Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

5f291fa0130fcrar.dll

Status: finished
Submission Time: 2020-08-04 10:45:11 +02:00
Malicious
E-Banking Trojan
Trojan
Ursnif

Comments

Tags

Details

  • Analysis ID:
    256712
  • API (Web) ID:
    408903
  • Analysis Started:
    2020-08-04 11:30:24 +02:00
  • Analysis Finished:
    2020-08-04 11:40:07 +02:00
  • MD5:
    f0304ee58f03535dd42083fb42263af9
  • SHA1:
    6051a01f48d386f1a31584b57e189e01d368dd48
  • SHA256:
    346b977e05b99881c7ec168c2fa0b68f84ec633d764eb52dd9795e372f45b1b4
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
212.124.124.71
 Russian Federation
205.185.208.79
 United States
205.185.208.142
 United States
Click to see the 16 hidden entries
172.217.18.66
 United States
3.126.56.137
 United States
67.43.239.172
 Canada
74.117.181.156
 United States
151.101.1.44
 United States
172.253.120.156
 United States
192.229.221.215
 United States
66.254.114.238
 United States
172.217.18.67
 United States
64.210.135.70
 United States
66.254.114.32
 United States
89.187.165.7
 Czech Republic
66.254.114.38
 United States
52.28.239.147
 United States
192.229.221.206
 United States
35.244.245.222
 United States

Domains

Name IP Detection
vz-cdn.trafficjunky.net
 0.0.0.0
prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
 3.126.56.137
www.google.ch
 172.217.18.67
Click to see the 44 hidden entries
www.microsoftstore.com
 0.0.0.0
srtb.msn.com
 0.0.0.0
hw-cdn2.adtng.com
 0.0.0.0
www.redtube.com
 0.0.0.0
ups.analytics.yahoo.com
 0.0.0.0
img.img-taboola.com
 0.0.0.0
assets.onestore.ms
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
web.vortex.data.msn.com
 0.0.0.0
ads.trafficjunky.net
 66.254.114.38
c.d1272serve.xyz
 0.0.0.0
ht.redtube.com
 0.0.0.0
cm.g.doubleclick.net
 0.0.0.0
pixel.advertising.com
 0.0.0.0
static.trafficjunky.com
 0.0.0.0
www.msn.com
 0.0.0.0
ci.rdtcdn.com
 0.0.0.0
cdn1d-static-shared.phncdn.com
 0.0.0.0
mem.gfx.ms
 0.0.0.0
ei.rdtcdn.com
 0.0.0.0
cvision.media.net
 0.0.0.0
stats.l.doubleclick.net
 172.253.120.156
redtube.com
 66.254.114.238
contextual.media.net
 23.54.113.52
vip0x04f.ssl.rncdn5.com
 205.185.208.79
hubtraffic.com
 66.254.114.32
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
 168.63.67.155
statoffbal.com
 67.43.239.172
pagead.l.doubleclick.net
 172.217.18.66
id.rlcdn.com
 35.244.245.222
n1272serv.xyz
 212.124.124.71
vip0x08e.ssl.rncdn5.com
 205.185.208.142
cs742.wpc.rncdn4.com
 192.229.221.215
tls13.taboola.map.fastly.net
 151.101.1.44
f1272serve.xyz
 74.117.181.156
prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
 52.28.239.147
microsoftwindows.112.2o7.net
 15.236.9.100
cs733.wpc.rncdn4.com
 192.229.221.206
cs.media.net
 23.54.113.52
1664333679.rsc.cdn77.org
 89.187.165.7
hblg.media.net
 23.54.113.52
ei.rdtcdn.com.sds.rncdn7.com
 64.210.135.68
a.adtng.com
 216.18.168.166
lg3.media.net
 23.54.113.52

URLs

Name Detection
https://pexi.nl/privacy-policy/
https://www.nextroll.com/privacy
http://www.turboadv.com/white-rabbit-privacy-policy/
Click to see the 97 hidden entries
http://www.msn.com/de-ch/homepage/api/modules/fetch"
https://cdn1d-static-shared.phncdn.com/timings-1.0.0.js
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202007/23/34406511/original/9.webp
https://collector.brandmetrics.com/brandmetrics_privacypolicy.pdf
https://ei.rdtcdn.com/m=eah-8f/media/videos/202007/16/34055211/original/3.jpg
https://de.redtube.com/
https://www.marfeel.com/privacy-policy/
https://www.bidtellect.com/privacy-policy/
https://ei.rdtcdn.com/m=bIijsHVg5p/media/videos/201512/29/1421156/original/5.webp
https://anzu.io/privacy/
https://jp.redtube.com/
https://ei.rdtcdn.com/m=ejrk8f/media/videos/201607/08/1640276/original/10.jpg
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/202007/30/34635121/original/3.jpg
https://www.iotecglobal.com/privacy-policy/
https://ei.rdtcdn.com/m=eah-8f/media/videos/201811/13/11761001/original/12.jpg
https://www.mrpfd.com/privacy-policy/
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/201811/28/11908801/original/1.webp
https://sanoma.fi/tietoa-meista/tietosuoja/
https://ei.rdtcdn.com/www-static/cdn_files/redtube/js/generated/pc/video-index.js?v=562bcfa9d6c5e568
https://www.sift.co/privacy
https://permodo.com/de/privacy.html
https://cw.rdtcdn.com/media/videos/201909/15/21784001/360P_360K_21784001_fb.mp4
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.doubleverify.com/privacy/
https://www.businessclick.com/documents/RegulaminProgramuBusinessClick-2019.pdf
https://www.ad6media.fr/privacy
https://www.oan.pl/en/privacy-policy
https://ci.rdtcdn.com/m=eGJF8f/media/videos/201811/19/11820191/original/12.jpg
https://www.beeswax.com/privacy/
https://viralize.com/privacy-policy
https://www.bannerflow.com/privacy
https://cw.rdtcdn.com/media/videos/201811/13/11761001/190523_0011_360P_360K_11761001.mp4
https://clk.tradedoubler.com/click?p=220135&a=3064090&url(https://www.lehner-versand.ch/?utm
https://n1272serv.xyz/impression.gif?b=7644&p=109&c=540&h=6eaffd7b4597808539ecb0dd92653340&l=CH&sh=8
https://www.etahub.com/trackn?app_id=
http://www.twitter.com/
https://somoaudience.com/legal/
https://cw.rdtcdn.com/media/videos/202007/21/34339461/360P_360K_34339461.mp4
http://www.bucksense.com/platform-privacy-policy/
https://www.smartology.net/privacy-policy/
https://onedrive.live.com;OneDrive-App
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://cw.rdtcdn.com/media/videos/202007/26/34507361/360P_360K_34507361_fb.mp4
https://www.vistohub.com/privacy-policy/
https://impressiondesk.com/privacy-policy/
https://www.msn.com/de-ch/news/other/gc-debakel-gegen-winterthur-vaduz-darf-in-die-barrage/ar-BB17tn
https://www.emodoinc.com/privacy-policy/
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://www.thetradedesk.com/general/privacy-policy
https://dugout.com/privacy-policy
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://www.aerserv.com/privacy-policy/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201811/19/11820191/original/12.jpg
https://ei.rdtcdn.com/www-static/cdn_files/redtube/images/pc/category/amateur_001.jpg
https://www.exactag.com/en/data-privacy/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202006/08/32451921/original/
https://ci-ph.rdtcdn.com/m=e_rU8f/pics/pornstars/000/002/166/thumb_803502.jpg
https://www.redtube.com/?page=2
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798744
https://www.sunmedia.tv/en/cookies
https://www.goldenbees.fr/en/privacy-charter/
https://onedrive.live.com/about/fr-ch/
https://www.vuble.tv/us/privacy
http://scenestealer.tv/privacy-policy/
https://www.alliancegravity.com/politiquedeprotectiondesdonneespersonnelles
https://ei.rdtcdn.com/m=ejrk8f/media/videos/201708/19/2374575/original/15.jpg
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202007/26/34532851/original/4.webp
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202007/18/34214881/original/15.webp
https://ei.rdtcdn.com/m=bIijsHVg5p/media/videos/201602/12/1478097/original/11.webp
http://readpeak.com/privacy-policy/
https://ci-ph.rdtcdn.com/videos/202006/30/328485052/original/(m=eGJF8f)(mh=TOq2RDlTq9mOGiT3)
https://nexd.com/privacy-policy
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/201811/28/11908801/original/1.webp
https://converge-digital.com/privacy-policy/
http://designer.videojs.com
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202005/25/31922071/original/15.jpg
https://static.trafficjunky.com/invocation/embeddedads/
https://amzn.to/2TTxhNg
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/countries/EU?callback
https://www.mobsuccess.com/en/privacy
https://en.betweenx.com/pdata.pdf
https://www.iponweb.com/privacy-policy/
https://public.arcspire.io/privacy.pdf
https://products.office.com/fr-ch/academic/compare-office-365-education-plans
http://gobrowsi.com/browsi-privacy-policy/
https://www.statsperform.com/privacy-policy/
https://www.improvedigital.com/platform-privacy-policy
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
https://www.keymantics.com/assets/privacy-policy.pdf
https://trg.de/datenschutzerklarung/
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202007/26/34532851/original/4.webp
https://www.iubenda.com/privacy-policy/69056167/full-legal
http://www.skaze.fr/rgpd/
https://www.cpex.cz/pro-uzivatele/ochrana-soukromi/
https://ei.rdtcdn.com/m=bIijsHVg5p/media/videos/201609/20/1723050/original/1.webp
https://ei.rdtcdn.com/m=IbTvgzPf2lWL2yZ9sDZvMCZ9cmWeZlXitnVutnW8sy2fgDHjhn3yJm0aJm48cBVD2BFrZyXqtnZe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nrrV67123[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAJgEdV[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AA3DGHW[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\5[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\41-0bee62-68ddb2ab[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\334671[1].png
 PNG image data, 315 x 300, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1x1clear[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\12-b98955[1].css
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\video-index[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\timings-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\rt_font[1].eot
 Embedded OpenType (EOT), rt_font family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAzb5EX[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mwfmdl2-v3.54[1].woff
 Web Open Font Format, TrueType, length 26288, version 0.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mscc-0.4.2.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mscc-0.4.2.min[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\mg_lazyload-v1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\meCore.min[1].js
 ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\meBoot.min[1].js
 ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ht[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\generated-service_worker_starter-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e151e5[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\default-redtube_logged_out[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17xuBV[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\default-redtube_logged_out[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[2].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ads_test[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\RE4tj4A[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\RE4rriw[1].png
 PNG image data, 40 x 40, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBi9ul[1].png
 PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBZhOm9[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBPfCZL[1].png
 GIF image data, version 89a, 50 x 50
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBK9Hzy[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7gRE[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17xw1v[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dc087976-ae0c-483f-9f8a-53814b128d7e[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17xfSL[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17xJM3[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17xIXh[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17xIME[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17wnOK[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17vwSX[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17vKQj[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17vELR[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB17uXBS[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB16ZGkA[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB14EN7h[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB15AQNm[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB10MkbM[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4996b9[1].woff
 Web Open Font Format, TrueType, length 45633, version 1.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\3[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\NZ1Y5RYC\334681[1].dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB15OFL1[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F735A1E5-D680-11EA-90E0-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7E7DA32-D680-11EA-90E0-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D970C230-D680-11EA-90E0-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE3C360A-D680-11EA-90E0-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE3C3608-D680-11EA-90E0-ECF4BB862DED}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\WLJNY64J\contextual.media[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\JX8G36Q2\www.redtube[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB7hg4[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[2].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\checksync[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cartcount[1].htm
 HTML document, ASCII text, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RE4sQDc[1].png
 PNG image data, 40 x 40, 2-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RE4pndL[1].png
 PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\RE4CFyx[1].wdp
 JPEG-XR
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\MGZG5X34.htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBY7ARN[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBVuddh[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBUE92F[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBIbVOm[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\84YN1M3G\www.msn[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17xv2R[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17xmvo[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17xlvC[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 350x350, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17xiD5[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17xLmg[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17xLkE[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17wsXK[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17woRZ[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17vYhl[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17vJwF[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17gY8e[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
 #