installa.dll

Status: finished

Submission Time: 2020-10-20 13:04:06 +02:00

Malicious

E-Banking Trojan

Trojan

Ursnif

Comments

Details

Analysis ID:
300964
API (Web) ID:
497544
Analysis Started:

2020-10-20 13:15:20 +02:00
Analysis Finished:

2020-10-20 13:23:12 +02:00
MD5:
d94c7807c3749b3f773d71d48abadc85
SHA1:
d976de057c7e57d278b00ff2a64102fc58b48837
SHA256:
d5ba4c77ca4813a76ceb6be5203a3c3d713e043e82cf80a7aab0d92b28f71a64
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 76	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 10/70

IPs

IP	Country	Detection
45.140.168.107	Russian Federation
151.101.1.44	United States

Domains

Name	IP	Detection
contextual.media.net	104.84.56.24
tls13.taboola.map.fastly.net	151.101.1.44
hblg.media.net	104.84.56.24
Click to see the 8 hidden entries
lg3.media.net	104.84.56.24
windowclient.com	45.140.168.107
assets.msn.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
www.msn.com	0.0.0.0
srtb.msn.com	0.0.0.0
img.img-taboola.com	0.0.0.0
cvision.media.net	0.0.0.0

URLs

Name	Detection
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://clk.tradedoubler.com/click?p=245744&a=3064090url(https://store.hp.com/SwitzerlandStore/M
https://outlook.live.com/calendar
Click to see the 89 hidden entries
http://www.msn.com/de-ch
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://twitter.com/i/notifications;Ich
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-verticals-shoppinghub
https://twitter.com/
https://clk.tradedoubler.com/click?p=295926&a=3064090
https://fluege.msn.com/de-ch/flugsuche
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
http://www.msn.com/de-ch/?ocid=iehpP
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://www.msn.com/de-ch/news/other/abfallgeb%c3%bchren-gehen-den-preis%c3%bcberwacher-laut-dem-kan
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
http://popup.taboola.com/german
https://www.msn.com/de-ch/news/other/natalie-rickli-will-grossanl%c3%a4sse-wieder-verbieten/ar-BB1a9
https://onedrive.live.com/about/en/download/
https://www.bidstack.com/privacy-policy/
http://ogp.me/ns#
http://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsbu
https://www.msn.com/de-ch/news/other/jetzt-werden-die-erz-oldtimer-versteigert/ar-BB1aaZxD?ocid=hplo
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
http://www.msn.com/de-ch/homepage/api/modules/fetch"
https://login.skype.com/login/oauth/microsoft?client_id=738133
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
http://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
https://www.msn.com/de-ch/news/other/kehrichtverbrennung-dietikon-zh-will-preise-nicht-senken/ar-BB1
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
http://www.msn.com/de-ch/
https://support.skype.com
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
http://windowclient.com/images/kiAWAduwJO0q/bQO9sUWhVpL/aQIJ6rGuoO6Ew5/RknVLUyVCvTBD3u6l6DJD/XfO0GDVLSHJkWqPF/1VJrYQYCRB1tlRd/Az6c6sfGxjAqRQRmi_/2Fm6lDFm5/giXuErwGpu5RdZByPa5U/5hcQGCW4GEK/4auP4.avi
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://onedrive.live.com/#qt=mru
https://www.msn.com/de-ch/news/other/so-kickt-die-schweiz-der-fc-st-gallen-bleibt-leader-und-hat-ein
http://www.msn.com/de-ch/?ocid=iehp
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
https://onedrive.live.com;Fotos
https://www.msn.com/de-ch/news/other/die-geplanten-hundezonen-in-der-stadt-z%c3%bcrich-wecken-unmut-
https://clk.tradedoubler.com/click?p=220135&a=3064090&url(https://www.lehner-versand.ch/?utm
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798744
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://ogp.me/ns/fb#
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-s-bahnnetz-zehn-stunden-lang-im-st%c3%b6rungsmodus
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://www.msn.com/de-ch/news/other/die-gesinnung-allein-reicht-nicht-aus-um-jemanden-von-einer-hoc
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://cdn.cookielaw.org/vendorlist/googleData.json
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://www.msn.com/de-ch/news/other/sozialisten-schliessen-ja-gerne-leute-im-land-ein-contra-solche
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
http://windowclient.com/images/PhtEpAZ2HpWFir_2BIkF/vo7rgvEoqB86khpfRZi/NnDGpE_2F383l_2FY23wn8/s8SaspSJ1NSJJ/gX7ebdZD/5_2FvQwn2gfpfhpAmOD3RAX/E_2BDtGcsS/oZJpX3G3G8NgpsDh7/7JTwI1nxYwPS/xSXEFkZIGU6/WDnZ2.avi
http://searchads.msn.net/.cfm?&&kp=1&
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
http://clkuk.tradedoubler.com/click?p(245744)a(3064090)g(21928104)url(https://store.hp.com/Switzerla
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://www.msn.com/de-ch/nachrichten/regional
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-club-gewinnt-l%c3%a4rmstreit/ar-BB1acxae?ocid=hplo
http://windowclient.com/images/PhtEpAZ2HpWFir_2BIkF/vo7rgvEoqB86khpfRZi/NnDGpE_2F383l_2FY23wn8/s8Sas
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
https://www.skype.com/
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
https://www.jumbo.ch/de/saisonal/fruehling?utm_source=microspot_msn_shopping&utm_medium=display&
https://web.vortex.data.msn.com/collect/v1
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://onedrive.live.com/?qt=mru;Aktuelle
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
http://windowclient.com/images/kiAWAduwJO0q/bQO9sUWhVpL/aQIJ6rGuoO6Ew5/RknVLUyVCvTBD3u6l6DJD/XfO0GDV
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://assets.msn.com/statics/oneTrustV2/consent/55a804ab-e5c6-4b97-9319-86263d365d28/iab2Data.json
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://outlook.live.com/mail/deeplink/compose;Kalender
https://outlook.com/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BB19RFPK[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BB17milU[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
Click to see the 88 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BB17IXGm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\AAyuliQ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\iab2Data[2].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http___cdn.taboola.com_libtrc_static_thumbnails_f65657ae0c0bc5fdf1ac0a1c80c5d333[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http___cdn.taboola.com_libtrc_static_thumbnails_b4f3246afa52af53f140f3c3b2d30b67[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\http___cdn.taboola.com_libtrc_static_thumbnails_147a09c93c83870afb1235cb6643d464[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\fcmain[2].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BB1abr3z[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\b93e9132-e670-4998-95ce-f937ea9eeb4b[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BBPfCZL[1].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB1acz1l[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB1acH25[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB1acFXW[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\BB16g6qc[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\58-acd805-185735b[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\otBannerSdk[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UKYUOGG45FLVV0A8N9DS.temp	data	#
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6TSEWTO348LANW6LFSN0.temp	data	#
C:\Users\user\AppData\Local\Temp\~DFF7C6674A91E7E679.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DFE59B0FEABB82288A.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF5244239F388D2EF4.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4CCD664ABB4BA978.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF4A946ECA0C8B34B2.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF0A396341F066F8C4.TMP	data	#
C:\Users\user\AppData\Local\Temp\~DF055A168A6D9C72F9.TMP	data	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\nrrV75198[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\medianet[4].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\checksync[4].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\checksync[3].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\NewErrorPageTemplate[2]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BBnYSFZ[2].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BBK9Ri5[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VAHFWDJC\BBK9Hzy[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1abX1s[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\otSDKStub[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http___cdn.taboola.com_libtrc_static_thumbnails_db75c0106cfbc810c5703953c59f7a03[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http___cdn.taboola.com_libtrc_static_thumbnails_a8d217261f4cdf2a2cab8f1bd9f39b76[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_IBK_606910635__VqZNjsRU[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_IBK_542734683__clsfZCtG[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http___cdn.taboola.com_libtrc_static_thumbnails_8d8e55fee68ce7185c5b82f5a54df0f6[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\http___cdn.taboola.com_libtrc_static_thumbnails_02d787b9a66c874b3be01a3c931d276e[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\de-ch[2].json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\auction[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB7hjL[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\BB1acGzB[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\otTCF-ie[1].js	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\5917f1e0-3321-4a9d-a1de-bc767a8f597d[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0MX4YUS9\55a804ab-e5c6-4b97-9319-86263d365d28[2].json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\po60zt0\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62079771-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{541679CA-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{46D5C9D0-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{398B907B-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2517E860-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{190B683B-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{190B6839-1311-11EB-90E6-ECF4BB82F7E0}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\medianet[3].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\iab2Data[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\fcmain[1].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\dnserror[3]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\dnserror[2]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IUHEMSR9\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BBih5H[1].png	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BBX2afX[2].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BBVuddh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1acsi4[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1acL5z[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 762x762, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1acDFS[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\BB1abBaZ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\85-0f8009-68ddb2ab[2].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2K7JPOQS\41-0bee62-68ddb2ab[1].js	ASCII text, with very long lines, with no line terminators	#

installa.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

installa.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

installa.dll