IOCReport

loading gif

Files

File Path
Type
Category
Malicious
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\s[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DDT7UALL\217181.8b[1].xml
ASCII text, with no line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F464A1C8-5607-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F464A1CA-5607-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F464A1CB-5607-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\amp-auto-lightbox-0.1[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\background5-h_kjv9je6u[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1446x1414, frames 3
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css
ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\amp-intersection-observer-polyfill-0.1[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo[1].png
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pdf[1].png
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\amp-analytics-0.1[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\new[1].htm
HTML document, ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\v0[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AEU170SU.htm
HTML document, UTF-8 Unicode text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amp-loader-0.1[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amp-mustache-0.2[1].js
ASCII text, with very long lines
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css
ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[2].css
ASCII text, with very long lines, with CRLF line terminators
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo[1].png
PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
downloaded
clean
C:\Users\user\AppData\Local\Temp\datE097.tmp
Web Open Font Format, TrueType, length 2532, version 2.24904
dropped
clean
C:\Users\user\AppData\Local\Temp\~DF7A56E4C66E2E6546.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFB84486B6B75C1FAC.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFE8C735A3CF508A06.TMP
data
dropped
clean
There are 16 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6052 CREDAT:17410 /prefetch:2
clean

URLs

Name
IP
Malicious
https://217181.8b.io/
malicious
https://boawd.com/cgi-inc/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=875dea8150642da2c39cd31a7e0474fda47bea7f8b87125553305f0662243590ed7af3d6
malicious
https://app.8b.io/app/themes/webamp/projects/agency/assets/images/logo.pngn
unknown
clean
https://217181.8b.io/L
unknown
clean
https://3p.ampproject.net
unknown
clean
https://log.amp.dev/?v=012012301722000&id=
unknown
clean
https://cdn.ampproject.org/v0/amp-analytics-0.1.js
unknown
clean
https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md
unknown
clean
https://boawd.com/cgi-L
unknown
clean
https://cdn.ampproject.org/v0.js
unknown
clean
https://cdn.ampproject.org
unknown
clean
https://r.8b.io/217181/images/background5-h_kjv9je6u.jpg
unknown
clean
https://mths.be/cssescape
unknown
clean
https://boawd.com/cgi-inc/new/
unknown
clean
https://us-central1-amp-error-reporting.cloudfunctions.net/r
unknown
clean
https://boawd.com/cgi-
unknown
clean
https://boawd.com/cgi-inc/new
unknown
clean
https://8b.com
unknown
clean
https://app.8b.io/app/themes/webamp/projects/agency/assets/images/logo.png
unknown
clean
https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout
unknown
clean
https://217181.8b.io/
unknown
clean
https://boawd.com/cgi-inc/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=875dea8150642da2c39cd3
unknown
clean
http://github.com/janl/mustache.js
unknown
clean
https://217181.8b.io/Root
unknown
clean
https://cdn.ampproject.org/v0/amp-mustache-0.2.js
unknown
clean
https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta
unknown
clean
There are 16 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
app.8b.io
104.24.105.39
clean
r.8b.io
104.24.104.39
clean
proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com
52.201.120.251
clean
cdn-content.ampproject.org
108.177.119.132
clean
boawd.com
5.188.108.191
clean
217181.8b.io
unknown
clean
cdn.ampproject.org
unknown
clean

IPs

IP
Domain
Country
Active
Malicious
108.177.119.132
unknown
United States
unknown
clean
5.188.108.191
unknown
Luxembourg
unknown
clean
52.201.120.251
unknown
United States
unknown
clean
104.24.105.39
unknown
United States
unknown
clean
104.24.104.39
unknown
United States
unknown
clean

Registry

Path
Value
Malicious
C:\Program Files\internet explorer\iexplore.exe
{F464A1C8-5607-11EB-90E4-ECF4BB862DED}
clean
C:\Program Files\internet explorer\iexplore.exe
AdminActive
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
Count
clean
C:\Program Files\internet explorer\iexplore.exe
Time
clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NumberOfSubdomains
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
@C:\Windows\System32\ieframe.dll,-912
clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
@C:\Windows\System32\ieframe.dll,-904
clean
There are 15 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1235B359000
unkown
page read and write
clean
1235FF5E000
unkown
page read and write
clean
1AEFFFE000
unkown
page read and write
clean
1236024C000
unkown
page readonly
clean
123602B0000
unkown
page read and write
clean
1235FF70000
unkown
page read and write
clean
1235BA60000
unkown
page readonly
clean
1235B940000
unkown
page read and write
clean
1AF00FF000
unkown
page read and write
clean
12360260000
unkown
page read and write
clean
7FF52BAFE000
unkown
page readonly
clean
7FF52B8E7000
unkown
page readonly
clean
1AEF9FE000
unkown
page read and write
clean
1235FF74000
unkown
page read and write
clean
7FF52BC3C000
unkown
page readonly
clean
1235AF90000
unkown
page readonly
clean
1235B1E3000
unkown
page read and write
clean
7FF52BC33000
unkown
page readonly
clean
7FF52B56F000
unkown
page readonly
clean
123600B8000
unkown
page read and write
clean
12360220000
unkown
page write copy
clean
7FF52BCD6000
unkown
page readonly
clean
7FF52BC68000
unkown
page readonly
clean
7FF52B895000
unkown
page readonly
clean
7FF52BC9F000
unkown
page readonly
clean
1235BA20000
unkown
page readonly
clean
7FF52BA8C000
unkown
page readonly
clean
7FF52BCBD000
unkown
page readonly
clean
7FF52BD59000
unkown
page readonly
clean
12360310000
unkown
page readonly
clean
1235A900000
unkown
page readonly
clean
7FF52B4C0000
unkown
page readonly
clean
1235AB02000
unkown
page read and write
clean
12360022000
unkown
page read and write
clean
7FF52BB18000
unkown
page readonly
clean
1235BA50000
unkown
page readonly
clean
123600A7000
unkown
page read and write
clean
12360234000
unkown
page readonly
clean
12360300000
unkown
page readonly
clean
123600B0000
unkown
page read and write
clean
1235B215000
unkown
page read and write
clean
1235AB13000
unkown
page read and write
clean
12360054000
unkown
page read and write
clean
1235AA95000
unkown
page read and write
clean
1235FF71000
unkown
page read and write
clean
1AEFF7F000
unkown
page read and write
clean
7FF52B98A000
unkown
page readonly
clean
1236004A000
unkown
page read and write
clean
1235AA58000
unkown
page read and write
clean
1AEFCFE000
unkown
page read and write
clean
1235A890000
heap private
page read and write
clean
7FF52BA0E000
unkown
page readonly
clean
7FF52BB0C000
unkown
page readonly
clean
7FF52BCF7000
unkown
page readonly
clean
1235A9E0000
unkown
page readonly
clean
123603B0000
unkown
page readonly
clean
7FF52BB29000
unkown
page readonly
clean
7FF52BC07000
unkown
page readonly
clean
7FF52B95D000
unkown
page readonly
clean
1235FF50000
unkown
page read and write
clean
1235FF80000
unkown
page read and write
clean
7FF52BC8E000
unkown
page readonly
clean
1235B1F0000
unkown
page read and write
clean
123600B0000
unkown
page read and write
clean
12360248000
unkown
page write copy
clean
12360390000
unkown
page readonly
clean
1235BDC0000
unkown
page read and write
clean
7FF52BBF1000
unkown
page readonly
clean
1235AAA2000
unkown
page read and write
clean
1235FE30000
unkown
page read and write
clean
7FF52BC27000
unkown
page readonly
clean
123602B0000
unkown
page read and write
clean
7FF52BCC1000
unkown
page readonly
clean
7FF52BA07000
unkown
page readonly
clean
123602B0000
unkown
page readonly
clean
123603D0000
unkown
page readonly
clean
1235AA13000
unkown
page read and write
clean
123600B3000
unkown
page read and write
clean
7FF52BBCC000
unkown
page readonly
clean
7FF52BC48000
unkown
page readonly
clean
1235B318000
unkown
page read and write
clean
7FF52BC1B000
unkown
page readonly
clean
1235B300000
unkown
page read and write
clean
1AEFDFA000
unkown
page read and write
clean
1235B860000
unkown
page read and write
clean
1235FF90000
unkown
page read and write
clean
1235AA29000
unkown
page read and write
clean
7FF52B8EE000
unkown
page readonly
clean
12360230000
unkown
page readonly
clean
1235A8F0000
heap default
page read and write
clean
1235BA80000
unkown
page readonly
clean
1235FF94000
unkown
page read and write
clean
7FF52BABE000
unkown
page readonly
clean
12360290000
unkown
page read and write
clean
7FF52B571000
unkown
page readonly
clean
7FF52BCC6000
unkown
page readonly
clean
1235B302000
unkown
page read and write
clean
12360000000
unkown
page read and write
clean
7FF52B966000
unkown
page readonly
clean
7FF52B96C000
unkown
page readonly
clean
1235FF58000
unkown
page read and write
clean
1235FE50000
unkown
page read and write
clean
1235AA00000
unkown
page read and write
clean
1235B401000
unkown
page read and write
clean
123602F0000
unkown
page readonly
clean
1235AA8C000
unkown
page read and write
clean
7FF52BD4E000
unkown
page readonly
clean
1AF01FE000
unkown
page read and write
clean
7FF52BB20000
unkown
page readonly
clean
1AEF977000
unkown
page read and write
clean
7FF52B8D0000
unkown
page readonly
clean
7FF52BC95000
unkown
page readonly
clean
7FF52BC62000
unkown
page readonly
clean
7FF52BCA9000
unkown
page readonly
clean
1AEFAFB000
unkown
page read and write
clean
7FF52BD50000
unkown
page readonly
clean
7FF52BCF4000
unkown
page readonly
clean
12360224000
unkown
page readonly
clean
123602B0000
unkown
page read and write
clean
12360061000
unkown
page read and write
clean
7FF52B9DC000
unkown
page readonly
clean
1AF017F000
unkown
page read and write
clean
1235FF80000
unkown
page read and write
clean
7FF52B4CA000
unkown
page readonly
clean
7FF52BA20000
unkown
page readonly
clean
7FF52B891000
unkown
page readonly
clean
1235FE00000
unkown
page readonly
clean
1235B200000
unkown
page read and write
clean
1AF04FF000
unkown
page read and write
clean
1AF03FC000
unkown
page read and write
clean
7FF52BA7B000
unkown
page readonly
clean
7FF52BB11000
unkown
page readonly
clean
7FF52BC7A000
unkown
page readonly
clean
7FF52BCCC000
unkown
page readonly
clean
1235A9D0000
unkown
page readonly
clean
1235BA40000
unkown
page readonly
clean
7FF52BD59000
unkown
page readonly
clean
7FF52BC66000
unkown
page readonly
clean
7FF52BADF000
unkown
page readonly
clean
1235AC00000
unkown
page readonly
clean
7FF52BC11000
unkown
page readonly
clean
7FF52B593000
unkown
page readonly
clean
1235B318000
unkown
page read and write
clean
7FF52BA98000
unkown
page readonly
clean
1235B202000
unkown
page read and write
clean
7FF52BBD7000
unkown
page readonly
clean
12360220000
unkown
page read and write
clean
1235AA73000
unkown
page read and write
clean
1236002F000
unkown
page read and write
clean
1235B1C1000
unkown
page read and write
clean
7FF52B928000
unkown
page readonly
clean
1236003D000
unkown
page read and write
clean
1AF02FF000
unkown
page read and write
clean
7FF52BC52000
unkown
page readonly
clean
1235BA30000
unkown
page readonly
clean
12360280000
unkown
page read and write
clean
1AEFBFA000
unkown
page read and write
clean
1235FE40000
unkown
page read and write
clean
7FF52BCF0000
unkown
page readonly
clean
7FF52BCDC000
unkown
page readonly
clean
7FF52BBC5000
unkown
page readonly
clean
1AEFEFB000
unkown
page read and write
clean
1235BA70000
unkown
page readonly
clean
123600A0000
unkown
page read and write
clean
1AF007E000
unkown
page read and write
clean
12360270000
unkown
page read and write
clean
7FF52BA15000
unkown
page readonly
clean
1235AA7C000
unkown
page read and write
clean
1AEF87E000
unkown
page read and write
clean
1AEF5CE000
unkown
page read and write
clean
1235AA90000
unkown
page read and write
clean
1235A9F0000
unkown
page read and write
clean
12360014000
unkown
page read and write
clean
1235AA41000
unkown
page read and write
clean
1235FDC0000
unkown
page read and write
clean
123600B5000
unkown
page read and write
clean
1235AAFE000
unkown
page read and write
clean
1AEF54B000
unkown
page read and write
clean
7FF52BC37000
unkown
page readonly
clean
1235AA78000
unkown
page read and write
clean
7FF52B96F000
unkown
page readonly
clean
1235AAB0000
unkown
page read and write
clean
1235B359000
unkown
page read and write
clean
7FF52BC50000
unkown
page readonly
clean
1235FF50000
unkown
page read and write
clean
1235B160000
unkown
page read and write
clean
1235B313000
unkown
page read and write
clean
7FF52BCE5000
unkown
page readonly
clean
123603A0000
unkown
page read and write
clean
1235B1E0000
unkown
page read and write
clean
There are 180 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://boawd.com/cgi-inc/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=875dea8150642da2c39cd31a7e0474fda47bea7f8b87125553305f0662243590ed7af3d6
malicious
https://217181.8b.io/
clean