IOCReport

loading gif

Files

File Path
Type
Category
Malicious
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\4659853439303724383934337fl[1].htm
HTML document, ASCII text, with very long lines
downloaded
 malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\unbouncepages[1].xml
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{425D55CE-5622-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{425D55D0-5622-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{425D55D1-5622-11EB-90E5-ECF4BB2D2496}.dat
Microsoft Word Document
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\background_gradient[1]
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\i[1].gif
GIF image data, version 89a, 1 x 1
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ub[1].js
ASCII text
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\main-7b78720.z[1].css
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\main.bundle-5c6e41c.z[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\http_410[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\info_48[1]
PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\sp-2.14.0[1].js
ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\ErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\bullet[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\e8fc0c77-micro_107z040000000000000028[1].png
PNG image data, 318 x 159, 8-bit colormap, non-interlaced
downloaded
 clean
C:\Users\user\AppData\Local\Temp\~DF5B31512BA0419CB8.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFA03ECB28CFFA1FC9.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFC0544526A9214E06.TMP
data
dropped
 clean
There are 13 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\internet explorer\iexplore.exe
'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5612 CREDAT:17410 /prefetch:2
 clean

URLs

Name
IP
Malicious
http://builder-assets.unbounce.com/published-js/main.bundle-5c6e41c.z.js
13.224.194.26
 clean
http://unbouncepages.com/465985343930372438393433Root
unknown
 clean
https://github.com/snowplow/snowplow/wiki/javascript-tracker-setup
unknown
 clean
https://vimeo.com/api/oembed.json?url=
unknown
 clean
http://unbouncepages.c
unknown
 clean
http://unbouncepages.com/4659853439303724383934337fl/Root
unknown
 clean
https://github.com/snowplow/snowplow/wiki/javascript-tracker
unknown
 clean
http://d9hhrg4mnvzow.cloudfront.net/unbouncepages.com/4659853439303724383934337fl/e8fc0c77-micro_107z040000000000000028.png
13.225.84.146
 clean
http://unbouncepages.com/465985343930372438393433om/4659853439303724383934337fl/c7fl/jhttp://unbounc
unknown
 clean
http://unbouncepages.com/4659853439303724383934337fl/clkn/https/artsana.limpcome.ml/email@thisisforu.com
54.93.101.66
 clean
http://unbouncepages.com/4659853439303724383934337fl/clkn/https/artsana.limpcome.ml/email
unknown
 clean
http://events.ub-analytics.com/i?stm=1610599073847&e=pv&url=http%3A%2F%2Funbouncepages.com%2F4659853439303724383934337fl%2F&tv=js-2.14.0&tna=sp-ub&aid=landing_page&p=web&tz=America%2FLos_Angeles&lang=en-US&cs=utf-8&f_pdf=0&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=1&f_java=1&f_gears=0&f_ag=0&res=1280x1024&cd=24&cookie=1&eid=2a64a8a9-e27f-48c4-a48a-7a2ffc5351b0&dtm=1610599073842&vp=784x554&ds=890x622&vid=1&sid=28f3e9e7-e98b-42c9-b3d2-0538bae3dee1&duid=2b34fd73-4516-40da-a1ed-d8d4fe0d734c&uid=84.17.52.741614371565357000&cx=eyJzY2hlbWEiOiJpZ2x1OmNvbS5zbm93cGxvd2FuYWx5dGljcy5zbm93cGxvdy9jb250ZXh0cy9qc29uc2NoZW1hLzEtMC0wIiwiZGF0YSI6W3sic2NoZW1hIjoianNfdHJhY2tlcl9jb250ZXh0X3YxLjEuanNvbiIsImRhdGEiOnsicGFnZUlkIjoiZWNiZDlkZGItNjBjNC00MmRhLThjMWItN2Q5NTVhMWM4Mjk1IiwidmFyaWFudElkIjoiYSIsImV2ZW50VHlwZSI6InZpc2l0IiwiZXZlbnRNZXRhZGF0YSI6W10sInJvdXRpbmdTdHJhdGVneSI6IndlaWdodGVkIn19XX0
3.212.31.157
 clean
https://d34qb8suadcc4g.cloudfront.net/sp-2.14.0.js
unknown
 clean
http://unbouncepages.com/4659853439303724383934337fl/clkn/https/artsana.limpcome.ml/email@thisisforu.com
clean
http://unbouncepages.com/4659853439303724383934337fl/
54.93.101.66
 clean
https://d34qb8suadcc4g.cloudfront.net/ub.js?1605293159
unknown
 clean
http://unbouncepages.com/4659853439303724383934337fl/jhttp://unbouncepages.com/465985343930372438393
unknown
 clean
http://unbouncepages.com/4659853439303724383934337fl/
clean
http://unbouncepages.com/favicon.ico
54.93.101.66
 clean
http://unbouncepages.com/465985343930372438393433om/4659853439303724383934337fl/Root
unknown
 clean
http://builder-assets.unbounce.com/published-css/main-7b78720.z.css
13.224.194.26
 clean
http://unbouncepages.com/4659853439303724383934337fl/favicon.ico
54.93.101.66
 clean
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
d34qb8suadcc4g.cloudfront.net
13.225.80.63
 clean
unbouncepages.com
54.93.101.66
 clean
events.ub-analytics.com
3.212.31.157
 clean
d9hhrg4mnvzow.cloudfront.net
13.225.84.146
 clean
d2io4fc03gd4tk.cloudfront.net
13.224.194.26
 clean
builder-assets.unbounce.com
unknown
 clean

IPs

IP
Domain
Country
Active
Malicious
13.225.80.63
unknown
United States
unknown
 clean
13.225.84.146
unknown
United States
unknown
 clean
13.224.194.26
unknown
United States
unknown
 clean
54.93.101.66
unknown
United States
unknown
 clean
3.212.31.157
unknown
United States
unknown
 clean

Registry

Path
Value
Malicious
C:\Program Files\internet explorer\iexplore.exe
{425D55CE-5622-11EB-90E5-ECF4BB2D2496}
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
Blocked
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
Count
 clean
C:\Program Files\internet explorer\iexplore.exe
Time
 clean
C:\Program Files\internet explorer\iexplore.exe
LoadTimeArray
 clean
C:\Program Files\internet explorer\iexplore.exe
DecayDateQueue
 clean
C:\Program Files\internet explorer\iexplore.exe
LastProcessed
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NumberOfSubdomains
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Total
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
@C:\Windows\System32\ieframe.dll,-912
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
@C:\Windows\System32\ieframe.dll,-903
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Total
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Total
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Total
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
NULL
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
Total
 clean
There are 29 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2017B4EC000
unkown
page read and write
 clean
2017B2E0000
unkown
page write copy
 clean
7FF5D996E000
unkown
page readonly
 clean
7FF5879D1000
unkown
page readonly
 clean
34AE27E000
unkown
page read and write
 clean
7FF5D9B19000
unkown
page readonly
 clean
27B33140000
unkown
page read and write
 clean
2017B519000
unkown
page read and write
 clean
7FF5D9C26000
unkown
page readonly
 clean
2017B4A7000
unkown
page read and write
 clean
2017B200000
heap default
page read and write
 clean
9C9DA7E000
unkown
page read and write
 clean
7FF5D96AE000
unkown
page readonly
 clean
7FF5D9C37000
unkown
page readonly
 clean
9C9D6FD000
unkown
page read and write
 clean
7FF5D9994000
unkown
page readonly
 clean
2017D202000
unkown
page read and write
 clean
2017B4CD000
unkown
page read and write
 clean
7FF5875CF000
unkown
page readonly
 clean
7FF5D9929000
unkown
page readonly
 clean
9C9D38E000
unkown
page read and write
 clean
2017B330000
unkown
page readonly
 clean
7FF5D9A40000
unkown
page readonly
 clean
7FF587979000
unkown
page readonly
 clean
7FF5D9B62000
unkown
page readonly
 clean
27B32C00000
unkown
page readonly
 clean
7FF587966000
unkown
page readonly
 clean
27B33130000
unkown
page readonly
 clean
34ADC7B000
unkown
page read and write
 clean
2017B4E0000
unkown
page read and write
 clean
7FF5879DD000
unkown
page readonly
 clean
34AE07B000
unkown
page read and write
 clean
7FF5879E7000
unkown
page readonly
 clean
2017B413000
unkown
page read and write
 clean
27B32A2A000
unkown
page read and write
 clean
7FF58796D000
unkown
page readonly
 clean
7FF5877E7000
unkown
page readonly
 clean
2017B3F0000
unkown
page read and write
 clean
7FF587A27000
unkown
page readonly
 clean
27B32A3C000
unkown
page read and write
 clean
7FF587696000
unkown
page readonly
 clean
2017B502000
unkown
page read and write
 clean
7FF5877BA000
unkown
page readonly
 clean
7FF5D9B7D000
unkown
page readonly
 clean
27B32A00000
unkown
page read and write
 clean
7FF5D99AF000
unkown
page readonly
 clean
7FF5D9716000
unkown
page readonly
 clean
27B32CD0000
unkown
page readonly
 clean
2017B469000
unkown
page read and write
 clean
27B32B02000
unkown
page read and write
 clean
2017B481000
unkown
page read and write
 clean
27B32A70000
unkown
page read and write
 clean
2017B370000
unkown
page read and write
 clean
7FF5D9806000
unkown
page readonly
 clean
2017D302000
unkown
page read and write
 clean
2017B3F0000
unkown
page read and write
 clean
7FF5D9C32000
unkown
page readonly
 clean
2017B4D2000
unkown
page read and write
 clean
2017B47F000
unkown
page read and write
 clean
7FF5D980A000
unkown
page readonly
 clean
7FF5D9BED000
unkown
page readonly
 clean
7FF5D9AE7000
unkown
page readonly
 clean
2017B4F3000
unkown
page read and write
 clean
34ADCFF000
unkown
page read and write
 clean
27B329E0000
heap default
page read and write
 clean
2017D323000
unkown
page read and write
 clean
7FF58793D000
unkown
page readonly
 clean
7FF5D9905000
unkown
page readonly
 clean
7FF587816000
unkown
page readonly
 clean
9C9D7FB000
unkown
page read and write
 clean
9C9DB7F000
unkown
page read and write
 clean
7FF5D9B07000
unkown
page readonly
 clean
27B32B13000
unkown
page read and write
 clean
2017B46C000
unkown
page read and write
 clean
2017E010000
unkown
page read and write
 clean
9C9D30F000
unkown
page read and write
 clean
7FF5D9B3F000
unkown
page readonly
 clean
7FF5879EB000
unkown
page readonly
 clean
2017B4C3000
unkown
page read and write
 clean
34ADEFF000
unkown
page read and write
 clean
7FF587952000
unkown
page readonly
 clean
7FF5D9BF4000
unkown
page readonly
 clean
2017D313000
unkown
page read and write
 clean
7FF5D995B000
unkown
page readonly
 clean
27B32A22000
unkown
page read and write
 clean
2017B46D000
unkown
page read and write
 clean
7FF5D997B000
unkown
page readonly
 clean
7FF5D97F8000
unkown
page readonly
 clean
7FF5D99CA000
unkown
page readonly
 clean
2017B400000
unkown
page read and write
 clean
34ADDFE000
unkown
page read and write
 clean
7FF5D9B5A000
unkown
page readonly
 clean
7FF5D9B14000
unkown
page readonly
 clean
7FF5D9A26000
unkown
page readonly
 clean
7FF587933000
unkown
page readonly
 clean
2017B454000
unkown
page read and write
 clean
2017B390000
heap private
page read and write
 clean
7FF58792F000
unkown
page readonly
 clean
7FF5D9B89000
unkown
page readonly
 clean
2017B380000
unkown
page readonly
 clean
7FF5D9AE1000
unkown
page readonly
 clean
27B32A8A000
unkown
page read and write
 clean
7FF5D9922000
unkown
page readonly
 clean
2017B429000
unkown
page read and write
 clean
2017B440000
unkown
page read and write
 clean
7FF587921000
unkown
page readonly
 clean
2017D310000
unkown
page read and write
 clean
7FF5D9A48000
unkown
page readonly
 clean
9C9D28C000
unkown
page read and write
 clean
9C9D977000
unkown
page read and write
 clean
7FF5D9427000
unkown
page readonly
 clean
2017B4BC000
unkown
page read and write
 clean
34ADF7B000
unkown
page read and write
 clean
7FF5D9B4D000
unkown
page readonly
 clean
27B33060000
unkown
page readonly
 clean
7FF58791F000
unkown
page readonly
 clean
27B33202000
unkown
page read and write
 clean
7FF5879FA000
unkown
page readonly
 clean
2017B467000
unkown
page read and write
 clean
7FF5879D4000
unkown
page readonly
 clean
7FF5D9B2F000
unkown
page readonly
 clean
7FF5D9A71000
unkown
page readonly
 clean
7FF5D9B43000
unkown
page readonly
 clean
2017D300000
unkown
page read and write
 clean
7FF587A13000
unkown
page readonly
 clean
7FF5D990F000
unkown
page readonly
 clean
7FF5D9B8E000
unkown
page readonly
 clean
7FF5D9A78000
unkown
page readonly
 clean
2017D410000
unkown
page readonly
 clean
27B33400000
unkown
page readonly
 clean
7FF587977000
unkown
page readonly
 clean
34ADD79000
unkown
page read and write
 clean
7FF5879E4000
unkown
page readonly
 clean
7FF5D9B31000
unkown
page readonly
 clean
27B32980000
heap private
page read and write
 clean
9C9D87E000
unkown
page read and write
 clean
7FF58794A000
unkown
page readonly
 clean
34AE0FB000
unkown
page read and write
 clean
2017B4B7000
unkown
page read and write
 clean
7FF5D9C23000
unkown
page readonly
 clean
7FF5874D1000
unkown
page readonly
 clean
7FF5D9B10000
unkown
page readonly
 clean
2017B513000
unkown
page read and write
 clean
7FF587691000
unkown
page readonly
 clean
7FF5D9AE5000
unkown
page readonly
 clean
7FF5D9BE7000
unkown
page readonly
 clean
7FF5D9B56000
unkown
page readonly
 clean
27B32A13000
unkown
page read and write
 clean
2017B3F0000
unkown
page read and write
 clean
7FF587A27000
unkown
page readonly
 clean
7FF5D9BE4000
unkown
page readonly
 clean
27B32A8E000
unkown
page read and write
 clean
7FF5D9BF7000
unkown
page readonly
 clean
2017B3F0000
unkown
page read and write
 clean
7FF5879D7000
unkown
page readonly
 clean
7FF5874D7000
unkown
page readonly
 clean
2017B3E0000
unkown
page readonly
 clean
2017CDA0000
unkown
page read and write
 clean
7FF5D9B87000
unkown
page readonly
 clean
7FF587946000
unkown
page readonly
 clean
34ADE7A000
unkown
page read and write
 clean
7FF5878A5000
unkown
page readonly
 clean
7FF587A16000
unkown
page readonly
 clean
34AE17B000
unkown
page read and write
 clean
7FF587868000
unkown
page readonly
 clean
7FF5D9C37000
unkown
page readonly
 clean
7FF5D9B24000
unkown
page readonly
 clean
7FF587A22000
unkown
page readonly
 clean
7FF5D9C0A000
unkown
page readonly
 clean
7FF587830000
unkown
page readonly
 clean
2017B1A0000
heap private
page read and write
 clean
2017D1E0000
unkown
page readonly
 clean
7FF5D9B76000
unkown
page readonly
 clean
34AE1FD000
unkown
page read and write
 clean
2017B600000
unkown
page readonly
 clean
7FF5D9AD7000
unkown
page readonly
 clean
2017D354000
unkown
page read and write
 clean
7FF5D9970000
unkown
page readonly
 clean
2017B467000
unkown
page read and write
 clean
34ADFFB000
unkown
page read and write
 clean
7FF5D995F000
unkown
page readonly
 clean
2017D400000
unkown
page readonly
 clean
2017B210000
unkown
page readonly
 clean
27B329F0000
unkown
page readonly
 clean
2017CEA0000
unkown
page readonly
 clean
There are 175 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
http://unbouncepages.com/4659853439303724383934337fl/
 malicious
http://unbouncepages.com/4659853439303724383934337fl/clkn/https/artsana.limpcome.ml/email@thisisforu.com
 clean