminators	21EE2AD839A8ADAA1C0A5E08BD5EB5A5	AABDED2A3678292A9EF2E05C6355F4B7CB042D65	866CF134D2AA132B0E942439E3F743DDB5B0126F6B5C529DC4989F0E5C95DF69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-cd8895b507ee9e702e17[1].js	ASCII text, with very long lines, with no line terminators	0BAC2FEA69CAE7D09A8B2B079FA4367C	F819E057B37F3C8140BBC9BF5A623FAF2BD95A65	6159B7533AF80C42B129285B3EEBE1FD193CAD973A0DF7760EA5DA88471D9B06
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-e06d79a8c06c0d46865a[1].js	ASCII text, with very long lines	CDD56B6A7DBF4850C2296B6389C6EFC8	BC98583EA10D44154059DF586D308D2966B0509E	3015437E9A32661CF1D28C8824419962B373C60EB5BDE9EF8CAD8649D05A3480
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-e50bafad0559f7d0a0f0[1].js	ASCII text, with very long lines, with no line terminators	1E8ED1E5109F64BB7A7F32DAA62DBF49	325B05BCF8D5A0B102D2FA562602E30C35606A45	910DFDF32324B353E6E0891265266EEE732D5640EBCEC8780E8AA3DF6248BC9C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\chunk-e6a0177c9a8b595a3dd2[1].js	UTF-8 Unicode text, with very long lines	334AAF92206913B7581906182F2A606F	1E32E0CE8CCDFECFCBF8D75F09D2F4BAED5A2369	78EB8480F7BCD68C7067725604C8D5186DAEE35F4510DA02CA68C642119CF74E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\main[1].css	ASCII text, with very long lines	D5FB0ED6278ABAFAE266B8AB9F1E0B42	615EE820D17BA2FACBEC654E9C3B20E002716F92	2729A14CE8234270B0833CD05EAAE83A0D00A89F7E3D79B0BC3B4609C48D85FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otSDKStub[1].js	ASCII text, with very long lines	E72DDCAFA303FF93A0E0FD6B4E335633	0148771023BF66CAFD35D8F35881A196662A71DA	1DD4C3F1EA5B28CA04D4F2391197C4B57EF93D2D79CA0656BF6C5D588408E325
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\runtime-6a16446847617098e330[1].js	ASCII text, with very long lines, with no line terminators	3E509B6FBB60E3BACDC070373E53E258	56DB7694481B23CE9E42709DCF12CA13CF279662	7E549F1FCFAB734025757F85BABFCF8A8F2EEF7E88AAE11C61D5B4900F2FA166
C:\Users\user\AppData\Local\Temp\~DF57B235A356874BB7.TMP	data	D3DF29BBCD9E3B5967D7B1BABD35CDA9	7E214282540F68B073458A9599C6EB58A5272280	C136687847DA76A1BCF301D1972816573179291B6D81D72AED813EA04E89277F
C:\Users\user\AppData\Local\Temp\~DF64BF8B4AEFB55D6C.TMP	data	A193B55C6A150DEBAD4E70335D1EF790	B0D8D2A944AE438138EB13BFC252A89454D20950	64D8B05AF893C589C1CB80C43E9A784B0AC9F994CA3826166DF690668F66EE5E
C:\Users\user\AppData\Local\Temp\~DFF8637F91E2C9D542.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA

Windows Analysis Report http://covid-19.in.th/

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs