installazione.dll

Status: finished

Submission Time: 2020-10-19 08:44:52 +02:00

Malicious

E-Banking Trojan

Trojan

Evader

Ursnif

Comments

Details

Analysis ID:
299878
API (Web) ID:
494852
Analysis Started:

2020-10-19 08:51:33 +02:00
Analysis Finished:

2020-10-19 08:59:47 +02:00
MD5:
69ec5ffde7eb0e7c46638e2f6f3a1523
SHA1:
f95ac48c9709f2b611d61a1a5f07edf5f3839e7c
SHA256:
2e92d98fecb9edec0ef64d5441894b316f97755344e365460c463dd9dfebe775
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 10/68

malicious

Score: 6/48

IPs

IP	Country	Detection
87.248.118.23	United Kingdom
195.24.67.87	Russian Federation
151.101.1.44	United States

Domains

Name	IP	Detection
contextual.media.net	104.84.56.24
tls13.taboola.map.fastly.net	151.101.1.44
hblg.media.net	104.84.56.24
Click to see the 11 hidden entries
lg3.media.net	104.84.56.24
edge.gycpi.b.yahoodns.net	87.248.118.23
blogicompany.com	195.24.67.87
s.yimg.com	0.0.0.0
assets.msn.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
www.msn.com	0.0.0.0
srtb.msn.com	0.0.0.0
img.img-taboola.com	0.0.0.0
cvision.media.net	0.0.0.0
cdn.onenote.net	0.0.0.0

URLs

Name	Detection
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
http://www.msn.com/de-ch
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
Click to see the 91 hidden entries
https://www.msn.com/de-ch/news/other/l%c3%a4rmstreit-im-ausgehviertel-die-polizei-stellt-anhand-von-
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://twitter.com/i/notifications;Ich
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-verticals-shoppinghub
https://twitter.com/
https://clk.tradedoubler.com/click?p=295926&a=3064090
https://fluege.msn.com/de-ch/flugsuche
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://outlook.live.com/calendar
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
http://popup.taboola.com/german
https://www.msn.com/de-ch/news/other/natalie-rickli-will-grossanl%c3%a4sse-wieder-verbieten/ar-BB1a9
https://onedrive.live.com/about/en/download/
https://www.bidstack.com/privacy-policy/
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://www.msn.com/de-ch/nachrichten/regional
http://ogp.me/ns#
http://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsbu
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
http://www.msn.com/de-ch/homepage/api/modules/fetch"
https://login.skype.com/login/oauth/microsoft?client_id=738133
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
http://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
http://blogicompany.com/images/Je3_2FRxj5WA/l54ZsuBZnFa/Yf0yy0I_2BtnNm/67HpfX40NKu4w_2FjBPiC/vJ2LTBp
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
https://srtb.msn.com:443/notify/viewedg?rid=1089c9e3127a49d3b8357d18aaf0e700&r=infopane&i=2&
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
http://www.msn.com/de-ch/
https://support.skype.com
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://onedrive.live.com/#qt=mru
https://www.msn.com/de-ch/news/other/so-kickt-die-schweiz-der-fc-st-gallen-bleibt-leader-und-hat-ein
http://www.msn.com/de-ch/?ocid=iehp
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
https://clk.tradedoubler.com/click?p=245744&a=3064090url(https://store.hp.com/SwitzerlandStore/M
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://outlook.live.com/mail/deeplink/compose;Kalender
https://outlook.com/
https://cdn.cookielaw.org/vendorlist/googleData.json
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-kantonspolizei-hebt-indoor-hanfanlage-mit-1000-pfl
https://clk.tradedoubler.com/click?p=220135&a=3064090&url(https://www.lehner-versand.ch/?utm
https://policies.oath.com/us/en/oath/privacy/index.html
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798744
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://ogp.me/ns/fb#
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://onedrive.live.com;Fotos
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://www.msn.com/de-ch/news/other/klassiker-fcz-fcb-wegen-positivem-corona-fall-abgesagt/ar-BB1a8
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
http://searchads.msn.net/.cfm?&&kp=1&
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
https://www.msn.com/de-ch/news/other/digital-camp-f%c3%bcr-kinder-auf-der-forch-wie-nachwuchstechnik
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=VFlWf0QGIS.8k99AaCqcc_WX4.uDMDj8xBKLqxGzxA8Ncf6f
https://www.skype.com/
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
http://blogicompany.com/images/Je3_2FRxj5WA/l54ZsuBZnFa/Yf0yy0I_2BtnNm/67HpfX40NKu4w_2FjBPiC/vJ2LTBp4thUDVgaa/6NiCJ0XXv5koVsM/XYO3OlEOpxrQFYVFHC/sreip_2FK/fHE7HLVsz5AkUTMD6B59/qDKlXhl3DCVuylDNAfK/lI_2F.avi
https://www.msn.com/de-ch/news/other/doppelt-so-viele-corona-infizierte-innert-eines-tages-im-kanton
https://www.jumbo.ch/de/saisonal/fruehling?utm_source=microspot_msn_shopping&utm_medium=display&
https://s.yimg.com/lo/api/res/1.2/dICYoQ6SGJ6VE85FII_5kg--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
https://web.vortex.data.msn.com/collect/v1
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
http://clkuk.tradedoubler.com/click?p(245744)a(3064090)g(21928104)url(https://store.hp.com/Switzerla
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=eAq6I7UGIS9oCfHzywOkkuyaKCDYkdnZ5lDsZAm73plN
https://onedrive.live.com/?qt=mru;Aktuelle
https://www.msn.com/de-ch/news/other/wir-m%c3%bcssen-das-gesamte-personal-entlassen-der-gastrobranch
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://www.msn.com/de-ch/news/other/s-bahnen-fallen-aus-s12-h%c3%a4lt-nicht-in-stadelhofen/ar-BB1aa
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
http://blogicompany.com/images/V2_2F_2F4RDXz3_2FQ7vy/C7yJjqjJrepYfXO0/rnPB9MijUEzLgkm/WwzwmZD_2BD9Xh
https://assets.msn.com/statics/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/iab2Data.json

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1a9tOX[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1a8X5D[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
Click to see the 91 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\58-acd805-185735b[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\1600330009135-5499[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 622x367, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otTCF-ie[1].js	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\nrrV47057[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-2.1.1.min[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBO5Geh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\de-ch[1].json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBVuddh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB7hjL[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB16g6qc[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB116fUs[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\85-0f8009-68ddb2ab[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\755f86[1].png	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\41-0bee62-68ddb2ab[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\iab2Data[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\M3I2KG6CE5XMSGWBGYL2.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L1VDBNYEEYI72TM3DIVT.temp	data	#
C:\Users\user\AppData\Local\Temp\~DFFFF629C05DC612D6.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFD4B7F425503EBCAA.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFA409D02E2552229B.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF9BE8FB2FC8CED959.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF721035B2550C492F.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF709BE4D13C6A0F5D.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0E678E638443A47A.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otSDKStub[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\otBannerSdk[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\medianet[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http___cdn.taboola.com_libtrc_static_thumbnails_33b44daea9538536306db2ef2857d77a[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http___cdn.taboola.com_libtrc_static_thumbnails_1b4ca5237ee6e66244256424f7936413[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\fcmain[1].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBi9v6[1].png	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BBX2afX[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\83cfba42-7d45-4670-a4a7-a3211ca07534[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e151e5[1].gif	GIF image data, version 89a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\auction[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBPfCZL[1].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1aagoQ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1aaebo[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1a9rvg[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1a9jT2[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB18qTPD[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fcmain[1].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\55a804ab-e5c6-4b97-9319-86263d365d28[1].json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4996b9[1].woff	Web Open Font Format, TrueType, length 45633, version 1.0	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56CECC66-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4954E14D-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B910FEA-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E0676C0-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20A20346-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{161C67E3-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{161C67E1-1223-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\WT04BOXM\www.msn[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1a9xaN[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\iab2Data[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1097-Regula_selfie-1000x600_1000x600_c484a0eb9d2d8fba01d6e062c03bc87b[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http___cdn.taboola.com_libtrc_static_thumbnails_4685f3b7fcd9479cd3a18c21db5d79e8[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\a8a064[1].gif	GIF image data, version 89a, 28 x 28	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBnYSFZ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1aa8LY[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MCDFX0H6\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1a9qRF[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1a9ZcG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1a9RGv[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1a9HOn[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAyuliQ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4fba7474-5442-4adc-a0f7-d0e20fa33f10[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1276-red_silk_on_fingertip-1200x800_babede67ff097663974c84cb4b37705a[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_8d8e55fee68ce7185c5b82f5a54df0f6[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#

installazione.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

installazione.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

installazione.dll