2ff0174.dll

Status: finished

Submission Time: 2021-06-09 13:50:19 +02:00

Malicious

Trojan

Ursnif

Comments

Details

Analysis ID:
431863
API (Web) ID:
799467
Analysis Started:

2021-06-09 13:50:19 +02:00
Analysis Finished:

2021-06-09 14:01:21 +02:00
MD5:
9f07670d0192eb4c2fa2dbafb6b3dddf
SHA1:
0fac819049810a6707ce2269dd9cee6347b8ec7b
SHA256:
a62876ad5b23476a42760a93bd502ce8d91d86a1fcbfa0f9edc673f4243a08f3
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 80	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
82.118.22.247	Ukraine
82.118.22.204	Ukraine
151.101.1.44	United States
Click to see the 6 hidden entries
82.165.229.16	Germany
104.20.185.68	United States
82.165.229.59	Germany
82.165.229.87	Germany
82.165.229.54	Germany
104.16.18.94	United States

Domains

Name	IP	Detection
qtrweyuiopolkhgbjune.xyz	82.118.22.247
vhfkffjddyjunekugjtr.xyz	82.118.22.204
geolocation.onetrust.com	104.20.185.68
Click to see the 17 hidden entries
dl.mail.com	0.0.0.0
cvision.media.net	0.0.0.0
img.ui-portal.de	0.0.0.0
s.uicdn.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
img.img-taboola.com	0.0.0.0
srtb.msn.com	0.0.0.0
www.msn.com	0.0.0.0
wa.mail.com	82.165.229.16
contextual.media.net	184.30.24.22
mail.com	82.165.229.87
lg3.media.net	184.30.24.22
hblg.media.net	184.30.24.22
cdnjs.cloudflare.com	104.16.18.94
www.mail.com	82.165.229.59
tls13.taboola.map.fastly.net	151.101.1.44
wa.ui-portal.de	82.165.229.54

URLs

Name	Detection
https://www.mail.com/uripath/6cPXuQdL_2BmDgfuO/pks3Rg5BYm99/NE64NorVqJ3/4HdH4Xej03hXYE/fc5_2FPChCXBm
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
Click to see the 97 hidden entries
https://img.ui-portal.de/pos-cdn/tracklib/4.3.0/tracklib.min.js
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://use.typekit.net
https://dl.gmx.at/permission/oneTrust/
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://popup.taboola.com/
http://qtrweyuiopolkhgbjune.xyz/uripath/HqAo_2FUT4Xi/etL7dOp10vF/1GZyviLFWjPlf_/2BpAjw1ynkMPMDMMcYEt
https://momentjs.com
http://momentjs.com/guides/#/warnings/min-max/
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/popper.min.js
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
https://dl.gmx.fr/permission/oneTrust/
http://vhfkffjddyjunekugjtr.xyz/uripath/m5zigbEwtRm5tbWTabSv7yN/5eir_2B9Vh/aKk3WnUnFcJEuyyua/ARiRkfJ3iFIQ/qDBnAv2igfa/mrhLian2LW_2B2/9OpQEW7r1oH5EbxzNz_2F/uyLCbd56_2B8viYh/NcE_2BN0hWhdn2k/S_2Fl0s3iSHGBIpV8q/3IvuuTvjE/P_2F5A01dnuye77sW1fw/lxHUAcZiiGEaGlB/coOMe.ext
http://vhfkffjddyjunekugjtr.xyz/uripath/Dpso2yRgb0Dyb/KAn6cCpr/gAmXw5kfG_2Bc9ne1cJuUpm/vIdHSfsVJ8/z1jcayamlCKKrI29R/G_2B_2FccqD2/qf4e_2Fz6RI/K0AsHCwnacJmTs/dz3R8eKROUC_2FWQj5PLa/EqJtAUgFuyqujecx/FxvhHy9NhkNYETE/8xNMShuXbdh_2BRm2_/2BKALThQM/WfIVp4VFD/2fstwBtrQ/e.ext
http://qtrweyuiopolkhgbjune.xyz/public/css/animate.css
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://github.com/ded/bonzo
https://github.com/chartjs/Chart.js/issues/3521
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://mam-confluence.1and1.com/display/TDII/BRAIN-Tracking
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/chart-js/Chart.bundle.js?1234
https://onedrive.live.com/about/en/download/
https://www.stroeer.de/konvergenz-konzepte/daten-technologien/stroeer-ssp/datenschutz-ssp.html
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
http://vhfkffjddyjunekugjtr.xyz/uripath/m5zigbEwtRm5tbWTabSv7yN/5eir_2B9Vh/aKk3WnUnFcJEuyyua/AR
https://github.com/getsentry/sentry-javascript
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://www.msn.com/de-ch/?ocid=iehp
https://cdn.cookielaw.org/vendorlist/iab2Data.json
http://www.nathanaeljones.com/blog/2013/reading-max-width-cross-browser
http://vhfkffjddyjunekugjtr.xyz/uripath/PbAYRrZYAKQJ_2FiZxLfQe/0W3TmhG_2FKNb/HT1zWvSh/WsU1_2F6i0huFY
http://vhfkffjddyjunekugjtr.xyz/uripath/PbAYRrZYAKQJ_2FiZxLfQe/0W3TmhG_2FKNb/HT1zWvSh/WsU1_2F6i0huFYRA429S2ek/rkBd8Gm1wt/jPrgo3Qm1r_2FcnOo/wfKJYrVFbHaY/uPAV9mHMrKZ/jAk7myMZiDAmSQ/yOGTwTyxfld98bsDv53U4/FqusXxECzNJh4e3H/b3Q8IDIjGjZYWaI/QVKc4rs5AqW2/jMtBGa.ext
http://qtrweyuiopolkhgbjune.xyz/uripath/rfHWC41tNETdeQWjswyCogx/2GerTeq_2F/pTrbfZqC3HbPx0AC8/8PvaEEyqSBMQ/OI0eVJ5ixCL/pKmLDsx5jBT2dg/mYyZQFsej_2FmIk9ENFo_/2FKyKN8X1y1Qj4qv/wg_2F6DT_2F1UtB/x8hTbCqg1pGLyNEs7B/hxe_2BGbh/vaZctqoLB_2FhX3rnLtN/P_2BNdyaBZpb9Iw/e46aWlZ.ext
http://stackoverflow.com/questions/8506881/nice-label-algorithm-for-charts-with-minimum-ticks
http://qtrweyuiopolkhgbjune.xyz/
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
http://daneden.me/animate
https://outlook.com/
http://qtrweyuiopolkhgbjune.xyz/public/css/scss/style.css?1234
https://dl.gmx.es/permission/oneTrust/
https://cdn.cookielaw.org/vendorlist/googleData.json
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://qtrweyuiopolkhgbjune.xyz/public/css/font-awesome.min.css?1234
http://mail.com/uripath/fcbslbaQpLGER/anAUxx7k/P6qNRF5XQyAjAahpDrcIJV_/2BFr8ewDzH/kQKcuAEadNq8bnSP3/wERFtfm7vyGn/vtnJWrjvx8a/3Jsty6cDbS_2BT/gpxDtVgwpd6fGwdYn6qs2/kmBHoYzJ0NzlB9tA/okgty4mo62PuQhI/vZTwR4IKuGhmX2McfB/4w9w6_2Bd/_2B3x_2Bn_2B/YKaqn.ext
https://www.msn.com/de-ch/news/other/mit-seinen-dokfilmen-hat-er-virale-hits-geschaffen/ar-AAKQZ6z?o
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://my.onetrust.com/s/article/UUID-185d63b9-1094-a9d3-e684-bb1f155ae6ad
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
http://dev.w3.org/csswg/css-color/#hwb-to-rgb
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://github.com/scottjehl/picturefill/blob/master/Authors.txt;
https://dl.mail.com/tcf/live/v1/js/tcf-api.js
https://github.com/twbs/bootstrap/graphs/contributors)
https://github.com/chartjs/Chart.js/issues/2538
http://qtrweyuiopolkhgbjune.xyz/uripath/r_2F625JF8nc/Zl6uqWI71P7/1DbizOipbgp9jM/hoB3nCCm3H0vpt3zAF7Z
http://qtrweyuiopolkhgbjune.xyz/public/scripts/plugins.js?1234
https://s.uicdn.com/permission/
http://qtrweyuiopolkhgbjune.xyz/public/css/themify-icons.css?1234
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-ss&ued=htt
http://vhfkffjddyjunekugjtr.xyz/uripath/m5zigbEwtRm5tbWTabSv7yN/5eir_2B9Vh/aKk3WnUnFcJEuyyua/ARiRkfJ
http://qtrweyuiopolkhgbjune.xyz/public/scripts/vendor/jquery-2.1.4.min.js?1234
https://s.uicdn.com/mailint/9.1693.0/assets/potec.core.min.js
http://stackoverflow.com/questions/181348/instantiating-a-javascript-object-by-calling-prototype-con
http://chartjs.org/
https://onedrive.live.com;Fotos
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
https://s.uicdn.com/mailint/9.1693.0/
https://github.com/moment/moment/issues/1423
http://searchads.msn.net/.cfm?&&kp=1&
https://github.com/chartjs/Chart.js/issues/2435#issuecomment-216718158
http://www.robertpenner.com/easing/
http://qtrweyuiopolkhgbjune.xyz/favicon.ico~
https://github.com/kkapsner/CanvasBlocker
http://qtrweyuiopolkhgbjune.xyz/public/fonts/fontawesome-webfont.eot?
https://www.mail.com/uripath/DB9ETgXe6nwyQsstGrZ/GV_2FFW_2BzS4Z3lw7WHHl/_2FgrzesS8kWd/kKmXQKz_/2Bu6B
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/vector-map/jquery.vmap.sampledata.js?1234
https://dl.gmx.net/permission/oneTrust/
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
https://www.msn.com/de-ch
http://qtrweyuiopolkhgbjune.xyz/public/scripts/lib/vector-map/country/jquery.vmap.world.js?1234
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/zwei-geldautomaten-in-winterthur-gesprengt-und-wei
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html
http://momentjs.com/guides/#/warnings/zone/
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/nur-der-hauptt%c3%a4ter-macht-vor-gericht-noch-aus
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.mail.com/uripath/nSUXVVUM3QAYcgF_2B2Ea/adTih7WzsdeZ450I/pRQFCIZuMLtQrCY/n_2FpSC_2FEou7z1
http://vhfkffjddyjunekugjtr.xyz/uripath/sB8E3aa3L/XDVMq5XKI78tf7sk_2Ff/1uvfkmsySV_2FdyZgAj/rQ7fjQTkCIckO00r17I0Lb/mtwt35TqG8tZy/mDnNoNxk/Tgh2dt2Vdy7GhBOSvB_2FwH/whrBYKDwkz/dpBP4WwDQ4nBFUaXC/fkbG1qJ1BjcB/GFGY_2BTrZf/_2FHH5bo5ZfTaU/YDRNOIWU58cOT9TUrLoQ2/O_2FM.ext
https://www.mail.com/uripath/oyaVX4nPKMnFDPqr7GVs/yF75i8SNoL6_2FQyJ9C/eZEN1CgzwncaTW6N_2Bd7I/W0GAon4
https://img.ui-portal.de/pos-cdn/tracklib/4.3.0/polyfills.min.js
https://dl.mail.com/permission/live/v1/ppp/js/permission-client.js

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_a9d5a877b728a13e15c50ecd0e7e98f7[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\popper.min[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\permission-core.min[1].js	UTF-8 Unicode text, with very long lines	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem5YaGs126MiZpBA-UNirkOUuhv[1].woff	Web Open Font Format, TrueType, length 18784, version 1.1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mem5YaGs126MiZpBA-UN8rsOUuhv[1].woff	Web Open Font Format, TrueType, length 19160, version 1.1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[1].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\magnifier_mailcom[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo_mailcom[1].svg	SVG Scalable Vector Graphics image	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\location[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.vmap.min[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\j_2BaX[1].htm	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\index[1].htm	HTML document, UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\promise.min[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_SKP_1211840846__1v9WbJ7j[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_7af0d8521b250928b908ada3e3eaa449[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_67e22d8aae58f404575f6c0627b07d0b[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\gkYq_2By[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\font-awesome.min[1].css	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e[1].htm	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e46aWlZ[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\core[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\consentpage[1].htm	HTML document, ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\coOMe[1].htm	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKQwiZ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBY7ARN[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBVuddh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBPfCZL[1].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBK9Hzy[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7hg4[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1ftEY0[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB14EN7h[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AArXDyz[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKRxKG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKRKhE[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKRAQ6[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKR5o2[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a9fae059-bbf3-471d-960a-24de9939a567[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKQWGt[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKQWDC[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKQQsL[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKQNcA[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAKQIAR[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AA6SFRQ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\8zZARGC[1].htm	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\4996b9[1].woff	Web Open Font Format, TrueType, length 45633, version 1.0	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\tDbK2oqRg1oM3QBjjcaDkOr4nAfcGA[1].woff	Web Open Font Format, TrueType, length 24712, version 1.1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\styles[1].css	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style[1].css	ASCII text	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85A9899A-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEA9A10B-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A740FA18-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A740FA16-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A040EB83-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A040EB81-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99D19BD0-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99D19BCE-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92DF17F9-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92DF17F7-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C619BE6-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C619BE4-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2d-0e97d4-185735b[1].css	UTF-8 Unicode text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85A98998-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E44528A-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E445288-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74AA9843-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74AA9841-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74AA983F-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{681FC20B-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{681FC209-C964-11EB-90E4-ECF4BB862DED}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\NS7NE3D2\dl.mail[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\KXOGQTB9\www.mail[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\JSQKMQEL\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKRjKI[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\TK3tWkYFABsmjsphPhw[1].woff	Web Open Font Format, TrueType, length 22232, version 1.1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\SlGWmQWMvZQIdix7AFxXmMh3eDs1YQ[1].woff	Web Open Font Format, TrueType, length 26012, version 1.1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBX2afX[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB7gRE[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1dCSOZ[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1cG73h[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1cEP3G[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKrH6O[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKjIOF[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKRxXD[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKRuuY[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKRu2G[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BVYYTV4G\www.msn[1].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKRhEE[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKRB2I[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKR2X8[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKR1C7[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKQTPu[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKQQkJ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKPW0R[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKPJLO[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAKFpl8[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA6wTdK[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5096d619-1503-4dc7-8fad-e2ece705fa8a[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#

2ff0174.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

2ff0174.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

2ff0174.dll