flash

securezza.dll

Status: finished
Submission Time: 14.09.2020 09:44:35
Malicious
E-Banking Trojan
Trojan
Ursnif

Comments

Tags

Details

  • Analysis ID:
    284952
  • API (Web) ID:
    465085
  • Analysis Started:
    14.09.2020 09:44:36
  • Analysis Finished:
    14.09.2020 09:52:13
  • MD5:
    a10412b880220330765f842c76631073
  • SHA1:
    94f92241acef218e9a9ca287e0ec1ba95416dc91
  • SHA256:
    e683390a3c835318f88fce66779c0b424f6097db580aa541ee45e99174130347
  • Technologies:
Full Report Engine Info Verdict Score Reports

System: w10x64 Windows 10 64 bit v1803 with Office Professional Plus 2016, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
68/100

IPs

IP Country Detection
104.20.185.68
United States
143.204.215.120
United States
89.111.132.22
Russian Federation
Click to see the 2 hidden entries
23.57.80.37
United States
151.101.1.44
United States

Domains

Name IP Detection
contextual.media.net
23.57.80.37
web.fromtheeast.org
89.111.132.22
tls13.taboola.map.fastly.net
151.101.1.44
Click to see the 10 hidden entries
hblg.media.net
23.57.80.37
lg3.media.net
23.57.80.37
d3pypcxb49gfy9.cloudfront.net
143.204.215.120
geolocation.onetrust.com
104.20.185.68
web.vortex.data.msn.com
0.0.0.0
www.msn.com
0.0.0.0
dvision.media.net
0.0.0.0
srtb.msn.com
0.0.0.0
pop5334.yahoo.com
0.0.0.0
img.img-taboola.com
0.0.0.0

URLs

Name Detection
https://www.msn.com/de-ch/news/other/am-%c3%bcetliberg-m%c3%bcssen-%c3%bcber-400-b%c3%a4ume-weichen-
https://onedrive.live.com/about/en/download/
http://popup.taboola.com/german
Click to see the 92 hidden entries
https://amzn.to/2TTxhNg
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://client-s.gateway.messenger.live.com
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://fluege.msn.com/de-ch/flugsuche
https://clk.tradedoubler.com/click?p=295926&a=3064090
https://twitter.com/
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-verticals-shoppinghub
http://web.fromtheeast.org/images/JNcycfcYGC/x3zrL3MAIr3Gjli5e/UEwy8zKGNt_2/BfOM6IZBYEq/kp5KPov8vYEG
https://twitter.com/i/notifications;Ich
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://www.msn.com/de-ch/news/other/der-holocaust-%c3%bcberlebende-eduard-kornfeld-sprach-f%c3%bcr-
http://www.msn.com/de-ch
https://outlook.live.com/calendar
https://clk.tradedoubler.com/click?p=245744&a=3064090url(https://store.hp.com/SwitzerlandStore/M
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
http://www.msn.com/de-ch/?ocid=iehp
https://onedrive.live.com/#qt=mru
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://www.msn.com/de-ch/news/other/neunj%c3%a4hriger-stirbt-nach-sturz-durch-sonnensegel/ar-BB18Zx
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://support.skype.com
http://www.msn.com/de-ch/
http://www.youtube.com/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
http://ogp.me/ns#
http://pop5334.yahoo.com/images/S17n2g_2B/PB2FoioOm7X8wKuwElCE/40A5DfuQCZRWJiEtMo4/n_2FenlBzXvtjiCgD
http://www.wikipedia.com/
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
http://www.live.com/
http://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
https://onedrive.live.com/?qt=mru;OneDrive-App
https://www.skype.com/de
https://login.skype.com/login/oauth/microsoft?client_id=738133
http://www.msn.com/de-ch/homepage/api/modules/fetch"
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
http://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsbu
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://www.skype.com/de/download-skype
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
http://searchads.msn.net/.cfm?&&kp=1&
https://contextual.media.net/medianet.php?cid=8CU157172
https://www.msn.com/de-ch/nachrichten/coronareisen
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com;OneDrive-App
https://onedrive.live.com;Fotos
https://www.msn.com/de-ch/news/other/gc-trainer-pereira-verspricht-wir-werden-noch-viel-besser/ar-BB
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://www.msn.com/de-ch/news/other/auto-kollidiert-frontal-mit-motorroller/ar-BB1906xr?ocid=hploca
http://www.amazon.com/
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
http://ogp.me/ns/fb#
http://www.twitter.com/
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798744
http://web.fromtheeast.org/images/JNcycfcYGC/x3zrL3MAIr3Gjli5e/UEwy8zKGNt_2/BfOM6IZBYEq/kp5KPov8vYEGSs/FnihPtD5NAGfYcRGzjfyg/Nyu2dJtTHWxLVnbz/ogNIpQDcEKkbl0T/EtDqdeBXirm_2Ftm7n/ClnnWCxKw0fIQ3i6I/fBa.avi
https://clk.tradedoubler.com/click?p=220135&a=3064090&url(https://www.lehner-versand.ch/?utm
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-detailh%c3%a4ndler-akzeptieren-maskenpflicht-wolle
https://outlook.com/
https://outlook.live.com/mail/deeplink/compose;Kalender
https://www.msn.com/de-ch/news/other/kaltbl%c3%bctig-und-menschenverachtend-das-bundesstrafgericht-v
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://cdn.cookielaw.org/vendorlist/iabData.json
https://autovermietung.msn.com/de-ch/autovermietung
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://onedrive.live.com/?qt=mru;Aktuelle
http://clkuk.tradedoubler.com/click?p(245744)a(3064090)g(21928104)url(https://store.hp.com/Switzerla
https://www.msn.com/de-ch/news/other/die-z%c3%bcrcher-bahnhofstrasse-ist-zu-teuer-geworden-eines-der
https://contextual.media.net/__media__/pics/8000/72/941/fallback1.jpg
https://web.vortex.data.msn.com/collect/v1
https://www.jumbo.ch/de/saisonal/fruehling?utm_source=microspot_msn_shopping&utm_medium=display&
https://www.msn.com/de-ch/news/other/das-knabenschiessen-f%c3%a4llt-zwar-aus-aber-doch-steht-in-z%c3
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
http://www.reddit.com/
https://www.skype.com/
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
http://www.msn.com/de-ch/?ocid=iehp0
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://www.msn.com/de-ch/news/other/er-spritzte-in-z%c3%bcrich-botox-ohne-bewilligung-jetzt-wehrt-s
https://www.msn.com/de-ch/nachrichten/regional
http://www.nytimes.com/
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://onedrive.live.com/?qt=allmyphotos;Aktuelle

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\M5KI3IBJ\contextual.media[1].xml
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\MKWCDBD6\www.msn[1].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AF38737B-F6A9-11EA-90E2-ECF4BB862DED}.dat
Microsoft Word Document
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF38737D-F6A9-11EA-90E2-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E24BC3B8-F6A9-11EA-90E2-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF8E220B-F6A9-11EA-90E2-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\41-0bee62-68ddb2ab[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA3DGHW[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA6wTdK[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AAuTnto[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB15AQNm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB18ZEBH[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB18ZFiV[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB18ZMbd[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB190jCu[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB190sJD[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBVuddh[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBZhOm9[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBih5H[1].png
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBnYSFZ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\auction[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\b93e9132-e670-4998-95ce-f937ea9eeb4b[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\c0aac851-c15e-4fa8-9d18-98b3f3673d98[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[2]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e151e5[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fcmain[1].js
HTML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_381d5d450bf8d84d42edbaf89d57b8ab[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_80a4841ecf0f0a3a7f834dc0c85119ac[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_b5c8971274fca2c4642367914c0fbc36[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1010-CH-man_insurance_card-1200x800_e5cae55c184e36be3ef62b747f992e17[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1260-swiss-hand-card-1000x600-health-swiss-v12_1000x600_94b3af0fe59504dfcc81acb37e63aab8[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\https___console.brax-cdn.com_creatives_d166bdcc-25a7-46f9-9569-be6743c08c1c_7-haustu_r-schild_1000x600_5c880f5b213b32895fc2ebfb544ee187[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\https___mk0prostashopchi22ne.kinstacdn.com_wp-content_uploads_2020_01_prostashop-ratgeber-1024x512[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\medianet[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\nrrV49305[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\58-acd805-185735b[1].css
UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\85-0f8009-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AA7XCQ3[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB10MkbM[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB14EN7h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB15nooa[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB16g6qc[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18X7jM[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18Y6fm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18YQ8h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18Z90d[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 522x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18ZBCl[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18ZWWE[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18Zemg[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18ZfgX[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18ZlDV[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB18qTPD[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB19013V[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1909x7[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB190sLN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB190vsP[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB5zDwX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBPfCZL[1].png
GIF image data, version 89a, 50 x 50
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBX2afX[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBZ3zrM[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\https___s3.eu-central-1.amazonaws.com_ad-uploads-long_1_855e0304-2ddb-44f1-82e4-b88c25215faa[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\iab2Data[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-2.1.1.min[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\755f86[1].png
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AAJe2XO[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AAyuliQ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB15OFL1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18A9An[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18S6v6[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18TIig[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18ZYIU[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18Zfmq[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18ZltW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB18Zmx1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1901Dg[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB190Az8[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB190cUe[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB190eL1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB190iz2[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
#