Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
initial sample
|
||||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\s[1].htm
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DDT7UALL\217181.8b[1].xml
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F464A1C8-5607-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F464A1CA-5607-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F464A1CB-5607-11EB-90E4-ECF4BB862DED}.dat
|
Microsoft Word Document
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\amp-auto-lightbox-0.1[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\background5-h_kjv9je6u[1].jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1446x1414, frames
3
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\amp-intersection-observer-polyfill-0.1[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo[1].png
|
PNG image data, 150 x 150, 8-bit colormap, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pdf[1].png
|
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\amp-analytics-0.1[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\new[1].htm
|
HTML document, ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\v0[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AEU170SU.htm
|
HTML document, UTF-8 Unicode text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amp-loader-0.1[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\amp-mustache-0.2[1].js
|
ASCII text, with very long lines
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[1].css
|
ASCII text
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\css[2].css
|
ASCII text, with very long lines, with CRLF line terminators
|
downloaded
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\logo[1].png
|
PNG image data, 226 x 48, 8-bit/color RGBA, non-interlaced
|
downloaded
|
||
C:\Users\user\AppData\Local\Temp\datE097.tmp
|
Web Open Font Format, TrueType, length 2532, version 2.24904
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DF7A56E4C66E2E6546.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFB84486B6B75C1FAC.TMP
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~DFE8C735A3CF508A06.TMP
|
data
|
dropped
|
There are 16 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6052 CREDAT:17410 /prefetch:2
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://217181.8b.io/
|
|||
https://boawd.com/cgi-inc/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=875dea8150642da2c39cd31a7e0474fda47bea7f8b87125553305f0662243590ed7af3d6
|
|||
https://app.8b.io/app/themes/webamp/projects/agency/assets/images/logo.pngn
|
unknown
|
||
https://217181.8b.io/L
|
unknown
|
||
https://3p.ampproject.net
|
unknown
|
||
https://log.amp.dev/?v=012012301722000&id=
|
unknown
|
||
https://cdn.ampproject.org/v0/amp-analytics-0.1.js
|
unknown
|
||
https://github.com/ampproject/amphtml/blob/master/spec/amp-iframe-origin-policy.md
|
unknown
|
||
https://boawd.com/cgi-L
|
unknown
|
||
https://cdn.ampproject.org/v0.js
|
unknown
|
||
https://cdn.ampproject.org
|
unknown
|
||
https://r.8b.io/217181/images/background5-h_kjv9je6u.jpg
|
unknown
|
||
https://mths.be/cssescape
|
unknown
|
||
https://boawd.com/cgi-inc/new/
|
unknown
|
||
https://us-central1-amp-error-reporting.cloudfunctions.net/r
|
unknown
|
||
https://boawd.com/cgi-
|
unknown
|
||
https://boawd.com/cgi-inc/new
|
unknown
|
||
https://8b.com
|
unknown
|
||
https://app.8b.io/app/themes/webamp/projects/agency/assets/images/logo.png
|
unknown
|
||
https://amp.dev/documentation/guides-and-tutorials/develop/style_and_layout/control_layout
|
unknown
|
||
https://217181.8b.io/
|
unknown
|
||
https://boawd.com/cgi-inc/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=875dea8150642da2c39cd3
|
unknown
|
||
http://github.com/janl/mustache.js
|
unknown
|
||
https://217181.8b.io/Root
|
unknown
|
||
https://cdn.ampproject.org/v0/amp-mustache-0.2.js
|
unknown
|
||
https://us-central1-amp-error-reporting.cloudfunctions.net/r-beta
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
app.8b.io
|
104.24.105.39
|
||
r.8b.io
|
104.24.104.39
|
||
proxy-8b-io-1762796164.us-east-1.elb.amazonaws.com
|
52.201.120.251
|
||
cdn-content.ampproject.org
|
108.177.119.132
|
||
boawd.com
|
5.188.108.191
|
||
217181.8b.io
|
unknown
|
||
cdn.ampproject.org
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
---|---|---|---|---|---|
108.177.119.132
|
unknown
|
United States
|
unknown
|
||
5.188.108.191
|
unknown
|
Luxembourg
|
unknown
|
||
52.201.120.251
|
unknown
|
United States
|
unknown
|
||
104.24.105.39
|
unknown
|
United States
|
unknown
|
||
104.24.104.39
|
unknown
|
United States
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
C:\Program Files\internet explorer\iexplore.exe
|
{F464A1C8-5607-11EB-90E4-ECF4BB862DED}
|
||
C:\Program Files\internet explorer\iexplore.exe
|
AdminActive
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Blocked
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Count
|
||
C:\Program Files\internet explorer\iexplore.exe
|
Time
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LoadTimeArray
|
||
C:\Program Files\internet explorer\iexplore.exe
|
DecayDateQueue
|
||
C:\Program Files\internet explorer\iexplore.exe
|
LastProcessed
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
NumberOfSubdomains
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-912
|
||
C:\Program Files (x86)\Internet Explorer\iexplore.exe
|
@C:\Windows\System32\ieframe.dll,-904
|
There are 15 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1235B359000
|
unkown
|
page read and write
|
||
1235FF5E000
|
unkown
|
page read and write
|
||
1AEFFFE000
|
unkown
|
page read and write
|
||
1236024C000
|
unkown
|
page readonly
|
||
123602B0000
|
unkown
|
page read and write
|
||
1235FF70000
|
unkown
|
page read and write
|
||
1235BA60000
|
unkown
|
page readonly
|
||
1235B940000
|
unkown
|
page read and write
|
||
1AF00FF000
|
unkown
|
page read and write
|
||
12360260000
|
unkown
|
page read and write
|
||
7FF52BAFE000
|
unkown
|
page readonly
|
||
7FF52B8E7000
|
unkown
|
page readonly
|
||
1AEF9FE000
|
unkown
|
page read and write
|
||
1235FF74000
|
unkown
|
page read and write
|
||
7FF52BC3C000
|
unkown
|
page readonly
|
||
1235AF90000
|
unkown
|
page readonly
|
||
1235B1E3000
|
unkown
|
page read and write
|
||
7FF52BC33000
|
unkown
|
page readonly
|
||
7FF52B56F000
|
unkown
|
page readonly
|
||
123600B8000
|
unkown
|
page read and write
|
||
12360220000
|
unkown
|
page write copy
|
||
7FF52BCD6000
|
unkown
|
page readonly
|
||
7FF52BC68000
|
unkown
|
page readonly
|
||
7FF52B895000
|
unkown
|
page readonly
|
||
7FF52BC9F000
|
unkown
|
page readonly
|
||
1235BA20000
|
unkown
|
page readonly
|
||
7FF52BA8C000
|
unkown
|
page readonly
|
||
7FF52BCBD000
|
unkown
|
page readonly
|
||
7FF52BD59000
|
unkown
|
page readonly
|
||
12360310000
|
unkown
|
page readonly
|
||
1235A900000
|
unkown
|
page readonly
|
||
7FF52B4C0000
|
unkown
|
page readonly
|
||
1235AB02000
|
unkown
|
page read and write
|
||
12360022000
|
unkown
|
page read and write
|
||
7FF52BB18000
|
unkown
|
page readonly
|
||
1235BA50000
|
unkown
|
page readonly
|
||
123600A7000
|
unkown
|
page read and write
|
||
12360234000
|
unkown
|
page readonly
|
||
12360300000
|
unkown
|
page readonly
|
||
123600B0000
|
unkown
|
page read and write
|
||
1235B215000
|
unkown
|
page read and write
|
||
1235AB13000
|
unkown
|
page read and write
|
||
12360054000
|
unkown
|
page read and write
|
||
1235AA95000
|
unkown
|
page read and write
|
||
1235FF71000
|
unkown
|
page read and write
|
||
1AEFF7F000
|
unkown
|
page read and write
|
||
7FF52B98A000
|
unkown
|
page readonly
|
||
1236004A000
|
unkown
|
page read and write
|
||
1235AA58000
|
unkown
|
page read and write
|
||
1AEFCFE000
|
unkown
|
page read and write
|
||
1235A890000
|
heap private
|
page read and write
|
||
7FF52BA0E000
|
unkown
|
page readonly
|
||
7FF52BB0C000
|
unkown
|
page readonly
|
||
7FF52BCF7000
|
unkown
|
page readonly
|
||
1235A9E0000
|
unkown
|
page readonly
|
||
123603B0000
|
unkown
|
page readonly
|
||
7FF52BB29000
|
unkown
|
page readonly
|
||
7FF52BC07000
|
unkown
|
page readonly
|
||
7FF52B95D000
|
unkown
|
page readonly
|
||
1235FF50000
|
unkown
|
page read and write
|
||
1235FF80000
|
unkown
|
page read and write
|
||
7FF52BC8E000
|
unkown
|
page readonly
|
||
1235B1F0000
|
unkown
|
page read and write
|
||
123600B0000
|
unkown
|
page read and write
|
||
12360248000
|
unkown
|
page write copy
|
||
12360390000
|
unkown
|
page readonly
|
||
1235BDC0000
|
unkown
|
page read and write
|
||
7FF52BBF1000
|
unkown
|
page readonly
|
||
1235AAA2000
|
unkown
|
page read and write
|
||
1235FE30000
|
unkown
|
page read and write
|
||
7FF52BC27000
|
unkown
|
page readonly
|
||
123602B0000
|
unkown
|
page read and write
|
||
7FF52BCC1000
|
unkown
|
page readonly
|
||
7FF52BA07000
|
unkown
|
page readonly
|
||
123602B0000
|
unkown
|
page readonly
|
||
123603D0000
|
unkown
|
page readonly
|
||
1235AA13000
|
unkown
|
page read and write
|
||
123600B3000
|
unkown
|
page read and write
|
||
7FF52BBCC000
|
unkown
|
page readonly
|
||
7FF52BC48000
|
unkown
|
page readonly
|
||
1235B318000
|
unkown
|
page read and write
|
||
7FF52BC1B000
|
unkown
|
page readonly
|
||
1235B300000
|
unkown
|
page read and write
|
||
1AEFDFA000
|
unkown
|
page read and write
|
||
1235B860000
|
unkown
|
page read and write
|
||
1235FF90000
|
unkown
|
page read and write
|
||
1235AA29000
|
unkown
|
page read and write
|
||
7FF52B8EE000
|
unkown
|
page readonly
|
||
12360230000
|
unkown
|
page readonly
|
||
1235A8F0000
|
heap default
|
page read and write
|
||
1235BA80000
|
unkown
|
page readonly
|
||
1235FF94000
|
unkown
|
page read and write
|
||
7FF52BABE000
|
unkown
|
page readonly
|
||
12360290000
|
unkown
|
page read and write
|
||
7FF52B571000
|
unkown
|
page readonly
|
||
7FF52BCC6000
|
unkown
|
page readonly
|
||
1235B302000
|
unkown
|
page read and write
|
||
12360000000
|
unkown
|
page read and write
|
||
7FF52B966000
|
unkown
|
page readonly
|
||
7FF52B96C000
|
unkown
|
page readonly
|
||
1235FF58000
|
unkown
|
page read and write
|
||
1235FE50000
|
unkown
|
page read and write
|
||
1235AA00000
|
unkown
|
page read and write
|
||
1235B401000
|
unkown
|
page read and write
|
||
123602F0000
|
unkown
|
page readonly
|
||
1235AA8C000
|
unkown
|
page read and write
|
||
7FF52BD4E000
|
unkown
|
page readonly
|
||
1AF01FE000
|
unkown
|
page read and write
|
||
7FF52BB20000
|
unkown
|
page readonly
|
||
1AEF977000
|
unkown
|
page read and write
|
||
7FF52B8D0000
|
unkown
|
page readonly
|
||
7FF52BC95000
|
unkown
|
page readonly
|
||
7FF52BC62000
|
unkown
|
page readonly
|
||
7FF52BCA9000
|
unkown
|
page readonly
|
||
1AEFAFB000
|
unkown
|
page read and write
|
||
7FF52BD50000
|
unkown
|
page readonly
|
||
7FF52BCF4000
|
unkown
|
page readonly
|
||
12360224000
|
unkown
|
page readonly
|
||
123602B0000
|
unkown
|
page read and write
|
||
12360061000
|
unkown
|
page read and write
|
||
7FF52B9DC000
|
unkown
|
page readonly
|
||
1AF017F000
|
unkown
|
page read and write
|
||
1235FF80000
|
unkown
|
page read and write
|
||
7FF52B4CA000
|
unkown
|
page readonly
|
||
7FF52BA20000
|
unkown
|
page readonly
|
||
7FF52B891000
|
unkown
|
page readonly
|
||
1235FE00000
|
unkown
|
page readonly
|
||
1235B200000
|
unkown
|
page read and write
|
||
1AF04FF000
|
unkown
|
page read and write
|
||
1AF03FC000
|
unkown
|
page read and write
|
||
7FF52BA7B000
|
unkown
|
page readonly
|
||
7FF52BB11000
|
unkown
|
page readonly
|
||
7FF52BC7A000
|
unkown
|
page readonly
|
||
7FF52BCCC000
|
unkown
|
page readonly
|
||
1235A9D0000
|
unkown
|
page readonly
|
||
1235BA40000
|
unkown
|
page readonly
|
||
7FF52BD59000
|
unkown
|
page readonly
|
||
7FF52BC66000
|
unkown
|
page readonly
|
||
7FF52BADF000
|
unkown
|
page readonly
|
||
1235AC00000
|
unkown
|
page readonly
|
||
7FF52BC11000
|
unkown
|
page readonly
|
||
7FF52B593000
|
unkown
|
page readonly
|
||
1235B318000
|
unkown
|
page read and write
|
||
7FF52BA98000
|
unkown
|
page readonly
|
||
1235B202000
|
unkown
|
page read and write
|
||
7FF52BBD7000
|
unkown
|
page readonly
|
||
12360220000
|
unkown
|
page read and write
|
||
1235AA73000
|
unkown
|
page read and write
|
||
1236002F000
|
unkown
|
page read and write
|
||
1235B1C1000
|
unkown
|
page read and write
|
||
7FF52B928000
|
unkown
|
page readonly
|
||
1236003D000
|
unkown
|
page read and write
|
||
1AF02FF000
|
unkown
|
page read and write
|
||
7FF52BC52000
|
unkown
|
page readonly
|
||
1235BA30000
|
unkown
|
page readonly
|
||
12360280000
|
unkown
|
page read and write
|
||
1AEFBFA000
|
unkown
|
page read and write
|
||
1235FE40000
|
unkown
|
page read and write
|
||
7FF52BCF0000
|
unkown
|
page readonly
|
||
7FF52BCDC000
|
unkown
|
page readonly
|
||
7FF52BBC5000
|
unkown
|
page readonly
|
||
1AEFEFB000
|
unkown
|
page read and write
|
||
1235BA70000
|
unkown
|
page readonly
|
||
123600A0000
|
unkown
|
page read and write
|
||
1AF007E000
|
unkown
|
page read and write
|
||
12360270000
|
unkown
|
page read and write
|
||
7FF52BA15000
|
unkown
|
page readonly
|
||
1235AA7C000
|
unkown
|
page read and write
|
||
1AEF87E000
|
unkown
|
page read and write
|
||
1AEF5CE000
|
unkown
|
page read and write
|
||
1235AA90000
|
unkown
|
page read and write
|
||
1235A9F0000
|
unkown
|
page read and write
|
||
12360014000
|
unkown
|
page read and write
|
||
1235AA41000
|
unkown
|
page read and write
|
||
1235FDC0000
|
unkown
|
page read and write
|
||
123600B5000
|
unkown
|
page read and write
|
||
1235AAFE000
|
unkown
|
page read and write
|
||
1AEF54B000
|
unkown
|
page read and write
|
||
7FF52BC37000
|
unkown
|
page readonly
|
||
1235AA78000
|
unkown
|
page read and write
|
||
7FF52B96F000
|
unkown
|
page readonly
|
||
1235AAB0000
|
unkown
|
page read and write
|
||
1235B359000
|
unkown
|
page read and write
|
||
7FF52BC50000
|
unkown
|
page readonly
|
||
1235FF50000
|
unkown
|
page read and write
|
||
1235B160000
|
unkown
|
page read and write
|
||
1235B313000
|
unkown
|
page read and write
|
||
7FF52BCE5000
|
unkown
|
page readonly
|
||
123603A0000
|
unkown
|
page read and write
|
||
1235B1E0000
|
unkown
|
page read and write
|
There are 180 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://boawd.com/cgi-inc/new/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=875dea8150642da2c39cd31a7e0474fda47bea7f8b87125553305f0662243590ed7af3d6
|
||
https://217181.8b.io/
|