installazione.dll

Status: finished

Submission Time: 2020-10-14 07:13:23 +02:00

Malicious

E-Banking Trojan

Trojan

Ursnif

Comments

Details

Analysis ID:
297739
API (Web) ID:
490578
Analysis Started:

2020-10-14 07:13:24 +02:00
Analysis Finished:

2020-10-14 07:22:10 +02:00
MD5:
724f70d56215484778c96c265d2a2cd8
SHA1:
1c06629fc0340a4c76060707cc2c0de425a55011
SHA256:
2fe961e9bb79716d74f6d4c44e54b685a13d0bf9dc4a9c2e97425178b1cfd43e
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP	Country	Detection
31.41.44.99	Russian Federation
87.248.118.23	United Kingdom
141.136.36.32	Lithuania
Click to see the 1 hidden entries
151.101.1.44	United States

Domains

Name	IP	Detection
contextual.media.net	92.122.146.68
windowsclassic.co	31.41.44.99
tls13.taboola.map.fastly.net	151.101.1.44
Click to see the 10 hidden entries
hblg.media.net	92.122.146.68
lg3.media.net	92.122.146.68
edge.gycpi.b.yahoodns.net	87.248.118.23
s.yimg.com	0.0.0.0
assets.msn.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
www.msn.com	0.0.0.0
srtb.msn.com	0.0.0.0
img.img-taboola.com	0.0.0.0
cvision.media.net	0.0.0.0

URLs

Name	Detection
https://clk.tradedoubler.com/click?p=295926&a=3064090
http://www.msn.com/de-ch/?ocid=iehp
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
Click to see the 93 hidden entries
https://clk.tradedoubler.com/click?p=245744&a=3064090url(https://store.hp.com/SwitzerlandStore/M
https://outlook.live.com/calendar
http://www.msn.com/de-ch
https://srtb.msn.com:443/notify/viewedg?rid=554ca0f4951a403f82d082d5d226ef90&r=infopane&i=2&
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://twitter.com/i/notifications;Ich
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-verticals-shoppinghub
https://twitter.com/
https://onedrive.live.com/#qt=mru
http://windowsclassic.co/images/NhZxIHSsPryd/y3qm5My4GQc/_2FIdJlk3gLXZu/R5agb6_2BPtIWFPZ7dfMk/zR_2F8
https://fluege.msn.com/de-ch/flugsuche
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.msn.com/de-ch/news/other/lastwagen-kollidiert-beim-z%c3%bcrcher-letzigrund-mit-tram-14-p
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
http://popup.taboola.com/german
https://www.msn.com/de-ch/news/other/kanton-nimmt-notunterkunft-in-urdorf-wieder-in-betrieb/ar-BB19W
https://www.msn.com/de-ch/news/other/in-z%c3%bcrich-sind-%c3%bcber-50-covid-patienten-hospitalisiert
http://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsbu
https://www.msn.com/de-ch/news/other/ein-appell-in-3-minuten-und-55-sekunden/ar-BB19Yxm1?ocid=hploca
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
http://www.msn.com/de-ch/homepage/api/modules/fetch"
https://login.skype.com/login/oauth/microsoft?client_id=738133
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
http://windowsclassic.co/images/2eT2YJfv7LPw5k/n_2FC3ANba8_2FocrTv8u/FN6B0GXJng6C3aCy/GN7w6vR8GECyh_
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=zO3La2cGIS_jCTmPrASWxb6opQ5vPYpf6xVl0a4PvR0N
http://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
https://onedrive.live.com/about/en/download/
https://www.msn.com/de-ch/news/other/wie-zwei-gastro-t%c3%bcftler-die-corona-flaute-nutzen-um-hilfre
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
https://www.msn.com/de-ch/nachrichten/coronavirus/immer-mehr-corona-infizierte-m%c3%bcssen-ins-spita
http://ogp.me/ns#
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
http://www.msn.com/de-ch/
https://support.skype.com
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://www.msn.com/de-ch/news/other/eine-riesensauerei-fuchs-ger%c3%a4t-in-verbotene-totschlagfalle
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://outlook.com/
https://cdn.cookielaw.org/vendorlist/googleData.json
https://clk.tradedoubler.com/click?p=220135&a=3064090&url(https://www.lehner-versand.ch/?utm
https://policies.oath.com/us/en/oath/privacy/index.html
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798744
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://ogp.me/ns/fb#
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=lXF5N4oGIS8_qeoGP1cnqtNtMQl7XzjHYfJ9au9Nb6LB7wPb
https://outlook.live.com/mail/deeplink/compose;Kalender
https://onedrive.live.com;Fotos
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
http://searchads.msn.net/.cfm?&&kp=1&
http://windowsclassic.co/images/2eT2YJfv7LPw5k/n_2FC3ANba8_2FocrTv8u/FN6B0GXJng6C3aCy/GN7w6vR8GECyh_2/BMqfad6RP0wIyuM6WW/9ztT2AdmH/BedZ5rdg2K_2FXDiA9Uv/2RuHFsojPjImn342U2l/I9DBpiQY1_2BLUa296tS0A/_2FgqNfxNiiG1/Oa1c0X3z/s7W_2F7tf/j.avi
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://www.jumbo.ch/de/saisonal/fruehling?utm_source=microspot_msn_shopping&utm_medium=display&
https://www.bidstack.com/privacy-policy/
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://www.msn.com/de-ch/news/other/z%c3%bcrich-muss-beim-contact-tracing-%c3%bcber-die-b%c3%bccher
https://www.msn.com/de-ch/nachrichten/regional
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://www.msn.com/de-ch/nachrichten/coronavirus/corona-detektive-in-z%c3%bcrich-am-limit-das-super
http://windowsclassic.co/images/NhZxIHSsPryd/y3qm5My4GQc/_2FIdJlk3gLXZu/R5agb6_2BPtIWFPZ7dfMk/zR_2F8sKr8m9xvTH/REwoCe21JGZCW7a/3QHN8iJAHYcxcSbuOg/WCKvYFaJm/mKQrG88Bz_2B0EFrBe1i/gm1l_2BHv4KrJvPMJQP/qHbD6.avi
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.skype.com/
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
https://s.yimg.com/lo/api/res/1.2/GlqKzzA_N12ozOAeazI13A--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
https://web.vortex.data.msn.com/collect/v1
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
http://clkuk.tradedoubler.com/click?p(245744)a(3064090)g(21928104)url(https://store.hp.com/Switzerla
https://onedrive.live.com/?qt=mru;Aktuelle
https://autovermietung.msn.com/de-ch/autovermietung
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-katholiken-klagen-gegen-churer-%c3%bcbergangsbisch
https://assets.msn.com/statics/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/iab2Data.json
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB19ZtYh[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB19Zsjk[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
Click to see the 93 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB19ZPi7[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\55a804ab-e5c6-4b97-9319-86263d365d28[1].json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otTCF-ie[1].js	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otBannerSdk[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\nrrV70116[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___cdn.taboola.com_libtrc_static_thumbnails_7bb433050a5377f90d032503dff92694[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___cdn.taboola.com_libtrc_static_thumbnails_0da54f977c8ae657feee59c75a48e6c7[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB19ZyBg[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBkwUr[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBiwNf[1].png	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBO5Geh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB7hjL[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19ZmIk[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB19WbmX[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\4996b9[1].woff	Web Open Font Format, TrueType, length 45633, version 1.0	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iab2Data[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WVTIYTOSVUPPX51RECSE.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\32XCO2FYBKNYQSGBEXO2.temp	data	#
C:\Users\user\AppData\Local\Temp\~DFEEEA7D7A1A1E9A85.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFEDB72EBD57AD0337.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF799274722582C37E.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF45F2827B2D66A170.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF447855EA1729E39F.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF415E2AEF1673EC7F.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF02AA0477C793CE9C.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otSDKStub[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iab2Data[2].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_b014f7e365765a267baf552e0fc38986[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http___cdn.taboola.com_libtrc_static_thumbnails_9ffa53e5b1eeab07e1cfff7a6c24b39a[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http___cdn.taboola.com_libtrc_static_thumbnails_69b13ef6b38d9d04dc3bbf6e9e460e28[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\e151e5[1].gif	GIF image data, version 89a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBVuddh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\58-acd805-185735b[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\de-ch[1].json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBX2afX[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBPfCZL[1].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19ZM6T[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB19ZAlm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB16g6qc[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\85-0f8009-68ddb2ab[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5917f1e0-3321-4a9d-a1de-bc767a8f597d[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4fba7474-5442-4adc-a0f7-d0e20fa33f10[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\1600243460693-8712[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 622x367, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8D49BA0-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBB2E653-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE61856B-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A133E803-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{940185D5-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88C9BA21-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88C9BA1F-0E27-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\GSFZS29E\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19ZDOY[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_13cec943488b6a7b4bb2a265f5fd5d7c[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fcmain[2].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fcmain[1].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\auction[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\a8a064[1].gif	GIF image data, version 89a, 28 x 28	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBnYSFZ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBRUB0d[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19ZM6T[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\95ICSWPL\www.msn[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19YRJG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAyuliQ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\755f86[1].png	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\41-0bee62-68ddb2ab[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nrrV70116[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery-2.1.1.min[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#

installazione.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

installazione.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

IPs

Domains

URLs

Dropped files

Search started

installazione.dll