c9.dll

Status: finished

Submission Time: 2021-10-07 16:15:13 +02:00

Malicious

Trojan

Ursnif

Comments

Details

Analysis ID:
498883
API (Web) ID:
866455
Analysis Started:

2021-10-07 16:18:47 +02:00
Analysis Finished:

2021-10-07 16:32:31 +02:00
MD5:
c9cd971a083303b1b7c4c912f8739f6b
SHA1:
25fc199dbb5a7c0a71dfa8f430d8f09d09c0326d
SHA256:
96defacb7096fc81b809c4b0e427399cb2f7da2fb7eb278dd676785a8a476181
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
	Full Report Management Report IOC Report	malicious Score: 88	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP	Country	Detection
87.106.18.141	Germany
104.26.3.70	United States
216.58.215.226	United States
Click to see the 10 hidden entries
3.127.209.187	United States
76.223.111.131	United States
151.101.1.44	United States
104.26.7.139	United States
104.20.185.68	United States
18.156.0.31	United States
35.244.174.68	United States
18.184.201.8	United States
172.217.168.38	United States
185.29.132.241	United Kingdom

Domains

Name	IP	Detection
api10.laptok.at	87.106.18.141
id.rlcdn.com	35.244.174.68
match.adsrvr.org	0.0.0.0
Click to see the 26 hidden entries
cvision.media.net	0.0.0.0
pixel.advertising.com	0.0.0.0
sync.mathtag.com	0.0.0.0
web.vortex.data.msn.com	0.0.0.0
img.img-taboola.com	0.0.0.0
ups.analytics.yahoo.com	0.0.0.0
srtb.msn.com	0.0.0.0
ad.doubleclick.net	0.0.0.0
www.msn.com	0.0.0.0
x.bidswitch.net	0.0.0.0
geolocation.onetrust.com	104.20.185.68
prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud	18.156.0.31
pixel-origin.mathtag.com	185.29.132.241
btloader.com	104.26.7.139
lg3.media.net	95.100.216.34
hblg.media.net	95.100.216.34
cm.g.doubleclick.net	216.58.215.226
elb-aws-fr-bruges-621602890.eu-central-1.elb.amazonaws.com	3.127.209.187
cs.media.net	95.100.216.34
contextual.media.net	95.100.216.34
ad-delivery.net	104.26.3.70
windowsupdate.s.llnwi.net	178.79.242.128
a97adde81b00f2ca4.awsglobalaccelerator.com	76.223.111.131
prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud	18.184.201.8
tls13.taboola.map.fastly.net	151.101.1.44
dart.l.doubleclick.net	172.217.168.38

URLs

Name	Detection
http://api10.laptok.at/api1/vcA0O3WPGnQgQOgmZF/_2FEMTJNH/erT8pAgL94iyg0QnSDs4/tF67e4iCqPFCwhTcyrL/52_2B_2BcPsTzSbd1llCdD/ZkNNF2cncA9XY/3_2BIi6C/H91C6tOMyng3uLUQeGWT6J6/j_2BQqOmyJ/sgWrxLykMWFajBZ62/tiwu_2Bleg5Y/3ODf0koCu30/inb_2Bah3KNq1n/fEvEAIuh_2FgMWpEfxDKP/e5bzrfbMyOWi_2Br/qr4SjrC797UY1dW/_2FynXROO34PZ3JC62/akz42HCrt/_2B8jaBnhM_2F2ymPrmX/yps30gw8ZnZS8JvDVQW/WFIuNMub/F
http://api10.laptok.at/api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/nehUVbDEZih/YkDTsvTp3bYb8i/Kr6QeLqvadIsIs9pFukgL/OMDZLo4EFNLTVlQB/mKd2X3KJYAV3yVi/tdKjp4kt4yuYorXyBG/KNEUm6r2X/1LVNKB3ak_2Bz2y79hi5/ldIw1qOdPKTHg5FPpv_/2FZlNGmh0NUukUFKfkxwRB/hAGRbgGMkRs0W/Sja4JDzR/Typ_2FEqqGLQtFoEBaUfObX/k5DqE7Fqcl/ITzT4jdSj7c8BXUAG/ZqSRTC99eEQu/fB3yRofhVGR/HGnlb
http://api10.laptok.at/favicon.ico
Click to see the 97 hidden entries
http://api10.laptok.at/api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/nehUVbDEZih/YkDTsvTp3bYb8i/Kr6QeLqvadIsIs9pFukgL/OMDZLo4EFNLTVlQB/mKd2X3KJYAV3yVi/tdKjp4kt4yuYorXyBG/KNEUm6r2X/1LVNKB3ak_2Bz2y79hi5/ldIw1qOdPKTHg5FPpv_/2FZlNGmh0NUuq8aAo8LNJZ/wnXLcICktJOE5/BE2w0kMW/QOYuG2fkU6GX4EAYMrqGuqg/isDTO90LCo/1CJYfHJHGn0nJOZZW/Ng_2B8t
http://api10.laptok.at/api1/ksE8rF5AGsnlH/fbLwQ3Lg/XhcZ8P1h_2Bo0_2BrjHAua5/e46Fw12wZ1/j1YBnIEVwMT0HVp4T/_2FSBVel_2BD/Mtuel1zuDld/8eZOKx2Uzqu7_2/B_2BIcRwCeM2BicM_2BIQ/dnUyI3L91KPOSGJF/REFJoC3NQRoXeRu/EUZgiBW5ykWpIixdja/XweS77_2F/YWVjXghErokmvPqxa1Ga/uF4H7dLvfoa5oaEuK7a/9t8Dhet7EJ2ycRjwV5Nh_2/FAcOKR5tjq4Mj/G592BKqi/FiGVSjGAGKhk57Y2OuTtOf7/wQ8JLEs_2B/SWOdJq12ovpP6_2Fy/QhV2Hdk6yUx_/2FiSux_2F/gXZMkf
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
http://www.amazon.com/
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F42912d3264942cf3a1683ef85b453901.jpg
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F229da042318840c2bedb0d7d4a629da7.jpg
https://www.skype.com/de/download-skype
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://www.msn.com/de-ch/nachrichten/schweiz/bund-registriert-erneut-weniger-neue-corona-ansteckung
https://www.msn.com/de-ch/news/other/schulleitung-warnt-eltern-vor-lebensbedrohlichem-ohnmacht-spiel
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2766180096684126000V10
https://www.msn.com/de-ch/news/other/spezialisten-suchen-mit-sonarsonde-in-200-metern-tiefe-nach-ver
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
http://ogp.me/ns#
https://cdn.cookielaw.org/vendorlist/iabData.json
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://www.msn.com/de-ch/homepage/api/modules/fetch"
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
https://www.msn.com/de-ch/news/other/die-araberinnen-und-araber-kehren-zur%c3%bcck/ar-AAPbaLO?ocid=h
http://api10.laptok.at/api1/ksE8rF5AGsnlH/fbLwQ3Lg/XhcZ8P1h_2Bo0_2BrjHAua5/e46Fw12wZ1/j1YBnIEVwMT0HV
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://www.msn.com/de-ch/?ocid=iehp
https://onedrive.live.com/?qt=mru;Aktuelle
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2766180096684126000V10&verify=true
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
http://www.twitter.com/
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fconsole.brax-cdn.com%2Fcreatives%2Fe3c5e00c-8d4e-4ffb-9b76-5a7c81cdd776%2F77745de3383e60a935ce533068c740ef_1000x600_e4825edea4eb82408ffb2966288c972c.png
https://cm.g.doubleclick.net/pixel?cs=1&google_nid=media&google_cm=1&google_hm=Mjc2NjE4MDA5NjY4NDE3MzAwMFYxMA%3D%3D&google_sc=1
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
https://outlook.com/
https://cdn.cookielaw.org/vendorlist/googleData.json
https://pixel.advertising.com/ups/58222/sync?_origin=1&uid=2766180096684126000V10
http://api10.laptok.at/api1/cjCx3CFNwvfHfzzFXMAZfSp/akD8HpiwLw/Xmf8SltrkZwIskxdD/LQq0Dq4H6kbK/n
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://pixel.advertising.com/ups/58222/sync?_origin=1&uid=2766180096684126000V10&verify=true
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1
https://secure.adnxs.com/clktrb?id=762232
https://btloader.com/tag?o=6208086025961472&upapi=true
https://www.msn.com/de-ch/news/other/mann-54-wird-von-wurzelstock-getroffen-und-kommt-ums-leben/ar-A
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F06ad29ca279ef6d1a1d51484867ed930.jpg
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://outlook.live.com/mail/deeplink/compose;Kalender
https://www.msn.com/de-ch/news/other/was-passierte-nur-drei-minuten-nach-dem-start/ar-AAP7LCM?ocid=h
https://www.msn.com/de-ch/news/other/auto-nach-unfall-mit-milit%c3%a4rblachen-abgedeckt/ar-AALgoO8?o
http://ogp.me/ns/fb#
http://www.reddit.com/
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
http://api10.laptok.at/api1/vcA0O3WPGnQgQOgmZF/_2FEMTJNH/erT8pAgL94iyg0QnSDs4/tF67e4iCqPFCwhTcyrL/52
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://www.msn.com/de-ch/sport?ocid=StripeOCID
https://onedrive.live.com;Fotos
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
https://www.msn.com/de-ch/finanzen/nachrichten/schweizer-arbeitsmarkt-auf-dem-weg-zum-vorkrisennivea
https://contextualtag.media.net
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
http://searchads.msn.net/.cfm?&&kp=1&
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
https://id.rlcdn.com/710489.gif
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://twitter.com/i/notifications;Ich
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
https://www.msn.com/de-ch
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
http://www.youtube.com/
https://www.msn.com/de-ch/
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://www.msn.com/de-ch/nachrichten/regional
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562
https://www.skype.com/
https://www.msn.com/de-ch/news/other/gericht-verurteilt-mehrfachen-raser-zu-30-monaten-freiheitsstra

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB1cG73h[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otBannerSdk[1].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\http___cdn.taboola.com_libtrc_static_thumbnails_42912d3264942cf3a1683ef85b453901[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\cksync[1].gif	GIF image data, version 87a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[5].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[4].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[3].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[2].htm	HTML document, ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\cfdbd9[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\a8a064[1].gif	GIF image data, version 89a, 28 x 28	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\a5ea21[1].ico	PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BBJrII1[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB7hjL[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\2a816201-f959-4e73-b937-c8856613c1b1[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB14hq0P[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB116fUs[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPatbE[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAParbZ[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPanHn[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPan0r[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPaajT[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPaLRV[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPaF44[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPaEgA[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPaEWW[2].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAPawMj[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nrrV72800[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\location[1].js	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\https___prezna.com_get_XX2-4159422330900454935[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\https___console.brax-cdn.com_creatives_e3c5e00c-8d4e-4ffb-9b76-5a7c81cdd776_77745de3383e60a935ce533068c740ef_1000x600_e4825edea4eb82408ffb2966288c972c[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\favicon[1].ico	MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\cksync[1].gif	GIF image data, version 87a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\auction[2].htm	HTML document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBkwUr[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBY7ARN[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BBVuddh[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1aXBV1[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AArXDyz[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPaEWW[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAPajmd[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAP9B2S[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAP5ZJ9[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOxXYp[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOUgfd[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AANuZgF[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AANf6qa[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AALnEih[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AA6wTdK[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\52-478955-68ddb2ab[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\2d-0e97d4-185735b[1].css	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAP9r3b[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAP9FFk[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAP7w5W[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAMqFmF[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\55a804ab-e5c6-4b97-9319-86263d365d28[1].json	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\17-361657-68ddb2ab[1].js	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat	data	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPa34D[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B5838B5-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{533A88BC-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{533A88BA-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A968DB9-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F195E5E-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{14D0D766-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{14D0D764-27C5-11EC-90E5-ECF4BB570DC9}.dat	Microsoft Word Document	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\QALADACS\contextual.media[1].xml	ASCII text, with very long lines, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB7hg4[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAP9No8[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOZtDm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAOSsrG[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\tag[1].js	ASCII text, with very long lines	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\px[1].gif	GIF image data, version 89a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otTCF-ie[1].js	UTF-8 Unicode text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otPcCenter[2].json	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-2.1.1.min[2].js	ASCII text, with very long lines, with CRLF line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\http___cdn.taboolasyndication.com_libtrc_static_thumbnails_89b2a2c406225ac19893953e2f531377[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\cksync[1].gif	GIF image data, version 87a, 1 x 1	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBXXVfm[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBPfCZL[2].png	GIF image data, version 89a, 50 x 50	#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.msn[2].xml	ASCII text, with no line terminators	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB6Ma4a[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1fdtSt[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1cEP3G[1].png	PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1aQdUI[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB15AQNm[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPasOE[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPaom7[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPajQ1[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPadFc[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPaEqq[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPaBK0[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3	#

c9.dll

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

c9.dll Options

Comments

Tags

Available tags:

Details

Joe Sandbox

Third Party Analysis Engines

IPs

Domains

URLs

Dropped files

Search started

c9.dll