Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://www.salesthroughservice.com

Status: finished
Submission Time: 2019-12-03 09:45:20 +01:00
Malicious
Phishing
Audio Phisher

Comments

Tags

Details

  • Analysis ID:
    193318
  • API (Web) ID:
    284768
  • Analysis Started:
    2019-12-03 09:45:21 +01:00
  • Analysis Finished:
    2019-12-03 09:52:25 +01:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
172.217.23.194
 United States
13.32.171.11
 United States
54.240.168.99
 United States
Click to see the 17 hidden entries
5.11.50.201
 Germany
66.165.243.151
 United States
104.244.42.5
 United States
208.91.196.46
 Virgin Islands (BRITISH)
104.244.42.67
 United States
34.246.39.62
 United States
204.11.56.48
 Virgin Islands (BRITISH)
74.125.133.156
 United States
212.82.235.58
 Germany
95.211.116.27
 Netherlands
151.101.112.157
 United States
172.217.23.198
 United States
216.58.201.66
 United States
13.224.241.26
 United States
31.13.92.36
 Ireland
31.13.92.14
 Ireland
13.224.241.21
 United States

Domains

Name IP Detection
connect.facebook.net
 0.0.0.0
tracking.s24.com
 5.11.50.201
c7-static.myworld.com
 0.0.0.0
Click to see the 36 hidden entries
static.ads-twitter.com
 0.0.0.0
www.facebook.com
 0.0.0.0
c8-static.myworld.com
 0.0.0.0
ad.doubleclick.net
 0.0.0.0
ch-go.kelkoogroup.net
 0.0.0.0
500008592.collect.igodigital.com
 0.0.0.0
tau.collect.igodigital.com
 0.0.0.0
www.salesthroughservice.com
 204.11.56.48
ct.pinterest.com
 0.0.0.0
ch.myworld.com
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
analytics.twitter.com
 0.0.0.0
googleads.g.doubleclick.net
 0.0.0.0
s.pinimg.com
 0.0.0.0
undefined.fls.doubleclick.net
 0.0.0.0
c5-static.myworld.com
 0.0.0.0
r.redirekted.com
 0.0.0.0
ch-go.aws.kelkoo.com
 95.211.116.27
star-mini.c10r.facebook.com
 31.13.92.36
dart.l.doubleclick.net
 172.217.23.198
pagead46.l.doubleclick.net
 216.58.201.66
stats.l.doubleclick.net
 74.125.133.156
s.twitter.com
 104.244.42.67
d11mjubftav2rg.cloudfront.net
 13.224.241.33
tau-collector-2141062151.eu-west-1.elb.amazonaws.com
 34.246.39.62
mace.adrenalads.net
 66.165.243.151
dl2m1dct80d94.cloudfront.net
 13.32.171.77
www.econda-monitor.de
 212.82.235.58
platform.twitter.map.fastly.net
 151.101.112.157
tadzc.com
 208.91.196.46
scontent.xx.fbcdn.net
 31.13.92.14
t.co
 104.244.42.5
d232k1s456je4a.cloudfront.net
 13.32.171.122
pagead.l.doubleclick.net
 216.58.201.66
dpszz76mhifac.cloudfront.net
 54.240.168.99
www.google.co.uk
 172.217.23.227

URLs

Name Detection
http://search.sify.com/
https://ch.myworld.com/de-ch/musik/weihnachtslieder-cAUD10DCLBM/
https://ch.myworld.com/de-ch/beauty-gesundheit-cO4CPQR4M0K/
Click to see the 97 hidden entries
http://www.soso.com/
https://c5-static.myworld.com/de-ch/dp/pioneer-pioneer-kopfhoerer-ohrumschliessend-kopfband-silber-s
http://www.google.si/
http://purl.or
http://search.nifty.com/
https://c5-static.myworld.com/de-ch/dp/apple-apple-iphone-xr-smartphone-ios-12-128gb-dual-sim-61-liq
http://www.gmarket.co.kr/
http://search.yahoo.co.jp/favicon.ico
http://openimage.interpark.com/interpark.ico
https://c5-static.myworld.com/de-ch/dp/samsung-samsung-galaxy-s10-smartphone-128gm-prism-black-sm-g9
http://busca.orange.es/
http://ch.myworld.com/dp/grundig-grundig-babywaage-digital-weiss-20kg-dp3V0TLJCL62Q/
http://www.ozu.es/favicon.ico
http://uk.search.yahoo.com/
https://sizzlejs.com/
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
http://crl.pki.goog/gsr2/gsr2.crl0?
http://browse.guardian.co.uk/favicon.ico
http://www.pchome.com.tw/favicon.ico
https://c5-static.myworld.com/de-ch/dp/hasbro-hasbro-disney-die-eiskoenigin-2-elsa-puppe-und-nokk-se
https://ch.myworld.com/de-ch/cart6Einkaufswag/de-ch/categoriesgninRoot
http://search.daum.net/favicon.ico
http://www.servicios.clarin.com/
http://www.ceneo.pl/favicon.ico
http://it.search.yahoo.com/
https://undefined.fls.doubleclick.net/activityi;src=undefined;type=pageview;cat=pageview;ord=8110266
http://www.tiscali.it/favicon.ico
http://www.cdiscount.com/
http://www.news.com.au/favicon.ico
https://ch.myworld.com/de-ch/signin
http://ariadna.elmundo.es/
http://service2.bfast.com/
http://search.centrum.cz/favicon.ico
https://c5-static.myworld.com/de-ch/dp/apple-apple-earpods-mit-lightning-connector-mmtn2zma-dp1T7G8V
https://c5-static.myworld.com/de-ch/dp/apple-apple-iphone-xs-smartphone-58-256gb-gold-mt9k2zda-dpD9A
https://ch.myworld.com/de-ch/elektronik/telekommunikation-navigation-cT7OEDL2KS3/?f=1
http://www.iask.com/
http://search.orange.co.uk/favicon.ico
https://c5-static.myworld.com/de-ch/dp/huawei-huawei-mate-20-166-cm-653-zoll-4-gb-128-gb-hybride-dua
https://c7-static.myworld.com/200x200_wmf-miami-cutlery-set-60-piece-12-people-stainless-steel_40005
https://c5-static.myworld.com/de-ch/dp/canon-canon-pixma-mg3650s-tintenstrahl-4800-x-1200-dpi-a4-wla
http://www.target.com/
http://auto.search.msn.com/response.asp?MT=
http://www.twitter.com/
http://cnweb.search.live.com/results.aspx?q=
https://ch.myworld.com/de-ch/elektronik/telekommunikation-navigation-cT7OEDL2KS3/
https://c5-static.myworld.com/de-ch/dp/samsung-samsung-galaxy-a20e-32gb-blau-sm-a202fzbddbt-dp1C9G8Q
https://sk.myworld.com/sk-sk/elektronika/telekomunikacia-a-navigacia-cT7OEDL2KS3/
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://www.reddit.com/
https://c8-static.myworld.com/HB-Xmas-Music.jpg
http://msk.afisha.ru/
https://ch.myworld.com/de-ch/dp/grundig-grundig-babywaage-digital-weiss-20kg-dp3V0TLJCL62Q/eiss-5117
https://c5-static.myworld.com/de-ch/dp/apple-apple-iphone-8-single-sim-4g-64gb-silber-dp74C32KU3G8H-
https://ch.myworld.com/de-ch/dp/grundig-grundig-babywaage-digital-weiss-20kg-dp3V0TLJCL62Q/bGrundig
http://tadzc.com/trf?&o=yDN7Lp83nrOBtPAPgNeWKslRGt3m6VUhncTox6KfKEg21%2FWKEItdp14EVAfvczMtXu8MvAil0B
http://img.shopzilla.com/shopzilla/shopzilla.ico
https://github.com/twbs/bootstrap/graphs/contributors)
https://ch-go.kelkoogrm/redirect?redirect_id=5c2082f80453b80098d92e67c178237f&request_id=eeccb735a53
https://ch.myworld.com/s
https://ch.myworld.com/de-ch/haushalt-wohnen/ruehrer-cNQ5T6PKSOB/
http://in.search.yahoo.com/
http://unifwd.com/?&fp=wz%2FiZMxtCGDhtBYQZ3FUkUQ2KEyR23SqBOA0qVnIb%2BS8DitV5lzhW7zODR66bTWwSolEVVHVn
http://fr.search.yahoo.com/
https://c5-static.myworld.com/de-ch/dp/steba-steba-rc-18-multi-raclette-stein-guss-631800-dpVCQ9L2S6
http://www.dailymail.co.uk/
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://search.chol.com/favicon.ico
http://r.redirekted.com/redirect?redirect_id=5c2082f80453b80098d92e67c178237f&request_id=eeccb735a53
http://search.msn.co.jp/results.aspx?q=
http://sads.myspace.com/
http://www.amazon.de/
https://c5-static.myworld.com/de-ch/dp/medisana-medisana-bu-535-voice-oberarm-blutdruckmessgeraet-we
http://search.auction.co.kr/
http://www.google.it/
https://www.myworld-solutions.com/de/karriere
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
https://pki.goog/repository/0
http://ocsp.pki.goog/gsr202
http://buscar.ozu.es/
https://ch-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1575333225110&.sig=PBlnoUzXIQxsTslhYJ4K.GYmN1
https://c7-static.myworld.com
https://ch.myworld.com/de-ch/register?sho
https://c5-static.myworld.com/de-ch/dp/jbl-jbl-e65btnc-bluetooth-on-ear-kopfhoerer-dpMGPNFAVEIGI-ce1
https://c5-static.myworld.com/de-ch/dp/apple-apple-iphone-8-space-grau-64gb-dpNVC1PCHO3ME-cc42c03d8d
http://ocsp.pki.goog/gts1o10
http://cgi.search.biglobe.ne.jp/favicon.ico
http://search.hanafos.com/favicon.ico
http://it.search.dada.net/favicon.ico
http://www.etmall.com.tw/favicon.ico
https://c5-static.myworld.com/de-ch/dp/coocaa-coocaa-fhd-tv-40-schwarz-40e2011g-dpH10HDIV7G1Q-ce1cc0
http://www.ya.com/favicon.ico
https://si.myworld.com/sl-si/elektronika/telekomunikacije-in-navigacija-cT7OEDL2KS3/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\BRL6TZZN.htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff
 Web Open Font Format, TrueType, length 79612, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\signin[1].htm
 HTML document, ASCII text, with CRLF line terminators
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\refresh_2x[1].png
 PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\recaptcha__en[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\px[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\pioneer-pioneer-kopfhoerer-ohrumschliessend-kopfband-silber-se-mj561bt-s-dpT4D3F5TFV06-ce1cc03fd3-200-200-1[1].jpg
 PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\myWorldIcons-c4fa55da236891009f89e0d0dae88ad3[1].eot
 Embedded OpenType (EOT), family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\mastercard-5049426e05b50bf78dc1120b55dd1df2[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\main.532239b0[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\k_ENHcAdvWMusQstYAe8LD_KT_RDO19uAnElGePxQ9I[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\grundig-grundig-babywaage-digital-weiss-20kg-dp3V0TLJCL62Q[1].htm
 HTML document, UTF-8 Unicode text, with very long lines, with CR, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\grundig-grundig-babywaage-digital-weiss-20kg-dp3V0TLJCL62Q-9f17d924daed1b-570-420-1[1].jpg
 PNG image data, 570 x 420, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\tr[2].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\fbevents[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\de-ch[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\categories[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bframe[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\apple-apple-iphone-x-64gb-spacegrau-mqac2zda-dpVPNPTU2CMBH-cc42c03d8d-175-175-1[1].jpg
 PNG image data, 175 x 175, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\api[2].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\api[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\anchor[1].htm
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\adren[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\adren.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\OpenSans-LightItalic-c8fc97c5f6888e68185cbc9e9a0c3da7[1].woff
 Web Open Font Format, TrueType, length 56968, version 0.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\KIRTARYO.htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\OpenSans-ExtraBold-742e622f7480eba4eb865fc7b00abaca[1].woff
 Web Open Font Format, TrueType, length 61864, version 0.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\go[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ga-audiences[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\fbevents[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\cart[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\aquabeads-aquabeads-kuenstlerkoffer-design-set-fuer-kinder-1200-perlen-79328-dp71G2QKVVUKE-ce1cc03fd3-200-200-1[1].jpg
 PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\api[2].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\api[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\adsct[1].js
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\adsct[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\activityi;src=undefined;type=pageview;cat=pageview;ord=667105789043;gtm=2wgav9;auiddc=1037913923.1575395198;u1=undefined;u2=_de-ch_;~oref=https___ch.myworld[1].htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\activityi;src=undefined;type=pageview;cat=pageview;ord=441335735290;gtm=2wgav9;auiddc=1037913923.1575395198;u1=undefined;u2=_de-ch_cart;~oref=https___ch.myworld[1].htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\OpenSans-ExtraBoldItalic-0a9ecb5f25005bf5e7a3f3f2bb51ca80[1].woff
 Web Open Font Format, TrueType, length 57268, version 0.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\tr[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\OpenSans-Bold-59f959c7d13b50f2a76905f39f51a870[1].woff
 Web Open Font Format, TrueType, length 62140, version 0.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\HB-BlackFriYEAH-DE[1].gif
 GIF image data, version 89a, 1920 x 350
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\HB-Baking[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x350, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\775577123[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\v3[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\uwt[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\track_page_view[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\tr[6].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\tr[5].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\tr[4].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\HB-Xmas-Music[1].jpg
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ec[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\beats-by-dr-dre-beats-by-dr-dre-studio3-over-ear-kopfhoerer-bluetooth-matt-schwarz-mq562zma-dp6N9O0AB8JOH-ce1cc03fd3-200-200-1[1].jpg
 PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\apple-apple-iphone-xs-max-smartphone-65-64gb-gold-mt522zda-dpFVN0AUK358P-cc42c03d8d-175-175-1[1].jpg
 PNG image data, 175 x 175, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\api[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\activityi;src=undefined;type=pageview;cat=pageview;ord=2366506041172;gtm=2wgav9;auiddc=1037913923.1575395198;u1=undefined;u2=_de-ch_checkout_signin;~oref=https___ch.myworld[1].htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\X1BBCHTE.htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\REZAYS9Y.htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOmCnqEu92Fr1Mu4mxP[1].ttf
 TrueType Font data, 18 tables, 1st "GDEF"
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf
 TrueType Font data, 18 tables, 1st "GDEF", 3344 names, language 0x301, type 45066 string
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\676662152747982[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\f[2].txt
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF3C0DD8-15F4-11EA-AADB-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4A5C1FA-15F4-11EA-AADB-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4A5C1F8-15F4-11EA-AADB-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\ch.myworld[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\HB-Skywalker_DE[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x350, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\676662152747982[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\5TY6ZLLS.htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\4RB0LYVT.htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\v3[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\track_page_view[3].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\track_page_view[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[7].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[5].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[3].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tr[2].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\www.google[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\telekommunikation-navigation-cT7OEDL2KS3[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\styles__ltr[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\signin[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\myworld-com-e5cdbd3a1341a8ec2248c824fcc79980[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\medisana-medisana-bu-535-voice-oberarm-blutdruckmessgeraet-weiss-51178-dpCTPA6R4UK1S-9f17d924daed1b-570-420-3[1].jpg
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\logo_48[1].png
 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jbl-jbl-e65btnc-bluetooth-on-ear-kopfhoerer-dpMGPNFAVEIGI-ce1cc03fd3-200-200-1[1].jpg
 PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\huawei-huawei-p-smart-2019-blau-dpKJELP74V115-cc42c03d8d-175-175-1[1].jpg
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gtm[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\grundig-grundig-babywaage-digital-weiss-20kg-dp3V0TLJCL62Q-9e16c068dc-50-70-1[1].jpg
 PNG image data, 50 x 71, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\fbevents[1].js
 ASCII text, with very long lines
 #