p1cture3.dll

Status: finished

Submission Time: 2020-12-18 14:12:11 +01:00

Malicious

E-Banking Trojan

Trojan

Ursnif

Comments

Details

Analysis ID:
332237
API (Web) ID:
566306
Analysis Started:

2020-12-18 14:12:12 +01:00
Analysis Finished:

2020-12-18 14:20:20 +01:00
MD5:
363430ba47c7d69f75e9bc90dbbc1d8c
SHA1:
47fe41dd67e0245c1ece8fcd2c10c713823db833
SHA256:
00af5f13551c5e20fe29ec3d12dca555a56cd1edcd0a8633373872334de485ae
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 68	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 14/69

malicious

Score: 9/48

IPs

IP	Country	Detection
65.9.70.182	United States

Domains

Name	IP	Detection
contextual.media.net	23.54.113.52
ocsp.sca1b.amazontrust.com	65.9.70.182
gstatistics.co	95.181.198.158
Click to see the 6 hidden entries
hblg.media.net	23.54.113.52
lg3.media.net	23.54.113.52
web.vortex.data.msn.com	0.0.0.0
www.msn.com	0.0.0.0
srtb.msn.com	0.0.0.0
cvision.media.net	0.0.0.0

URLs

Name	Detection
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://www.msn.com/de-ch/?ocid=iehp
Click to see the 94 hidden entries
https://onedrive.live.com/?qt=mru;Aktuelle
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
https://cdn.cookielaw.org/vendorlist/iabData.json
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://rover.ebay.com/rover/1/5222-53480-19255-0/1?mpre=https%3A%2F%2Fwww.ebay.ch&campid=533862
https://outlook.com/
https://cdn.cookielaw.org/vendorlist/googleData.json
https://www.bet365affiliates.com/UI/Pages/Affiliates/Affiliates.aspx?ContentPath
https://www.admo.tv/en/privacy-policy
https://www.msn.com/de-ch/news/other/rund-100-000-betreibungen-leiten-die-krankenkassen-im-kanton-z%
https://www.msn.com/de-ch/news/other/regierung-genehmigt-27-millionen-f%c3%bcr-n%c3%a4chste-glattalb
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://onedrive.live.com;OneDrive-App
https://channelpilot.co.uk/privacy-policy
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://clkde.tradedoubler.com/click?p=235514&a=3064090&g=24888006&epi=dech-shoppingstri
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://onedrive.live.com/#qt=mru
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
https://login.skype.com/login/oauth/microsoft?client_id=738133
https://related.hu/adatkezeles/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
https://support.skype.com
https://www.vidstart.com/wp-content/uploads/2018/09/PrivacyPolicyPDF-Vidstart.pdf
https://www.msn.com?form=MY01O4&OCID=MY01O4
https://www.skype.com/de
https://outlook.live.com/calendar
https://quantyoo.de/datenschutz
https://twitter.com/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://listonic.com/privacy/
https://onedrive.live.com/about/en/download/
https://www.bidstack.com/privacy-policy/
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://www.msn.com/de-ch/news/other/rolf-erbs-gl%c3%a4ubiger-erhalten-hohe-erl%c3%b6se/ar-BB1c2kH2?
https://www.msn.com/de-ch/homepage/api/modules/fetch"
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
https://www.msn.com/de-ch/news/other/besonders-erstsemestrige-f%c3%bchlen-sich-einsam-und-isoliert/a
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://www.msn.com/de-ch/nachrichten/regional
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.skype.com/
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
http://ocsp.sca1b.amazontrust.com/images/jhYAn3wKHkyVTfw0/00VSw8f6pL0WGBk/m4PqAGyanFhkbyBOYl/qp5aS987V/V_2F_2BDl1vlB4fNYU_2/F2MBpXT1koABcUI5eof/xLEdBGKD7jA0v_2Fz7BWKv/3L_2BuB2pgeH4/HkdTjRHb/hcfpV3qoBZMqxjVhpVXAZkF/kYfRQAAcy4/xtA2JR23ptN8RGY98/Uvv3IGmm/Pvn0.avi
https://web.vortex.data.msn.com/collect/v1
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://client-s.gateway.messenger.live.com
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://outlook.live.com/mail/deeplink/compose;Kalender
http://gstatistics.co/images/GoexDOefGezKVL0h1dQfW/P8ihkSPhjIn_2Buh/vqH_2F_2BqoQIE1/Bq8bHihrQ4ihYZlN
http://ogp.me/ns/fb#
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://onedrive.live.com;Fotos
https://www.remixd.com/privacy_policy.html
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=dech-edge&ued=ht
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24903118&epi=dech-shoppingstri
https://onedrive.live.com/?qt=mru;OneDrive-App
https://docs.prebid.org/privacy.html
http://ogp.me/ns#
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://www.msn.com/de-ch/news/other/blerim-dzemaili-kehrt-zum-fc-z%c3%bcrich-zur%c3%bcck/ar-BB1c2bg
https://www.msn.com/de-ch/news/other/banker-stellt-karton-zu-fr%c3%bch-raus-und-muss-nun-500-fr-zahl
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://www.msn.com/de-ch/news/other/konkursverfahren-%c3%bcber-rolf-erb-nach-16-jahren-abgeschlosse
https://www.msn.com/de-ch/news/other/junge-is-r%c3%bcckkehrerin-wehrt-sich-erfolgreich-gegen-urteil/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://portal.eu.numbereight.me/policies-license#software-privacy-notice
http://searchads.msn.net/.cfm?&&kp=1&
https://www.gadsme.com/privacy-policy/
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://twitter.com/i/notifications;Ich
https://www.msn.com/de-ch
https://bealion.com/politica-de-cookies
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.msn.com/de-ch/sport/fussball/fcz-frauen-beissen-sich-die-z%c3%a4hne-aus/ar-BB1c1dBl?ocid
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://www.msn.com/de-ch/
https://www.brightcom.com/privacy-policy/

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB14hq0P[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2xHZ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2vT6[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2nqV[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2lWi[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2e54[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2dTm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c2971[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c271x[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c26hQ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 180x180, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1c1KaV[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1buoYF[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB15AQNm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBIbOGs[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AAuTnto[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AA7XCQ3[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\85-0f8009-68ddb2ab[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\nrrV9640[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-2.1.1.min[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\iab2Data[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].json	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\755f86[1].png	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2uJG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2ncC[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2nP1[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2iVw[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2hna[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2gi3[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c2bPR[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1c10MR[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB1bYucG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB17milU[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\BB14EN7h[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\AArXDyz[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBnYSFZ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\4996b9[1].woff	Web Open Font Format, TrueType, length 45633, version 1.0	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otFlat[1].json	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\e151e5[1].gif	GIF image data, version 89a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\checksync[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\a8a064[1].gif	GIF image data, version 89a, 28 x 28	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBUE92F[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBRUB0d[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBO5Geh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bdczq[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBOLLMj[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBK9Hzy[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c2veo[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c2mdj[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c2gwf[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c2fUi[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c2bFx[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c22LU[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c1Yqf[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c1YW6[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c1Y4J[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1c0RDU[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBPfCZL[1].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA3e6zI[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\87e5c478-82d7-43e3-8254-594bbfda55c7[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\55a804ab-e5c6-4b97-9319-86263d365d28[1].json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5096d619-1503-4dc7-8fad-e2ece705fa8a[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F198FF5-417E-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{487DC35C-417E-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30131831-417E-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3013182F-417E-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3013182D-417E-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\B52R673A\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1ardZ3[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBX2afX[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBK9Ri5[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7hjL[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7gRE[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c2zso[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c2iVw[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 200x200, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c2fMA[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c2eQR[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c259x[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c23iU[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c224v[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1c1Trg[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 226x226, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\765NY3ND\www.msn[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB10MkbM[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAyuliQ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\58-acd805-185735b[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\41-0bee62-68ddb2ab[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otTCF-ie[1].js	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otSDKStub[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\otBannerSdk[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fcmain[1].js	HTML document, ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBoqF0J[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBih5H[1].png	PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced	#

p1cture3.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

p1cture3.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

p1cture3.dll