attenzione.dll

Status: finished

Submission Time: 2020-09-23 10:44:35 +02:00

Malicious

E-Banking Trojan

Trojan

Ursnif

Comments

Details

Analysis ID:
289000
API (Web) ID:
473113
Analysis Started:

2020-09-23 10:44:36 +02:00
Analysis Finished:

2020-09-23 10:52:00 +02:00
MD5:
19a6785fe245b33b5b87091cc1d3a3fb
SHA1:
574301573c262e1f1008fad6611ad1ab0506a2c7
SHA256:
b958fb921a0e3bcc14962b3771f610e972526713f70bd36437b3f299fd252e52
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
104.20.185.68	United States
23.210.250.97	United States
13.226.169.127	United States
Click to see the 3 hidden entries
31.41.44.5	Russian Federation
87.248.118.23	United Kingdom
151.101.1.44	United States

Domains

Name	IP	Detection
contextual.media.net	23.210.250.97
tls13.taboola.map.fastly.net	151.101.1.44
hblg.media.net	23.210.250.97
Click to see the 12 hidden entries
lg3.media.net	23.210.250.97
d3pypcxb49gfy9.cloudfront.net	13.226.169.127
geolocation.onetrust.com	104.20.185.68
edge.gycpi.b.yahoodns.net	87.248.118.23
web.citylimitshog.com	31.41.44.5
s.yimg.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
www.msn.com	0.0.0.0
dvision.media.net	0.0.0.0
srtb.msn.com	0.0.0.0
img.img-taboola.com	0.0.0.0
po3p53334.yahoo.com	0.0.0.0

URLs

Name	Detection
http://www.amazon.com/
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=ZxyPlKoGIS8Nl2hULHTK5UIKcp2z8XGQ5dQfLpNkSvlVV8nd
https://cdn.cookielaw.org/vendorlist/iabData.json
Click to see the 97 hidden entries
http://web.citylimitshog.com
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://outlook.com/
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-polizei-verhaftet-f%c3%bcnf-mitglieder-einer-motor
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-finanzen-der-stadtrat-ist-zu-sorglos-unterwegs/ar-
https://policies.oath.com/us/en/oath/privacy/index.html
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://www.twitter.com/
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=6E7_UlIGIS9gHtA1IQgooogis_7Huh6AZlVXx3SNyQwo
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
http://po3p53334.yahoo.com/images/lnMhs2dl_2FgzDjoGV79pm8/_2FtFOfPTC/59HOILXZ0ysKlUJCR/dZ5xx2RfrBn7/
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://www.ricardo.ch/?utm_source=msn&utm_medium=display&utm_campaign=buyeractivation_de&am
https://www.msn.com/de-ch/news/other/die-schweiz-will-zwanzig-minderj%c3%a4hrige-aus-moria-aufnehmen
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://www.msn.com/de-ch/news/other/64-j%c3%a4hriger-kollidiert-auf-gegenfahrbahn-mit-zwei-autos/ar
https://onedrive.live.com/about/en/download/
http://www.wikipedia.com/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
https://support.skype.com
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://onedrive.live.com/#qt=mru
http://www.msn.com/de-ch/?ocid=iehp
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
https://outlook.live.com/calendar
http://web.citylimitshog.com/images/_2FzwChxtf_2B/hzjPc_2B/WGfb_2BtKr5w_2FrWuz7o6S/_2FCkH0aPr/0PX4BDbhS4Zq4T5VL/iexmOXiH6SWN/zZ6AazN7CWG/oc6PcCuI7DbN9V/FU7JI_2FFiM_2BdFKa9q2/QK6yK_2FZ8h8YXiQ/DdZf1DW4H2UoGvh/LKKNvTJfraro1epkE5/IoLV4Uu6/pL_2B.avi
https://twitter.com/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
http://popup.taboola.com/german
http://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsbu
http://web.citylimitshog.com/images/_2FzwChxtf_2B/hzjPc_2B/WGfb_2BtKr5w_2FrWuz7o6S/_2FCkH0aPr/0PX4BD
https://s.yimg.com/lo/api/res/1.2/Gmn_.LBlaj4cR.p2MkzJVQ--~A/Zmk9ZmlsbDt3PTMxMTtoPTMzMzthcHBpZD1nZW1
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
http://www.nytimes.com/
http://po3p53334.yahoo.com/images/UUBB_2BEg2yL1I_2BETX/NL_2B9LRKHEsWFFcVSb/v2OBUu4bQPiOcGMshsJj_2/B3
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://www.jumbo.ch/de/saisonal/fruehling?utm_source=microspot_msn_shopping&utm_medium=display&
https://contextual.media.net/__media__/pics/8000/72/941/fallback1.jpg
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=Mv10L8QGIS_UmxiUUGp9vw2vvawzjJOGSqz7Td1MRRRC
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
https://onedrive.live.com/?qt=mru;Aktuelle
https://outlook.live.com/mail/deeplink/compose;Kalender
https://www.msn.com/de-ch/nachrichten/regional
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.skype.com/
http://www.reddit.com/
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
https://web.vortex.data.msn.com/collect/v1
http://clkuk.tradedoubler.com/click?p(245744)a(3064090)g(21928104)url(https://store.hp.com/Switzerla
https://autovermietung.msn.com/de-ch/autovermietung
http://web.citylimitshog.com/images/QOkYjo0xnvpXN/Nb9jgDCT/u2CRE4zU_2B_2BWwXU43YsW/LYrWnBzZyG/KPWVlL5VL7Oys_2FJ/Rpu6Xl_2F8uJ/dxjzDMLteJ3/nWYGk4qhm6iRmZ/Kd3NZ6VzpYEu_2B3y3mf_/2B2kXn35TGOVwgjt/BMprQox_2BBx_/2Fbuam4e.avi
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
http://po3p53334.yahoo.com/images/20YgZFZahmb/SnwEyRaj5ALTmi/zEwESVssYj2LgfUfJHGX_/2Fb2o9oiJZHg8xQK/
https://www.msn.com/de-ch/news/other/ehepaar-in-wiesendangen-tot-in-wohnung-aufgefunden/ar-BB19iQK0?
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
http://po3p53334.yahoo.com
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798744
http://web.citylimitshog.com/images/QOkYjo0xnvpXN/Nb9jgDCT/u2CRE4zU_2B_2BWwXU43YsW/LYrWnBzZyG/KPWVlL
http://ogp.me/ns/fb#
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://www.msn.com/de-ch/news/other/in-den-fr%c3%bchen-morgenstunden-verhaftet-die-polizei-in-z%c3%
https://onedrive.live.com;Fotos
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=.2zVQZYGIS_xFQIQlrVtbvUH.sn9UbF0pe4R.nlsNZVt_bdC
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
http://www.msn.com/de-ch/homepage/api/modules/fetch"
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
https://www.msn.com/de-ch/news/other/corona-krise-und-tiefere-steuerertr%c3%a4ge-z%c3%bcrichs-finanz
http://ogp.me/ns#
http://www.youtube.com/
http://www.msn.com/de-ch/
https://www.msn.com/de-ch/news/other/ein-unbescholtener-mitarbeiter-soll-pakete-und-briefe-am-flugha
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://clk.tradedoubler.com/click?p=245744&a=3064090url(https://store.hp.com/SwitzerlandStore/M
http://www.msn.com/de-ch
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
http://searchads.msn.net/.cfm?&&kp=1&
https://twitter.com/i/notifications;Ich
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-verticals-shoppinghub
https://clk.tradedoubler.com/click?p=295926&a=3064090
https://fluege.msn.com/de-ch/flugsuche
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
https://srtb.msn.com:443/notify/viewedg?rid=d765477216894b458d21b9d5a41d550e&r=infopane&i=1&

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19jyjo[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\auction[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\a5ea21[1].ico	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBX2afX[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBPfCZL[1].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBO5Geh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7gRE[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19kpUI[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19kF7V[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 304x304, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19kCBw[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19kBAt[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19jtIg[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19jqSn[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19ixxG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19ix5V[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19gq5R[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB15AQNm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB14EN7h[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\41-0bee62-68ddb2ab[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otSDKStub[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otPcCenter[1].json	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\iab2Data[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\location[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19kAOc[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19jZr9[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 522x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19jMqM[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19jFt9[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 250x250, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19iR03[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19hhkC[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18mpf2[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AAzl6aj[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AA7XCQ3[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\85-0f8009-68ddb2ab[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\58-acd805-185735b[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\otBannerSdk[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-2.1.1.min[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\https___native-images.s3.amazonaws.com_edbaae8a4b21c3d566eccc80b6fa7a04[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_db87238d6c659fe75e907d92552eac75[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\f03cf1c6-555b-4529-a17a-42d6e9471b28[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA3e6zI[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA3DGHW[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\755f86[1].png	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\1599143105792-2178[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 311x332, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\1597916885241-1532[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 311x332, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAud6Gv[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFBC892F-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C234105F-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B501B7C4-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A76AEA84-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A2902A1-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E2C6DE9-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8E2C6DE7-FDC4-11EA-90E2-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZVMNCER9\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19k0y4[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fcmain[1].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\f489d89a-0e50-4a68-82ea-aa78359a514f[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a8a064[1].gif	GIF image data, version 89a, 28 x 28	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBaK3KR[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBK9Ri5[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB6Ma4a[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19knfW[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19kAVT[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y463D3KD\www.msn[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19jqU9[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19jTV0[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19jQyG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19jOrN[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19gERQ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB190QWE[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17B4yH[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB16g6qc[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB15nooa[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB11lN5G[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAyuliQ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#

attenzione.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

attenzione.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

attenzione.dll